Handle invalid certificate chains (with the ca_cert_path option)

2014-12-17 19:07:15 +01:00 · 2014-12-17 19:07:15 +01:00 · c76279c345
commit c76279c345
parent ef3beab02b
2 changed files with 6 additions and 0 deletions
--- a/src/core/core.py
+++ b/src/core/core.py
@ -253,6 +253,7 @@ class Core(object):
                                    self.on_chatstate_inactive)
        self.xmpp.add_event_handler("attention", self.on_attention)
        self.xmpp.add_event_handler("ssl_cert", self.validate_ssl)
+        self.xmpp.add_event_handler("ssl_invalid_chain", self.ssl_invalid_chain)
        self.all_stanzas = Callback('custom matcher',
                                    connection.MatchAll(None),
                                    self.incoming_stanza)
@ -1957,6 +1958,7 @@ class Core(object):
    outgoing_stanza = handlers.outgoing_stanza
    incoming_stanza = handlers.incoming_stanza
    validate_ssl = handlers.validate_ssl
+    ssl_invalid_chain = handlers.ssl_invalid_chain
    on_next_adhoc_step = handlers.on_next_adhoc_step
    on_adhoc_error = handlers.on_adhoc_error
    cancel_adhoc_command = handlers.cancel_adhoc_command
--- a/src/core/handlers.py
+++ b/src/core/handlers.py
@ -1156,6 +1156,10 @@ def incoming_stanza(self, stanza):
            self.current_tab().refresh()
            self.doupdate()

+def ssl_invalid_chain(self, tb):
+    self.information('The certificate sent by the server is invalid.', 'Error')
+    self.disconnect()
+
 def validate_ssl(self, pem):
    """
    Check the server certificate using the slixmpp ssl_cert event