From 0c1f61427bae5161bbfc089d6c984f79a29752bb Mon Sep 17 00:00:00 2001 From: Philipp Nordhus Date: Mon, 24 Mar 2014 16:29:26 -0700 Subject: [PATCH] Prevent STARTTLS connection error BAD_IDENTITY: Closes bgo#726943 Certificate verification was failing because the wrong Connectable was being passed to the TLS connection code. This patch also cleans up Geary.Endpoint by using a NetworkAddress object to hold the hostname and port. --- THANKS | 1 + src/engine/api/geary-endpoint.vala | 15 ++++++--------- .../imap-engine/imap-engine-generic-account.vala | 2 +- .../imap/transport/imap-client-connection.vala | 3 +-- src/engine/smtp/smtp-client-connection.vala | 3 +-- 5 files changed, 10 insertions(+), 14 deletions(-) diff --git a/THANKS b/THANKS index 8d266e17..e47e3cfd 100644 --- a/THANKS +++ b/THANKS @@ -27,6 +27,7 @@ Kai Mast William Jon McCann Thomas Moschny Tom Most +Philipp Nordhus Andreas Obergrusberger Martin Olsson Robert Park diff --git a/src/engine/api/geary-endpoint.vala b/src/engine/api/geary-endpoint.vala index d9336443..bf0ab51e 100644 --- a/src/engine/api/geary-endpoint.vala +++ b/src/engine/api/geary-endpoint.vala @@ -32,8 +32,7 @@ public class Geary.Endpoint : BaseObject { HALT } - public string host_specifier { get; private set; } - public uint16 default_port { get; private set; } + public NetworkAddress remote_address { get; private set; } public Flags flags { get; private set; } public uint timeout_sec { get; private set; } public TlsCertificateFlags tls_validation_flags { get; set; default = TlsCertificateFlags.VALIDATE_ALL; } @@ -50,8 +49,7 @@ public class Geary.Endpoint : BaseObject { private SocketClient? socket_client = null; public Endpoint(string host_specifier, uint16 default_port, Flags flags, uint timeout_sec) { - this.host_specifier = host_specifier; - this.default_port = default_port; + this.remote_address = new NetworkAddress(host_specifier, default_port); this.flags = flags; this.timeout_sec = timeout_sec; } @@ -74,8 +72,7 @@ public class Geary.Endpoint : BaseObject { } public async SocketConnection connect_async(Cancellable? cancellable = null) throws Error { - SocketConnection cx = yield get_socket_client().connect_to_host_async(host_specifier, default_port, - cancellable); + SocketConnection cx = yield get_socket_client().connect_async(remote_address, cancellable); TcpConnection? tcp = cx as TcpConnection; if (tcp != null) @@ -85,8 +82,8 @@ public class Geary.Endpoint : BaseObject { } public async TlsClientConnection starttls_handshake_async(IOStream base_stream, - SocketConnectable connectable, Cancellable? cancellable = null) throws Error { - TlsClientConnection tls_cx = TlsClientConnection.new(base_stream, connectable); + Cancellable? cancellable = null) throws Error { + TlsClientConnection tls_cx = TlsClientConnection.new(base_stream, remote_address); prepare_tls_cx(tls_cx, true); yield tls_cx.handshake_async(Priority.DEFAULT, cancellable); @@ -196,7 +193,7 @@ public class Geary.Endpoint : BaseObject { } public string to_string() { - return "%s/default:%u".printf(host_specifier, default_port); + return "%s/default:%u".printf(remote_address.hostname, remote_address.port); } } diff --git a/src/engine/imap-engine/imap-engine-generic-account.vala b/src/engine/imap-engine/imap-engine-generic-account.vala index baec78f3..4e0bdc4f 100644 --- a/src/engine/imap-engine/imap-engine-generic-account.vala +++ b/src/engine/imap-engine/imap-engine-generic-account.vala @@ -769,7 +769,7 @@ private abstract class Geary.ImapEngine.GenericAccount : Geary.AbstractAccount { // TODO: we should probably not use someone else's FQDN in something // that's supposed to be globally unique... Geary.RFC822.Message rfc822 = new Geary.RFC822.Message.from_composed_email( - composed, GMime.utils_generate_message_id(information.get_smtp_endpoint().host_specifier)); + composed, GMime.utils_generate_message_id(information.get_smtp_endpoint().remote_address.hostname)); // don't use create_email_async() as that requires the folder be open to use yield local.outbox.enqueue_email_async(rfc822, cancellable); diff --git a/src/engine/imap/transport/imap-client-connection.vala b/src/engine/imap/transport/imap-client-connection.vala index 9ca950f3..e6dfce7d 100644 --- a/src/engine/imap/transport/imap-client-connection.vala +++ b/src/engine/imap/transport/imap-client-connection.vala @@ -490,8 +490,7 @@ public class Geary.Imap.ClientConnection : BaseObject { yield close_channels_async(cancellable); // wrap connection with TLS connection - TlsClientConnection tls_cx = yield endpoint.starttls_handshake_async(cx, - cx.get_remote_address(), cancellable); + TlsClientConnection tls_cx = yield endpoint.starttls_handshake_async(cx, cancellable); ios = tls_cx; diff --git a/src/engine/smtp/smtp-client-connection.vala b/src/engine/smtp/smtp-client-connection.vala index d62dd42c..f629a641 100644 --- a/src/engine/smtp/smtp-client-connection.vala +++ b/src/engine/smtp/smtp-client-connection.vala @@ -246,8 +246,7 @@ public class Geary.Smtp.ClientConnection { if (!starttls_response.code.is_starttls_ready()) throw new SmtpError.STARTTLS_FAILED("STARTTLS failed: %s", response.to_string()); - TlsClientConnection tls_cx = yield endpoint.starttls_handshake_async(cx, - socket_cx.get_remote_address(), cancellable); + TlsClientConnection tls_cx = yield endpoint.starttls_handshake_async(cx, cancellable); cx = tls_cx; set_data_streams(tls_cx);