Handle invalid certificate chains (with the ca_cert_path option)

2 files changed, 6 insertions, 0 deletions

diff --git a/src/core/core.py b/src/core/core.py
index 8d7f7fcf..ba9b16e0 100644
--- a/src/core/core.py
+++ b/src/core/core.py
@@ -253,6 +253,7 @@ class Core(object):
                                     self.on_chatstate_inactive)
         self.xmpp.add_event_handler("attention", self.on_attention)
         self.xmpp.add_event_handler("ssl_cert", self.validate_ssl)
+        self.xmpp.add_event_handler("ssl_invalid_chain", self.ssl_invalid_chain)
         self.all_stanzas = Callback('custom matcher',
                                     connection.MatchAll(None),
                                     self.incoming_stanza)
@@ -1957,6 +1958,7 @@ class Core(object):
     outgoing_stanza = handlers.outgoing_stanza
     incoming_stanza = handlers.incoming_stanza
     validate_ssl = handlers.validate_ssl
+    ssl_invalid_chain = handlers.ssl_invalid_chain
     on_next_adhoc_step = handlers.on_next_adhoc_step
     on_adhoc_error = handlers.on_adhoc_error
     cancel_adhoc_command = handlers.cancel_adhoc_command
diff --git a/src/core/handlers.py b/src/core/handlers.py
index a1e8596c..8eb99cc3 100644
--- a/src/core/handlers.py
+++ b/src/core/handlers.py
@@ -1156,6 +1156,10 @@ def incoming_stanza(self, stanza):
             self.current_tab().refresh()
             self.doupdate()
 
+def ssl_invalid_chain(self, tb):
+    self.information('The certificate sent by the server is invalid.', 'Error')
+    self.disconnect()
+
 def validate_ssl(self, pem):
     """
     Check the server certificate using the slixmpp ssl_cert event