Display lobby TLS certificate verification errors from gloox, refs #4705.
Update to the most reason why TLS certificate verification fails. Don't use translation yet.. Differential Revision: https://code.wildfiregames.com/D1620 Upstream bugreport: https://bugs.camaya.net/ticket/?id=280 This was SVN commit r21901.
This commit is contained in:
parent
d7ff9722c6
commit
0e2adda813
@ -414,7 +414,7 @@ history = 0 ; Number of past messages to display on join
|
||||
room = "arena23" ; Default MUC room to join
|
||||
server = "lobby.wildfiregames.com" ; Address of lobby server
|
||||
require_tls = true ; Whether to reject connecting to the lobby if TLS encryption is unavailable.
|
||||
verify_certificate = false ; Whether to reject connecting to the lobby if the TLS certificate is invalid (TODO get a valid certificate)
|
||||
verify_certificate = false ; Whether to reject connecting to the lobby if the TLS certificate is invalid (TODO: wait for Gloox GnuTLS trust implementation to be fixed)
|
||||
terms_of_service = "0" ; Version (hash) of the Terms of Service that the user has accepted
|
||||
terms_of_use = "0" ; Version (hash) of the Terms of Use that the user has accepted
|
||||
xpartamupp = "wfgbot23" ; Name of the server-side XMPP-account that manage games
|
||||
|
||||
@ -267,6 +267,8 @@ bool XmppClient::onTLSConnect(const glooxwrapper::CertInfo& info)
|
||||
"\ncipher: " << info.cipher <<
|
||||
"\ncompression: " << info.compression );
|
||||
|
||||
m_certStatus = static_cast<gloox::CertStatus>(info.status);
|
||||
|
||||
// Optionally accept invalid certificates, see require_tls option.
|
||||
bool verify_certificate = true;
|
||||
CFG_GET_VAL("lobby.verify_certificate", verify_certificate);
|
||||
@ -1054,6 +1056,32 @@ void XmppClient::GetRoleString(const gloox::MUCRoomRole r, std::string& role) co
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Translates a gloox certificate error codes, i.e. gloox certificate statuses except CertOk.
|
||||
* Keep in sync with specifications.
|
||||
*/
|
||||
std::string XmppClient::TLSErrorToString(gloox::CertStatus status) const
|
||||
{
|
||||
// TODO: Use translation
|
||||
std::map<gloox::CertStatus, std::string> certificateErrorStrings = {
|
||||
{ gloox::CertInvalid, ("The certificate is not trusted.") },
|
||||
{ gloox::CertSignerUnknown, ("The certificate hasn't got a known issuer.") },
|
||||
{ gloox::CertRevoked, ("The certificate has been revoked.") },
|
||||
{ gloox::CertExpired, ("The certificate has expired.") },
|
||||
{ gloox::CertNotActive, ("The certifiacte is not yet active.") },
|
||||
{ gloox::CertWrongPeer, ("The certificate has not been issued for the peer we're connected to.") },
|
||||
{ gloox::CertSignerNotCa, ("The signer is not a CA.") }
|
||||
};
|
||||
|
||||
std::string result = "";
|
||||
|
||||
for (std::map<gloox::CertStatus, std::string>::iterator it = certificateErrorStrings.begin(); it != certificateErrorStrings.end(); ++it)
|
||||
if (status & it->first)
|
||||
result += "\n" + it->second;
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a gloox stanza error type to string.
|
||||
* Keep in sync with Gloox documentation
|
||||
@ -1124,7 +1152,7 @@ std::string XmppClient::ConnectionErrorToString(gloox::ConnectionError err) cons
|
||||
CASE(ConnDnsError, g_L10n.Translate("Resolving the server's hostname failed"));
|
||||
CASE(ConnOutOfMemory, g_L10n.Translate("This system is out of memory"));
|
||||
DEBUG_CASE(ConnNoSupportedAuth, "The authentication mechanisms the server offered are not supported or no authentication mechanisms were available");
|
||||
CASE(ConnTlsFailed, g_L10n.Translate("The server's certificate could not be verified or the TLS handshake did not complete successfully"));
|
||||
CASE(ConnTlsFailed, g_L10n.Translate("The server's certificate could not be verified or the TLS handshake did not complete successfully") + TLSErrorToString(m_certStatus));
|
||||
CASE(ConnTlsNotAvailable, g_L10n.Translate("The server did not offer required TLS encryption"));
|
||||
DEBUG_CASE(ConnCompressionFailed, "Negotiation/initializing compression failed");
|
||||
CASE(ConnAuthenticationFailed, g_L10n.Translate("Authentication failed. Incorrect password or account does not exist"));
|
||||
|
||||
@ -54,6 +54,7 @@ private:
|
||||
std::string m_echelonId;
|
||||
|
||||
// State
|
||||
gloox::CertStatus m_certStatus;
|
||||
bool m_initialLoadComplete;
|
||||
bool m_isConnected;
|
||||
|
||||
@ -132,6 +133,7 @@ protected:
|
||||
// Helpers
|
||||
void GetPresenceString(const gloox::Presence::PresenceType p, std::string& presence) const;
|
||||
void GetRoleString(const gloox::MUCRoomRole r, std::string& role) const;
|
||||
std::string TLSErrorToString(gloox::CertStatus status) const;
|
||||
std::string StanzaErrorToString(gloox::StanzaError err) const;
|
||||
std::string ConnectionErrorToString(gloox::ConnectionError err) const;
|
||||
std::string RegistrationResultToString(gloox::RegistrationResult res) const;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user