Page MenuHomeWildfire Games
Differential D1620

TLS certificate error strings
ClosedPublic
Actions

Authored by elexis on Aug 25 2018, 5:03 PM.

Details

Reviewers
None
Commits
rP21901: Display lobby TLS certificate verification errors from gloox, refs #4705.
Trac Tickets
#4705
#5257
Summary

This shows the user why a TLS certificate error was rejected and would help debugging more quickly in case a certificate is invalid.

Test Plan

The std::map can't be initialized later well because it requires g_L10n to be initialized.

Diff Detail

Repository
rP 0 A.D. Public Repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

elexis created this revision.Aug 25 2018, 5:03 PM
Vulcan added a subscriber: Vulcan.Aug 25 2018, 5:33 PM

Build failure - The Moirai have given mortals hearts that can endure.

Link to build: https://jenkins.wildfiregames.com/job/differential/723/display/redirect

Harbormaster failed remote builds in B6349: Diff 6874!Aug 25 2018, 5:33 PM
Vulcan added a comment.Sep 2 2018, 8:33 PM

Successful build - Chance fights ever on the side of the prudent.

Link to build: https://jenkins.wildfiregames.com/job/differential/727/display/redirect

Harbormaster completed remote builds in B6349: Diff 6874.Sep 2 2018, 8:33 PM
elexis added inline comments.Oct 9 2018, 7:32 PM
source/lobby/XmppClient.cpp
1073 ↗(On Diff #6874)

Refering to these enum constants without a version check is legit because all of them are present in revision 1080 of gloox

1080         js     CertOk               =  0,      /**< The certificate is valid and trusted. */
1080         js     CertInvalid          =  1,      /**< The certificate is not trusted. */
1080         js     CertSignerUnknown    =  2,      /**< The certificate hasn't got a known issuer. */
1080         js     CertRevoked          =  4,      /**< The certificate has been revoked. */
1080         js     CertExpired          =  8,      /**< The certificate has expired. */
1080         js     CertNotActive        = 16,      /**< The certifiacte is not yet active. */
1080         js     CertWrongPeer        = 32,      /**< The certificate has not been issued for the
1080         js     CertSignerNotCa      = 64       /**< The signer is not a CA. */

which was committed on 2006-02-02, so it is very well supported (we have more recent gloox features required)

source: gloox svn repository https://camaya.net/gloox/download/

elexis updated the Trac tickets for this revision.Oct 9 2018, 7:32 PM
This revision was not accepted when it landed; it landed in state Needs Review.Oct 9 2018, 7:50 PM
Closed by commit rP21901: Display lobby TLS certificate verification errors from gloox, refs #4705. (authored by elexis). · Explain Why
This revision was automatically updated to reflect the committed changes.
elexis added inline comments.Oct 9 2018, 7:52 PM
source/lobby/XmppClient.cpp
1073 ↗(On Diff #6874)

Notice this doesn't use a switch because these are flags and multiple of them can apply and this code seems much more compact and it is not called more than once per connection attempt.

Since this will depend on g_L10N, the struct can't be moved out of this function without stuff becoming much uglier.

Revision Contents
Changeset List

PathSize
ps/
trunk/
binaries/
data/
config/
2 lines
source/
lobby/
2 lines
30 lines

Diff 6921

View Options

ps/trunk/binaries/data/config/default.cfg

Loading...
View Options

ps/trunk/source/lobby/XmppClient.h

Loading...
View Options

ps/trunk/source/lobby/XmppClient.cpp

Loading...
Wildfire Games · Phabricator