Added server identity check.

author: Remko Tronçon <git@el-tramo.be> 2010-11-10 21:02:12 (GMT)
committer: Remko Tronçon <git@el-tramo.be> 2010-11-11 12:50:12 (GMT)
commit: 91b828a6e94f15c675e03baff4d45a7feb939eb9 (patch)
tree: 2ca432e79b05b58235b0f791fc8e4a6dd0e96db7 /Swiften/Client/ClientSession.cpp
parent: 2fec654b2345ba974b843a0868d580f9c12fdfea (diff)
download: swift-contrib-91b828a6e94f15c675e03baff4d45a7feb939eb9.zip
swift-contrib-91b828a6e94f15c675e03baff4d45a7feb939eb9.tar.bz2
1 files changed, 15 insertions, 3 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index a199a84..9e6db5d 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -37,6 +37,7 @@
 #include "Swiften/SASL/DIGESTMD5ClientAuthenticator.h"
 #include "Swiften/Session/SessionStream.h"
 #include "Swiften/TLS/CertificateTrustChecker.h"
+#include "Swiften/TLS/ServerIdentityVerifier.h"
 
 namespace Swift {
 
@@ -330,16 +331,27 @@ void ClientSession::handleTLSEncrypted() {
 	Certificate::ref certificate = stream->getPeerCertificate();
 	boost::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError();
 	if (verificationError) {
-		if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, localJID.getDomain())) {
+		checkTrustOrFinish(certificate, verificationError);
+	}
+	else {
+		ServerIdentityVerifier identityVerifier(localJID);
+		if (identityVerifier.certificateVerifies(certificate)) {
 			continueAfterTLSEncrypted();
 		}
 		else {
-			finishSession(verificationError);
+			boost::shared_ptr<CertificateVerificationError> identityError(new CertificateVerificationError(CertificateVerificationError::InvalidServerIdentity));
+			checkTrustOrFinish(certificate, identityError);
 		}
 	}
-	else {
+}
+
+void ClientSession::checkTrustOrFinish(Certificate::ref certificate, boost::shared_ptr<CertificateVerificationError> error) {
+	if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, localJID.getDomain())) {
 		continueAfterTLSEncrypted();
 	}
+	else {
+		finishSession(error);
+	}
 }
 
 void ClientSession::continueAfterTLSEncrypted() {
author	Remko Tronçon <git@el-tramo.be>	2010-11-10 21:02:12 (GMT)
committer	Remko Tronçon <git@el-tramo.be>	2010-11-11 12:50:12 (GMT)
commit	91b828a6e94f15c675e03baff4d45a7feb939eb9 (patch)
tree	2ca432e79b05b58235b0f791fc8e4a6dd0e96db7 /Swiften/Client/ClientSession.cpp
parent	2fec654b2345ba974b843a0868d580f9c12fdfea (diff)
download	swift-contrib-91b828a6e94f15c675e03baff4d45a7feb939eb9.zip swift-contrib-91b828a6e94f15c675e03baff4d45a7feb939eb9.tar.bz2