Prevent STARTTLS connection error BAD_IDENTITY: Closes bgo#726943

Certificate verification was failing because the wrong Connectable was being passed to the TLS connection code. This patch also cleans up Geary.Endpoint by using a NetworkAddress object to hold the hostname and port.
2014-03-24 16:29:26 -07:00 · 2014-03-24 16:29:26 -07:00 · 0c1f61427b
commit 0c1f61427b
parent f1860dc8af
5 changed files with 10 additions and 14 deletions
--- a/1
+++ b/1
@ -27,6 +27,7 @@ Kai Mast <mail@kai-mast.de>
 William Jon McCann <william.jon.mccann@gmail.com>
 Thomas Moschny <thomas.moschny@gmx.de>
 Tom Most <twm@freecog.net>
+Philipp Nordhus <philipp@nhus.de>
 Andreas Obergrusberger <tradiaz@yahoo.de>
 Martin Olsson <martin@minimum.se>
 Robert Park <rbpark@exolucere.ca>
--- a/src/engine/api/geary-endpoint.vala
+++ b/src/engine/api/geary-endpoint.vala
@ -32,8 +32,7 @@ public class Geary.Endpoint : BaseObject {
        HALT
    }
    
-    public string host_specifier { get; private set; }
-    public uint16 default_port { get; private set; }
+    public NetworkAddress remote_address { get; private set; }
    public Flags flags { get; private set; }
    public uint timeout_sec { get; private set; }
    public TlsCertificateFlags tls_validation_flags { get; set; default = TlsCertificateFlags.VALIDATE_ALL; }
@ -50,8 +49,7 @@ public class Geary.Endpoint : BaseObject {
    private SocketClient? socket_client = null;
    
    public Endpoint(string host_specifier, uint16 default_port, Flags flags, uint timeout_sec) {
-        this.host_specifier = host_specifier;
-        this.default_port = default_port;
+        this.remote_address = new NetworkAddress(host_specifier, default_port);
        this.flags = flags;
        this.timeout_sec = timeout_sec;
    }
@ -74,8 +72,7 @@ public class Geary.Endpoint : BaseObject {
    }

    public async SocketConnection connect_async(Cancellable? cancellable = null) throws Error {
-        SocketConnection cx = yield get_socket_client().connect_to_host_async(host_specifier, default_port,
-            cancellable);
+        SocketConnection cx = yield get_socket_client().connect_async(remote_address, cancellable);

        TcpConnection? tcp = cx as TcpConnection;
        if (tcp != null)
@ -85,8 +82,8 @@ public class Geary.Endpoint : BaseObject {
    }
    
    public async TlsClientConnection starttls_handshake_async(IOStream base_stream,
-        SocketConnectable connectable, Cancellable? cancellable = null) throws Error {
-        TlsClientConnection tls_cx = TlsClientConnection.new(base_stream, connectable);
+        Cancellable? cancellable = null) throws Error {
+        TlsClientConnection tls_cx = TlsClientConnection.new(base_stream, remote_address);
        prepare_tls_cx(tls_cx, true);
        
        yield tls_cx.handshake_async(Priority.DEFAULT, cancellable);
@ -196,7 +193,7 @@ public class Geary.Endpoint : BaseObject {
    }
    
    public string to_string() {
-        return "%s/default:%u".printf(host_specifier, default_port);
+        return "%s/default:%u".printf(remote_address.hostname, remote_address.port);
    }
 }

--- a/src/engine/imap-engine/imap-engine-generic-account.vala
+++ b/src/engine/imap-engine/imap-engine-generic-account.vala
@ -769,7 +769,7 @@ private abstract class Geary.ImapEngine.GenericAccount : Geary.AbstractAccount {
        // TODO: we should probably not use someone else's FQDN in something
        // that's supposed to be globally unique...
        Geary.RFC822.Message rfc822 = new Geary.RFC822.Message.from_composed_email(
-            composed, GMime.utils_generate_message_id(information.get_smtp_endpoint().host_specifier));
+            composed, GMime.utils_generate_message_id(information.get_smtp_endpoint().remote_address.hostname));
        
        // don't use create_email_async() as that requires the folder be open to use
        yield local.outbox.enqueue_email_async(rfc822, cancellable);
--- a/src/engine/imap/transport/imap-client-connection.vala
+++ b/src/engine/imap/transport/imap-client-connection.vala
@ -490,8 +490,7 @@ public class Geary.Imap.ClientConnection : BaseObject {
        yield close_channels_async(cancellable);
        
        // wrap connection with TLS connection
-        TlsClientConnection tls_cx = yield endpoint.starttls_handshake_async(cx,
-            cx.get_remote_address(), cancellable);
+        TlsClientConnection tls_cx = yield endpoint.starttls_handshake_async(cx, cancellable);
        
        ios = tls_cx;
        
--- a/src/engine/smtp/smtp-client-connection.vala
+++ b/src/engine/smtp/smtp-client-connection.vala
@ -246,8 +246,7 @@ public class Geary.Smtp.ClientConnection {
                if (!starttls_response.code.is_starttls_ready())
                    throw new SmtpError.STARTTLS_FAILED("STARTTLS failed: %s", response.to_string());
                
-                TlsClientConnection tls_cx = yield endpoint.starttls_handshake_async(cx,
-                    socket_cx.get_remote_address(), cancellable);
+                TlsClientConnection tls_cx = yield endpoint.starttls_handshake_async(cx, cancellable);
                cx = tls_cx;
                set_data_streams(tls_cx);