From 5450c9869cf221de4fc98fd3778168f453ae7eab Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 22 Apr 2013 18:47:39 +0100 Subject: [PATCH 3/3] IdleServerConnection: check certificates properly, except in the tests Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63810 --- src/idle-server-connection.c | 15 ++++++++++----- tests/twisted/Makefile.am | 1 + 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/idle-server-connection.c b/src/idle-server-connection.c index 8a4bb98..6c5894f 100644 --- a/src/idle-server-connection.c +++ b/src/idle-server-connection.c @@ -505,9 +505,14 @@ IdleServerConnectionState idle_server_connection_get_state(IdleServerConnection void idle_server_connection_set_tls(IdleServerConnection *conn, gboolean tls) { IdleServerConnectionPrivate *priv = IDLE_SERVER_CONNECTION_GET_PRIVATE(conn); g_socket_client_set_tls(priv->socket_client, tls); - g_socket_client_set_tls_validation_flags(priv->socket_client, - G_TLS_CERTIFICATE_VALIDATE_ALL - & ~G_TLS_CERTIFICATE_UNKNOWN_CA - & ~G_TLS_CERTIFICATE_BAD_IDENTITY - & ~G_TLS_CERTIFICATE_EXPIRED); + + /* The regression tests don't have a CA-issued certificate, + * oddly enough. */ + if (!tp_strdiff (g_getenv ("IDLE_TEST_BE_VULNERABLE_TO_MAN_IN_THE_MIDDLE_ATTACKS"), "vulnerable")) { + g_socket_client_set_tls_validation_flags(priv->socket_client, + G_TLS_CERTIFICATE_VALIDATE_ALL + & ~G_TLS_CERTIFICATE_UNKNOWN_CA + & ~G_TLS_CERTIFICATE_BAD_IDENTITY + & ~G_TLS_CERTIFICATE_EXPIRED); + } } diff --git a/tests/twisted/Makefile.am b/tests/twisted/Makefile.am index 8329514..aa749ef 100644 --- a/tests/twisted/Makefile.am +++ b/tests/twisted/Makefile.am @@ -46,6 +46,7 @@ check-twisted: rm -f tools/core rm -f tools/idle-testing.log failed=0; \ + IDLE_TEST_BE_VULNERABLE_TO_MAN_IN_THE_MIDDLE_ATTACKS=vulnerable \ sh $(srcdir)/tools/with-session-bus.sh \ --config-file=tools/tmp-session-bus.conf \ -- $(MAKE) check-TESTS \ -- 1.7.10.4