forked from Lainports/freebsd-ports
9a9cfc4efa
The ssl_nss_get_peer_certificates function in libpurple 2.x.y assumes that all intermediate certificates from the peer's presented chain can be found in the NSS certificate DB. This is not the case in NSS 3.103. This patch is required in order to add a new port for *MS teams* support in pidgin. This patch replaces a call to ssl_nss_get_peer_certificates by SSL_PeerCertificateChain who retrieves the certificates presented by the SSL peer.SSL_PeerCertificateChain has been in NSS since version 3.15.4 released in 2014. Additional references: https://bugzilla.mozilla.org/show_bug.cgi?id=1913047 PR: 281761
54 lines
1.6 KiB
C
54 lines
1.6 KiB
C
--- libpurple/plugins/ssl/ssl-nss.c
|
|
+++ libpurple/plugins/ssl/ssl-nss.c
|
|
@@ -282,39 +282,32 @@ x509_import_from_nss(CERTCertificate* ce
|
|
static GList *
|
|
ssl_nss_get_peer_certificates(PRFileDesc *socket, PurpleSslConnection * gsc)
|
|
{
|
|
+ CERTCertList *peerChain;
|
|
+ CERTCertListNode *cursor;
|
|
CERTCertificate *curcert;
|
|
- CERTCertificate *issuerCert;
|
|
PurpleCertificate * newcrt;
|
|
|
|
/* List of Certificate instances to return */
|
|
GList * peer_certs = NULL;
|
|
- int count;
|
|
- int64 now = PR_Now();
|
|
|
|
- curcert = SSL_PeerCertificate(socket);
|
|
- if (curcert == NULL) {
|
|
- purple_debug_error("nss", "could not DupCertificate\n");
|
|
+ peerChain = SSL_PeerCertificateChain(socket);
|
|
+ if (peerChain == NULL) {
|
|
+ purple_debug_error("nss", "no peer certificates\n");
|
|
return NULL;
|
|
}
|
|
|
|
- for (count = 0 ; count < CERT_MAX_CERT_CHAIN ; count++) {
|
|
+ for (cursor = CERT_LIST_HEAD(peerChain); !CERT_LIST_END(cursor, peerChain); cursor = CERT_LIST_NEXT(cursor)) {
|
|
+ curcert = cursor->cert;
|
|
+ if (!curcert) {
|
|
+ purple_debug_error("nss", "cursor->cert == NULL\n");
|
|
+ break;
|
|
+ }
|
|
purple_debug_info("nss", "subject=%s issuer=%s\n", curcert->subjectName,
|
|
curcert->issuerName ? curcert->issuerName : "(null)");
|
|
newcrt = x509_import_from_nss(curcert);
|
|
peer_certs = g_list_append(peer_certs, newcrt);
|
|
-
|
|
- if (curcert->isRoot) {
|
|
- break;
|
|
- }
|
|
- issuerCert = CERT_FindCertIssuer(curcert, now, certUsageSSLServer);
|
|
- if (!issuerCert) {
|
|
- purple_debug_error("nss", "partial certificate chain\n");
|
|
- break;
|
|
- }
|
|
- CERT_DestroyCertificate(curcert);
|
|
- curcert = issuerCert;
|
|
}
|
|
- CERT_DestroyCertificate(curcert);
|
|
+ CERT_DestroyCertList(peerChain);
|
|
|
|
return peer_certs;
|
|
}
|