Commit 0d957559 authored by Michael Gratton's avatar Michael Gratton
Browse files

Application.CertificateManager: Check locally pinned certs for equality

When checking if a certificate is pinned locally (i.e. when GCR support
is unavailable), ensure the presented cert is identical to the stored
cert.

Fixes #866
parent 5088adfe
Pipeline #193863 passed with stages
in 22 minutes and 7 seconds
......@@ -430,7 +430,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
lock (this.pinned_certs) {
context = this.pinned_certs.get(id);
if (context != null) {
is_pinned = true;
is_pinned = context.certificate.is_same(chain);
} else {
// Cert not found in memory, check with GCR if
// enabled.
......@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
this.store_dir, id, cancellable
);
this.pinned_certs.set(id, context);
is_pinned = true;
is_pinned = context.certificate.is_same(chain);
} catch (GLib.IOError.NOT_FOUND err) {
// Cert was not found saved, so it not pinned
} catch (GLib.Error err) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment