Ticket #720: ssl_cert_verif.diff
| File ssl_cert_verif.diff, 5.7 KB (added by asterix, 2 years ago) |
|---|
-
src/gajim.py
2166 2166 instance = data[1] 2167 2167 instance.unique_room_id_error(data[0]) 2168 2168 2169 def handle_event_ssl_error(self, account, data): 2170 # ('SSL_ERROR', account, (text, cert)) 2171 server = gajim.config.get_per('accounts', account, 'hostname') 2172 def on_ok(is_checked): 2173 if is_checked: 2174 f = open(gajim.MY_CACERTS, 'a') 2175 f.write(server + '\n') 2176 f.write(data[1] + '\n\n') 2177 f.close() 2178 gajim.connections[account].ssl_certificate_accepted() 2179 def on_cancel(): 2180 pass 2181 pritext = _('Error verifying SSL certificate') 2182 sectext = _('There was an error verifying the SSL certificate of your jabber server %(server)s: %(error)s\nDo you still want to connect to this server?') % {'server': server, 'error': data[0]} 2183 checktext = _('Add this certificate to the list of trusted certificates.') 2184 dialogs.ConfirmationDialogCheck(pritext, sectext, checktext, 2185 on_response_ok=on_ok, on_response_cancel=on_cancel) 2186 2169 2187 def read_sleepy(self): 2170 2188 '''Check idle status and change that status if needed''' 2171 2189 if not self.sleeper.poll(): … … 2502 2520 'UNIQUE_ROOM_ID_SUPPORTED': self.handle_event_unique_room_id_supported, 2503 2521 'SESSION_NEG': self.handle_session_negotiation, 2504 2522 'GPG_PASSWORD_REQUIRED': self.handle_event_gpg_password_required, 2523 'SSL_ERROR': self.handle_event_ssl_error, 2505 2524 } 2506 2525 gajim.handlers = self.handlers 2507 2526 -
src/common/xmpp/transports_nb.py
745 745 #tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD) 746 746 tcpsock.ssl_errnum = 0 747 747 tcpsock._sslContext.set_verify(OpenSSL.SSL.VERIFY_PEER, self._ssl_verify_callback) 748 cacerts = os.path.join(gajim.DATA_DIR, 'other', 'cacerts.pem') 748 749 try: 749 tcpsock._sslContext.load_verify_locations( os.path.join(gajim.DATA_DIR, 'other', 'cacerts.pem'))750 tcpsock._sslContext.load_verify_locations(cacerts) 750 751 except: 751 log.warning(_("Unable to load SSL certificats from file %s" % os.path.abspath(os.path.join(gajim.DATA_DIR,'other','ca.crt')))) 752 log.warning('Unable to load SSL certificats from file %s' % \ 753 os.path.abspath(cacerts)) 754 # load users certs 755 if os.path.isfile(gajim.MY_CACERTS): 756 store = tcpsock._sslContext.get_cert_store() 757 f = open(gajim.MY_CACERTS) 758 lines = f.readlines() 759 i = 0 760 begin = -1 761 for line in lines: 762 if 'BEGIN CERTIFICATE' in line: 763 begin = i 764 continue 765 elif 'END CERTIFICATE' in line and begin > -1: 766 cert = ''.join(lines[begin:i+2]) 767 try: 768 X509cert = OpenSSL.crypto.load_certificate( 769 OpenSSL.crypto.FILETYPE_PEM, cert) 770 store.add_cert(X509cert) 771 except: 772 log.warning('Unable to load a certificate from file %s' % \ 773 gajim.MY_CACERTS) 774 begin = -1 775 i += 1 752 776 tcpsock._sslObj = OpenSSL.SSL.Connection(tcpsock._sslContext, tcpsock._sock) 753 777 tcpsock._sslObj.set_connect_state() # set to client mode 754 778 … … 791 815 if errnum == 0: 792 816 return True 793 817 self._owner.Connection.ssl_errnum = errnum 818 self._owner.Connection.ssl_cert = OpenSSL.crypto.dump_certificate( 819 OpenSSL.crypto.FILETYPE_PEM, cert) 794 820 return True 795 821 except: 796 822 log.error("Exception caught in _ssl_info_callback:", exc_info=True) -
src/common/configpaths.py
79 79 80 80 # LOG is deprecated 81 81 k = ( 'LOG', 'LOG_DB', 'VCARD', 'AVATAR', 'MY_EMOTS', 82 'MY_ICONSETS' 82 'MY_ICONSETS', 'MY_CACERTS') 83 83 v = (u'logs', u'logs.db', u'vcards', u'avatars', u'emoticons', 84 u'iconsets' )84 u'iconsets', u'cacerts.pem') 85 85 86 86 if os.name == 'nt': 87 87 v = map(lambda x: x.capitalize(), v) -
src/common/gajim.py
77 77 AVATAR_PATH = gajimpaths['AVATAR'] 78 78 MY_EMOTS_PATH = gajimpaths['MY_EMOTS'] 79 79 MY_ICONSETS_PATH = gajimpaths['MY_ICONSETS'] 80 MY_CACERTS = gajimpaths['MY_CACERTS'] 80 81 TMP = gajimpaths['TMP'] 81 82 DATA_DIR = gajimpaths['DATA'] 82 83 HOME_DIR = gajimpaths['HOME'] -
src/common/connection.py
488 488 errnum = -1 # we don't have an errnum 489 489 if errnum > 0: 490 490 # FIXME: tell the user that the certificat is untrusted, and ask him what to do 491 try: 492 log.warning("The authenticity of the "+hostname+" certificate could be invalid.\nSSL Error: "+ssl_error[errnum]) 493 except KeyError: 494 log.warning("Unknown SSL error: %d" % errnum) 495 con.auth(name, self.password, self.server_resource, 1, self.__on_auth) 491 text = _('The authenticity of the %s certificate could be invalid.') %\ 492 hostname 493 if errnum in ssl_error: 494 text += _('\nSSL Error: %s') % ssl_error[errnum] 495 else: 496 text += _('\nUnknown SSL error: %d') % errnum 497 self.dispatch('SSL_ERROR', (text, con.Connection.ssl_cert)) 498 else: 499 con.auth(name, self.password, self.server_resource, 1, self.__on_auth) 496 500 497 501 return True 498 502 503 def ssl_certificate_accepted(self): 504 name = gajim.config.get_per('accounts', self.name, 'name') 505 self.connection.auth(name, self.password, self.server_resource, 1, self.__on_auth) 506 499 507 def _register_handlers(self, con, con_type): 500 508 self.peerhost = con.get_peerhost() 501 509 # notify the gui about con_type
