Philipp Hörist pushed to branch master at gajim / python-nbxmpp
Commits:
3ca9eeb3 by Philipp Hörist at 2022-10-16T20:23:18+02:00
fix: Client: Don’t override modified certification errors
When cert errors where detected the certificate-set signal did overwrite
the certficition errors which were already modified by accept_certificate()
This simplifies the code and removes the certificate-set signal
- - - - -
4 changed files:
- nbxmpp/client.py
- nbxmpp/connection.py
- nbxmpp/tcp.py
- nbxmpp/websocket.py
Changes:
=====================================
nbxmpp/client.py
=====================================
@@ -232,6 +232,8 @@ class Client(Observable):
@property
def peer_certificate(self):
+ if self._con is not None:
+ return self._con.peer_certificate
return self._peer_certificate, self._peer_certificate_errors
@property
@@ -360,6 +362,8 @@ class Client(Observable):
return
self.state = StreamState.CONNECTING
+ self._peer_certificate = None
+ self._peer_certificate_errors = None
self._reset_error()
self._con = self._get_connection(self._log_context,
@@ -375,7 +379,6 @@ class Client(Observable):
self._con.subscribe('data-sent', self._on_data_sent)
self._con.subscribe('data-received', self._on_data_received)
self._con.subscribe('bad-certificate', self._on_bad_certificate)
- self._con.subscribe('certificate-set', self._on_certificate_set)
self._con.connect()
def _get_connection(self, *args):
@@ -537,12 +540,9 @@ class Client(Observable):
connection.peer_certificate
self._set_error(StreamError.BAD_CERTIFICATE, 'bad certificate')
- def _on_certificate_set(self, connection, _signal_name):
- self._peer_certificate, self._peer_certificate_errors = \
- connection.peer_certificate
-
def accept_certificate(self):
self._log.info('Certificate accepted')
+ assert self._peer_certificate is not None
self._accepted_certificates.append(self._peer_certificate)
self._connect()
=====================================
nbxmpp/connection.py
=====================================
@@ -37,7 +37,6 @@ class Connection(Observable):
data-sent
data-received
bad-certificate
- certificate-set
connection-failed
disconnected
'''
=====================================
nbxmpp/tcp.py
=====================================
@@ -125,11 +125,15 @@ class TCPConnection(Connection):
return False
def _on_certificate_set(self, connection, _param):
- self._peer_certificate = connection.props.peer_certificate
- self._peer_certificate_errors = convert_tls_error_flags(
- connection.props.peer_certificate_errors)
+ if self._peer_certificate is None:
+ # If the cert has errors _check_certificate() will set the cert and
+ # _accept_certificate() will modify the error set. If this is the
+ # case _accept_certificate() modifies the errors.
+ self._peer_certificate = connection.props.peer_certificate
+ self._peer_certificate_errors = convert_tls_error_flags(
+ connection.props.peer_certificate_errors)
+
self._tls_handshake_in_progress = False
- self.notify('certificate-set')
def _on_connect_finished(self, client, result, _user_data):
try:
=====================================
nbxmpp/websocket.py
=====================================
@@ -99,8 +99,6 @@ class WebsocketConnection(Connection):
self._peer_certificate = certificate
self._peer_certificate_errors = convert_tls_error_flags(errors)
- self.notify('certificate-set')
-
if self._accept_certificate():
return
View it on GitLab:
https://dev.gajim.org/gajim/python-nbxmpp/-/commit/3ca9eeb30cd24f99d3e4166b906b09f679993a2a
--
View it on GitLab:
https://dev.gajim.org/gajim/python-nbxmpp/-/commit/3ca9eeb30cd24f99d3e4166b906b09f679993a2a
You're receiving this email because of your account on dev.gajim.org.
_______________________________________________
Commits mailing list
[email protected]
https://lists.gajim.org/cgi-bin/listinfo/commits
