Index: ps/trunk/binaries/data/config/default.cfg =================================================================== --- ps/trunk/binaries/data/config/default.cfg +++ ps/trunk/binaries/data/config/default.cfg @@ -414,7 +414,7 @@ room = "arena23" ; Default MUC room to join server = "lobby.wildfiregames.com" ; Address of lobby server require_tls = true ; Whether to reject connecting to the lobby if TLS encryption is unavailable. -verify_certificate = false ; Whether to reject connecting to the lobby if the TLS certificate is invalid (TODO get a valid certificate) +verify_certificate = false ; Whether to reject connecting to the lobby if the TLS certificate is invalid (TODO: wait for Gloox GnuTLS trust implementation to be fixed) terms_of_service = "0" ; Version (hash) of the Terms of Service that the user has accepted terms_of_use = "0" ; Version (hash) of the Terms of Use that the user has accepted xpartamupp = "wfgbot23" ; Name of the server-side XMPP-account that manage games Index: ps/trunk/source/lobby/XmppClient.h =================================================================== --- ps/trunk/source/lobby/XmppClient.h +++ ps/trunk/source/lobby/XmppClient.h @@ -54,6 +54,7 @@ std::string m_echelonId; // State + gloox::CertStatus m_certStatus; bool m_initialLoadComplete; bool m_isConnected; @@ -132,6 +133,7 @@ // Helpers void GetPresenceString(const gloox::Presence::PresenceType p, std::string& presence) const; void GetRoleString(const gloox::MUCRoomRole r, std::string& role) const; + std::string TLSErrorToString(gloox::CertStatus status) const; std::string StanzaErrorToString(gloox::StanzaError err) const; std::string ConnectionErrorToString(gloox::ConnectionError err) const; std::string RegistrationResultToString(gloox::RegistrationResult res) const; Index: ps/trunk/source/lobby/XmppClient.cpp =================================================================== --- ps/trunk/source/lobby/XmppClient.cpp +++ ps/trunk/source/lobby/XmppClient.cpp @@ -267,6 +267,8 @@ "\ncipher: " << info.cipher << "\ncompression: " << info.compression ); + m_certStatus = static_cast(info.status); + // Optionally accept invalid certificates, see require_tls option. bool verify_certificate = true; CFG_GET_VAL("lobby.verify_certificate", verify_certificate); @@ -1055,6 +1057,32 @@ } /** + * Translates a gloox certificate error codes, i.e. gloox certificate statuses except CertOk. + * Keep in sync with specifications. + */ +std::string XmppClient::TLSErrorToString(gloox::CertStatus status) const +{ + // TODO: Use translation + std::map certificateErrorStrings = { + { gloox::CertInvalid, ("The certificate is not trusted.") }, + { gloox::CertSignerUnknown, ("The certificate hasn't got a known issuer.") }, + { gloox::CertRevoked, ("The certificate has been revoked.") }, + { gloox::CertExpired, ("The certificate has expired.") }, + { gloox::CertNotActive, ("The certifiacte is not yet active.") }, + { gloox::CertWrongPeer, ("The certificate has not been issued for the peer we're connected to.") }, + { gloox::CertSignerNotCa, ("The signer is not a CA.") } + }; + + std::string result = ""; + + for (std::map::iterator it = certificateErrorStrings.begin(); it != certificateErrorStrings.end(); ++it) + if (status & it->first) + result += "\n" + it->second; + + return result; +} + +/** * Convert a gloox stanza error type to string. * Keep in sync with Gloox documentation * @@ -1124,7 +1152,7 @@ CASE(ConnDnsError, g_L10n.Translate("Resolving the server's hostname failed")); CASE(ConnOutOfMemory, g_L10n.Translate("This system is out of memory")); DEBUG_CASE(ConnNoSupportedAuth, "The authentication mechanisms the server offered are not supported or no authentication mechanisms were available"); - CASE(ConnTlsFailed, g_L10n.Translate("The server's certificate could not be verified or the TLS handshake did not complete successfully")); + CASE(ConnTlsFailed, g_L10n.Translate("The server's certificate could not be verified or the TLS handshake did not complete successfully") + TLSErrorToString(m_certStatus)); CASE(ConnTlsNotAvailable, g_L10n.Translate("The server did not offer required TLS encryption")); DEBUG_CASE(ConnCompressionFailed, "Negotiation/initializing compression failed"); CASE(ConnAuthenticationFailed, g_L10n.Translate("Authentication failed. Incorrect password or account does not exist"));