Attachment #253890 for bug #281761

View | Details | Raw Unified | Return to bug 281761
Collapse All | Expand All




--- libpurple/plugins/ssl/ssl-nss.c
+++ libpurple/plugins/ssl/ssl-nss.c
@@ -282,39 +282,32 @@ x509_import_from_nss(CERTCertificate* ce
 static GList *
 ssl_nss_get_peer_certificates(PRFileDesc *socket, PurpleSslConnection * gsc)
 {
+	CERTCertList *peerChain;
+	CERTCertListNode *cursor;
 	CERTCertificate *curcert;
-	CERTCertificate *issuerCert;
 	PurpleCertificate * newcrt;

 	/* List of Certificate instances to return */
 	GList * peer_certs = NULL;
-	int count;
-	int64 now = PR_Now();

-	curcert = SSL_PeerCertificate(socket);
-	if (curcert == NULL) {
-		purple_debug_error("nss", "could not DupCertificate\n");
+	peerChain = SSL_PeerCertificateChain(socket);
+	if (peerChain == NULL) {
+		purple_debug_error("nss", "no peer certificates\n");
 		return NULL;
 	}

-	for (count = 0 ; count < CERT_MAX_CERT_CHAIN ; count++) {
+	for (cursor = CERT_LIST_HEAD(peerChain); !CERT_LIST_END(cursor, peerChain); cursor = CERT_LIST_NEXT(cursor)) {
+		curcert = cursor->cert;
+		if (!curcert) {
+			purple_debug_error("nss", "cursor->cert == NULL\n");
+			break;
+		}
 		purple_debug_info("nss", "subject=%s issuer=%s\n", curcert->subjectName,
 						  curcert->issuerName  ? curcert->issuerName : "(null)");
 		newcrt = x509_import_from_nss(curcert);
 		peer_certs = g_list_append(peer_certs, newcrt);
-
-		if (curcert->isRoot) {
-			break;
-		}
-		issuerCert = CERT_FindCertIssuer(curcert, now, certUsageSSLServer);
-		if (!issuerCert) {
-			purple_debug_error("nss", "partial certificate chain\n");
-			break;
-		}
-		CERT_DestroyCertificate(curcert);
-		curcert = issuerCert;
 	}
-	CERT_DestroyCertificate(curcert);
+	CERT_DestroyCertList(peerChain);

 	return peer_certs;
 }

Lines 1-6 Link Here

(-)b/net-im/libpurple/Makefile (-1 / +1 lines)
1	PORTNAME?= libpurple	1	PORTNAME?= libpurple
2	PORTVERSION= 2.14.13	2	PORTVERSION= 2.14.13
3	PORTREVISION?= 0	3	PORTREVISION?= 1
4	CATEGORIES?= net-im	4	CATEGORIES?= net-im
5	MASTER_SITES= SF/pidgin/Pidgin/${PORTVERSION}	5	MASTER_SITES= SF/pidgin/Pidgin/${PORTVERSION}
6	DISTNAME= pidgin-${PORTVERSION}	6	DISTNAME= pidgin-${PORTVERSION}

Return to bug 281761

Added Link Here

(-)b/net-im/libpurple/files/patch-libpurple_plugins_ssl_ssl-nss.c (+54 lines)
1	--- libpurple/plugins/ssl/ssl-nss.c
2	+++ libpurple/plugins/ssl/ssl-nss.c
3	@@ -282,39 +282,32 @@ x509_import_from_nss(CERTCertificate* ce
4	static GList *
5	ssl_nss_get_peer_certificates(PRFileDesc socket, PurpleSslConnection gsc)
6	{
7	+ CERTCertList *peerChain;
8	+ CERTCertListNode *cursor;
9	CERTCertificate *curcert;
10	- CERTCertificate *issuerCert;
11	PurpleCertificate * newcrt;
12
13	/* List of Certificate instances to return */
14	GList * peer_certs = NULL;
15	- int count;
16	- int64 now = PR_Now();
17
18	- curcert = SSL_PeerCertificate(socket);
19	- if (curcert == NULL) {
20	- purple_debug_error("nss", "could not DupCertificate\n");
21	+ peerChain = SSL_PeerCertificateChain(socket);
22	+ if (peerChain == NULL) {
23	+ purple_debug_error("nss", "no peer certificates\n");
24	return NULL;
25	}
26
27	- for (count = 0 ; count < CERT_MAX_CERT_CHAIN ; count++) {
28	+ for (cursor = CERT_LIST_HEAD(peerChain); !CERT_LIST_END(cursor, peerChain); cursor = CERT_LIST_NEXT(cursor)) {
29	+ curcert = cursor->cert;
30	+ if (!curcert) {
31	+ purple_debug_error("nss", "cursor->cert == NULL\n");
32	+ break;
33	+ }
34	purple_debug_info("nss", "subject=%s issuer=%s\n", curcert->subjectName,
35	curcert->issuerName ? curcert->issuerName : "(null)");
36	newcrt = x509_import_from_nss(curcert);
37	peer_certs = g_list_append(peer_certs, newcrt);
38	-
39	- if (curcert->isRoot) {
40	- break;
41	- }
42	- issuerCert = CERT_FindCertIssuer(curcert, now, certUsageSSLServer);
43	- if (!issuerCert) {
44	- purple_debug_error("nss", "partial certificate chain\n");
45	- break;
46	- }
47	- CERT_DestroyCertificate(curcert);
48	- curcert = issuerCert;
49	}
50	- CERT_DestroyCertificate(curcert);
51	+ CERT_DestroyCertList(peerChain);
52
53	return peer_certs;
54	}