diff options
author | Yann Leboulanger <asterix@lagaule.org> | 2012-01-06 12:45:11 +0400 |
---|---|---|
committer | Yann Leboulanger <asterix@lagaule.org> | 2012-01-06 12:45:11 +0400 |
commit | dc0b0e99f4bb5481c58c911cca5b7cea296e8952 (patch) | |
tree | 2d0f07a33741d863c12e9b64a25d867ea1a14691 | |
parent | c7dbcb3006b812851c896e7e477204bea3e28b23 (diff) |
check ssl certificate against hostname only if we use secured connection. Fixes #7071
-rw-r--r-- | src/common/connection.py | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/src/common/connection.py b/src/common/connection.py index fe4c9e6e6..fe29f6781 100644 --- a/src/common/connection.py +++ b/src/common/connection.py @@ -1315,24 +1315,22 @@ class Connection(CommonConnection, ConnectionHandlers): else: gajim.config.set_per('accounts', self.name, 'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1) - if not check_X509.check_certificate(con.Connection.ssl_certificate, - hostname) and '100' not in gajim.config.get_per('accounts', self.name, - 'ignore_ssl_errors').split(): - txt = _('The authenticity of the %s certificate could be invalid.' - '\nThe certificate does not cover this domain.') % hostname - gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, - error_text=txt, error_num=100, cert=con.Connection.ssl_cert_pem, - fingerprint=con.Connection.ssl_fingerprint_sha1, - certificate=con.Connection.ssl_certificate)) - return True + if not check_X509.check_certificate(con.Connection.ssl_certificate, + hostname) and '100' not in gajim.config.get_per('accounts', + self.name, 'ignore_ssl_errors').split(): + txt = _('The authenticity of the %s certificate could be ' + 'invalid.\nThe certificate does not cover this domain.') % \ + hostname + gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, + error_text=txt, error_num=100, + cert=con.Connection.ssl_cert_pem, + fingerprint=con.Connection.ssl_fingerprint_sha1, + certificate=con.Connection.ssl_certificate)) + return True self._register_handlers(con, con_type) - con.auth( - user=name, - password=self.password, - resource=self.server_resource, - sasl=1, - on_auth=self.__on_auth) + con.auth(user=name, password=self.password, + resource=self.server_resource, sasl=1, on_auth=self.__on_auth) def ssl_certificate_accepted(self): if not self.connection: |