[vlc-commits] gnutls: show different message if certificate is unknown or mismatching

Rémi Denis-Courmont git at videolan.org
Wed Oct 3 18:39:45 CEST 2012


vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Wed Oct  3 19:36:37 2012 +0300| [fba54e1fc6231ca868da1425476050e1601780cc] | committer: Rémi Denis-Courmont

gnutls: show different message if certificate is unknown or mismatching

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=fba54e1fc6231ca868da1425476050e1601780cc
---

 modules/misc/gnutls.c |   26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 03ec439..b447fe8 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -257,9 +257,11 @@ static int gnutls_CertSearch (vlc_tls_t *obj, const char *host,
                               const gnutls_datum_t *restrict datum)
 {
     assert (host != NULL);
+
     /* Look up mismatching certificate in store */
     int val = gnutls_verify_stored_pubkey (NULL, NULL, host, service,
                                            GNUTLS_CRT_X509, datum, 0);
+    const char *msg;
     switch (val)
     {
         case 0:
@@ -267,9 +269,24 @@ static int gnutls_CertSearch (vlc_tls_t *obj, const char *host,
             return 0;
         case GNUTLS_E_NO_CERTIFICATE_FOUND:
             msg_Dbg (obj, "no known certificates for %s", host);
+            msg = N_("You attempted to reach %s. "
+                "However the security certificate presented by the server "
+                "is unknown and could not be authenticated by any trusted "
+                "Certfication Authority. "
+                "This problem may be caused by a configuration error "
+                "or an attempt to breach your security or your privacy.\n\n"
+                "If in doubt, abort now.\n");
             break;
         case GNUTLS_E_CERTIFICATE_KEY_MISMATCH:
             msg_Dbg (obj, "certificate keys mismatch for %s", host);
+            msg = N_("You attempted to reach %s. "
+                "However the security certificate presented by the server "
+                "changed since the previous visit "
+                "and was not authentication by any trusted "
+                "Certfication Authority. "
+                "This problem may be caused by a configuration error "
+                "or an attempt to breach your security or your privacy.\n\n"
+                "If in doubt, abort now.\n");
             break;
         default:
             msg_Err (obj, "certificate key match error for %s: %s", host,
@@ -277,14 +294,9 @@ static int gnutls_CertSearch (vlc_tls_t *obj, const char *host,
             return -1;
     }
 
-    if (dialog_Question (obj, _("Insecure site"),
-         _("You attempted to reach %s, but security certificate presented by "
-           "the server could not be verified."
-           "This problem may be caused by a configuration error "
-           "on the server or by a serious breach of network security.\n\n"
-           "If in doubt, abort now.\n"),
+    if (dialog_Question (obj, _("Insecure site"), vlc_gettext (msg),
                          _("Abort"), _("View certificate"), NULL, host) != 2)
-         return -1;
+        return -1;
 
     gnutls_x509_crt_t cert;
     gnutls_datum_t desc;



More information about the vlc-commits mailing list