telepathy-idle: IdleServerConnection: check certificates properly, except in the tests
Simon McVittie
smcv at kemper.freedesktop.org
Wed Apr 24 09:02:39 PDT 2013
Module: telepathy-idle
Branch: master
Commit: eee0207464d160a0c8b7e430d927beb4d14cde74
URL: http://cgit.freedesktop.org/telepathy/telepathy-idle/commit/?id=eee0207464d160a0c8b7e430d927beb4d14cde74
Author: Simon McVittie <simon.mcvittie at collabora.co.uk>
Date: Mon Apr 22 18:47:39 2013 +0100
IdleServerConnection: check certificates properly, except in the tests
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63810
Reviewed-by: Guillaume Desmottes <guillaume.desmottes at collabora.co.uk>
---
src/idle-server-connection.c | 15 ++++++++++-----
tests/twisted/Makefile.am | 1 +
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/idle-server-connection.c b/src/idle-server-connection.c
index 8a4bb98..6c5894f 100644
--- a/src/idle-server-connection.c
+++ b/src/idle-server-connection.c
@@ -505,9 +505,14 @@ IdleServerConnectionState idle_server_connection_get_state(IdleServerConnection
void idle_server_connection_set_tls(IdleServerConnection *conn, gboolean tls) {
IdleServerConnectionPrivate *priv = IDLE_SERVER_CONNECTION_GET_PRIVATE(conn);
g_socket_client_set_tls(priv->socket_client, tls);
- g_socket_client_set_tls_validation_flags(priv->socket_client,
- G_TLS_CERTIFICATE_VALIDATE_ALL
- & ~G_TLS_CERTIFICATE_UNKNOWN_CA
- & ~G_TLS_CERTIFICATE_BAD_IDENTITY
- & ~G_TLS_CERTIFICATE_EXPIRED);
+
+ /* The regression tests don't have a CA-issued certificate,
+ * oddly enough. */
+ if (!tp_strdiff (g_getenv ("IDLE_TEST_BE_VULNERABLE_TO_MAN_IN_THE_MIDDLE_ATTACKS"), "vulnerable")) {
+ g_socket_client_set_tls_validation_flags(priv->socket_client,
+ G_TLS_CERTIFICATE_VALIDATE_ALL
+ & ~G_TLS_CERTIFICATE_UNKNOWN_CA
+ & ~G_TLS_CERTIFICATE_BAD_IDENTITY
+ & ~G_TLS_CERTIFICATE_EXPIRED);
+ }
}
diff --git a/tests/twisted/Makefile.am b/tests/twisted/Makefile.am
index 8329514..aa749ef 100644
--- a/tests/twisted/Makefile.am
+++ b/tests/twisted/Makefile.am
@@ -46,6 +46,7 @@ check-twisted:
rm -f tools/core
rm -f tools/idle-testing.log
failed=0; \
+ IDLE_TEST_BE_VULNERABLE_TO_MAN_IN_THE_MIDDLE_ATTACKS=vulnerable \
sh $(srcdir)/tools/with-session-bus.sh \
--config-file=tools/tmp-session-bus.conf \
-- $(MAKE) check-TESTS \
More information about the telepathy-commits
mailing list