IdleServerConnection: check certificates properly, except in the tests

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63810 Reviewed-by: Guillaume Desmottes <guillaume.desmottes@collabora.co.uk>
author: Simon McVittie <simon.mcvittie@collabora.co.uk> 2013-04-22 18:47:39 +0100
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2013-04-24 14:45:44 +0100
commit: eee0207464d160a0c8b7e430d927beb4d14cde74 (patch)
tree: 4879a8cbe7648039e88f1fca5ecf4376994621dd /src
parent: 3e0498048df554bfaa30c42aef1220f2b7135ed3 (diff)
1 files changed, 10 insertions, 5 deletions
diff --git a/src/idle-server-connection.c b/src/idle-server-connection.c
index 8a4bb98..6c5894f 100644
--- a/src/idle-server-connection.c
+++ b/src/idle-server-connection.c
@@ -505,9 +505,14 @@ IdleServerConnectionState idle_server_connection_get_state(IdleServerConnection
 void idle_server_connection_set_tls(IdleServerConnection *conn, gboolean tls) {
 	IdleServerConnectionPrivate *priv = IDLE_SERVER_CONNECTION_GET_PRIVATE(conn);
 	g_socket_client_set_tls(priv->socket_client, tls);
-	g_socket_client_set_tls_validation_flags(priv->socket_client,
-		G_TLS_CERTIFICATE_VALIDATE_ALL
-		& ~G_TLS_CERTIFICATE_UNKNOWN_CA
-		& ~G_TLS_CERTIFICATE_BAD_IDENTITY
-		& ~G_TLS_CERTIFICATE_EXPIRED);
+
+	/* The regression tests don't have a CA-issued certificate,
+	 * oddly enough. */
+	if (!tp_strdiff (g_getenv ("IDLE_TEST_BE_VULNERABLE_TO_MAN_IN_THE_MIDDLE_ATTACKS"), "vulnerable")) {
+		g_socket_client_set_tls_validation_flags(priv->socket_client,
+			G_TLS_CERTIFICATE_VALIDATE_ALL
+			& ~G_TLS_CERTIFICATE_UNKNOWN_CA
+			& ~G_TLS_CERTIFICATE_BAD_IDENTITY
+			& ~G_TLS_CERTIFICATE_EXPIRED);
+	}
 }
author	Simon McVittie <simon.mcvittie@collabora.co.uk>	2013-04-22 18:47:39 +0100
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2013-04-24 14:45:44 +0100
commit	eee0207464d160a0c8b7e430d927beb4d14cde74 (patch)
tree	4879a8cbe7648039e88f1fca5ecf4376994621dd /src
parent	3e0498048df554bfaa30c42aef1220f2b7135ed3 (diff)