im.pidgin.pidgin: a2bff881971e0dd7954bfd9b1c497325bd5a9fe3

[nosnilmot at pidgin.im]

-----------------------------------------------------------------
Revision: a2bff881971e0dd7954bfd9b1c497325bd5a9fe3
Ancestor: d405bb05611a1e35885016641ead2a767824e5b3
Author: nosnilmot at pidgin.im
Date: 2007-12-23T17:16:14
Branch: im.pidgin.pidgin

Modified files:
        libpurple/certificate.c
        pidgin/win32/nsis/pidgin-installer.nsi
        share/ca-certs/Makefile.am

ChangeLog: 

Add the StartCom Free SSL Certificate Authority certificate (as used by
jabber.org), and change the order of certificate validation checks so that
CA mismatch is detected before name checking. There's still lots of room
for improvement in certificate validation because the first Accept or
Reject overrides any subsequent checks.

-------------- next part --------------
============================================================
--- libpurple/certificate.c	51a0802e6291b38fcf0cb236ec02a721324073f7
+++ libpurple/certificate.c	fff47a7bcf9f34b58a2ef430be402cf97a264d2b
@@ -1280,7 +1280,9 @@ x509_tls_cached_cert_in_cache(PurpleCert
 /* For when we've never communicated with this party before */
 /* TODO: Need ways to specify possibly multiple problems with a cert, or at
    least  reprioritize them. For example, maybe the signature ought to be
-   checked BEFORE the hostname checking? */
+   checked BEFORE the hostname checking?
+   Stu thinks we should check the signature before the name, so we do now.
+   The above TODO still stands. */
 static void
 x509_tls_cached_unknown_peer(PurpleCertificateVerificationRequest *vrq)
 {
@@ -1292,35 +1294,6 @@ x509_tls_cached_unknown_peer(PurpleCerti
 
 	peer_crt = (PurpleCertificate *) chain->data;
 
-	/* First, check that the hostname matches */
-	if ( ! purple_certificate_check_subject_name(peer_crt,
-						     vrq->subject_name) ) {
-		gchar *sn = purple_certificate_get_subject_name(peer_crt);
-		gchar *msg;
-		
-		purple_debug_info("certificate/x509/tls_cached",
-				  "Name mismatch: Certificate given for %s "
-				  "has a name of %s\n",
-				  vrq->subject_name, sn);
-
-		/* Prompt the user to authenticate the certificate */
-		/* TODO: Provide the user with more guidance about why he is
-		   being prompted */
-		/* vrq will be completed by user_auth */
-		msg = g_strdup_printf(_("The certificate presented by \"%s\" "
-					"claims to be from \"%s\" instead.  "
-					"This could mean that you are not "
-					"connecting to the service you "
-					"believe you are."),
-				      vrq->subject_name, sn);
-				      
-		x509_tls_cached_user_auth(vrq,msg);
-
-		g_free(sn);
-		g_free(msg);
-		return;
-	} /* if (name mismatch) */
-
 	/* TODO: Figure out a way to check for a bad signature, as opposed to
 	   "not self-signed" */
 	if ( purple_certificate_signed_by(peer_crt, peer_crt) ) {
@@ -1341,7 +1314,7 @@ x509_tls_cached_unknown_peer(PurpleCerti
 
 		g_free(msg);
 		return;
-	} /* if (name mismatch) */
+	} /* if (self signed) */
 	
 	/* Next, check that the certificate chain is valid */
 	if ( ! purple_certificate_check_signature_chain(chain) ) {
@@ -1440,6 +1413,35 @@ x509_tls_cached_unknown_peer(PurpleCerti
 		return;
 	} /* if (CA signature not good) */
 
+	/* Last, check that the hostname matches */
+	if ( ! purple_certificate_check_subject_name(peer_crt,
+						     vrq->subject_name) ) {
+		gchar *sn = purple_certificate_get_subject_name(peer_crt);
+		gchar *msg;
+		
+		purple_debug_info("certificate/x509/tls_cached",
+				  "Name mismatch: Certificate given for %s "
+				  "has a name of %s\n",
+				  vrq->subject_name, sn);
+
+		/* Prompt the user to authenticate the certificate */
+		/* TODO: Provide the user with more guidance about why he is
+		   being prompted */
+		/* vrq will be completed by user_auth */
+		msg = g_strdup_printf(_("The certificate presented by \"%s\" "
+					"claims to be from \"%s\" instead.  "
+					"This could mean that you are not "
+					"connecting to the service you "
+					"believe you are."),
+				      vrq->subject_name, sn);
+				      
+		x509_tls_cached_user_auth(vrq,msg);
+
+		g_free(sn);
+		g_free(msg);
+		return;
+	} /* if (name mismatch) */
+
 	/* If we reach this point, the certificate is good. */
 	/* Look up the local cache and store it there for future use */
 	tls_peers = purple_certificate_find_pool(x509_tls_cached.scheme_name,
============================================================
--- pidgin/win32/nsis/pidgin-installer.nsi	b953fafe5d8533a2f201e4a96aebb77dc624b20b
+++ pidgin/win32/nsis/pidgin-installer.nsi	6734d3023e0dc89a2d746e7bfdb84f374a37cab2
@@ -699,6 +699,7 @@ Section Uninstall
     Delete "$INSTDIR\ca-certs\Equifax_Secure_CA.pem"
     Delete "$INSTDIR\ca-certs\GTE_CyberTrust_Global_Root.pem"
     Delete "$INSTDIR\ca-certs\Microsoft_Secure_Server_Authority.pem"
+    Delete "$INSTDIR\ca-certs\StartCom_Free_SSL_CA.pem"
     Delete "$INSTDIR\ca-certs\Verisign_Class3_Extended_Validation_CA.pem"
     Delete "$INSTDIR\ca-certs\Verisign_Class3_Primary_CA.pem"
     Delete "$INSTDIR\ca-certs\Verisign_RSA_Secure_Server_CA.pem"
============================================================
--- share/ca-certs/Makefile.am	d33109c71b83ea1f09f3df5b78fcbdb6ebe94232
+++ share/ca-certs/Makefile.am	ad9eb3c2351739d37207771b760021e0cfc94738
@@ -1,8 +1,9 @@ cacerts_DATA =	\
 cacertsdir =	$(datadir)/purple/ca-certs
 cacerts_DATA =	\
 		Equifax_Secure_CA.pem \
 		GTE_CyberTrust_Global_Root.pem \
 		Microsoft_Secure_Server_Authority.pem \
+		StartCom_Free_SSL_CA.pem \
 		Verisign_RSA_Secure_Server_CA.pem \
 		Verisign_Class3_Primary_CA.pem