From 6dcaf218911699388f2ae359c44387915ab5d5d8 Mon Sep 17 00:00:00 2001 From: Alberto Sottile Date: Mon, 11 Feb 2019 15:54:16 +0100 Subject: [PATCH] startTLS: drop connection if server certificate is not valid --- syncplay/messages_de.py | 1 + syncplay/messages_en.py | 1 + syncplay/messages_it.py | 1 + syncplay/messages_ru.py | 1 + syncplay/protocols.py | 4 ++-- 5 files changed, 6 insertions(+), 2 deletions(-) diff --git a/syncplay/messages_de.py b/syncplay/messages_de.py index 1adbfb9..c693d2f 100755 --- a/syncplay/messages_de.py +++ b/syncplay/messages_de.py @@ -313,6 +313,7 @@ de = { # startTLS messages - TODO: Translate "startTLS-initiated": "Attempting secure connection", "startTLS-secure-connection-ok": "Secure connection established ({})", + "startTLS-server-certificate-invalid": "Secure connection failed. The server uses an invalid security certificate. This communication could be intercepted by a third party.", "startTLS-not-supported-client": "This client does not support TLS", "startTLS-not-supported-server": "This server does not support TLS", diff --git a/syncplay/messages_en.py b/syncplay/messages_en.py index 2c8f84f..4bfa882 100755 --- a/syncplay/messages_en.py +++ b/syncplay/messages_en.py @@ -314,6 +314,7 @@ en = { "startTLS-initiated": "Attempting secure connection", "startTLS-secure-connection-ok": "Secure connection established ({})", + "startTLS-server-certificate-invalid": "Secure connection failed. The server uses an invalid security certificate. This communication could be intercepted by a third party.", "startTLS-not-supported-client": "This client does not support TLS", "startTLS-not-supported-server": "This server does not support TLS", diff --git a/syncplay/messages_it.py b/syncplay/messages_it.py index 99fd305..339863d 100755 --- a/syncplay/messages_it.py +++ b/syncplay/messages_it.py @@ -314,6 +314,7 @@ it = { "startTLS-initiated": "Tentativo di connessione sicura in corso", "startTLS-secure-connection-ok": "Connessione sicura stabilita ({})", + "startTLS-server-certificate-invalid": "Connessione sicura non riuscita. Il certificato di sicurezza di questo server non รจ valido. La comunicazione potrebbe essere intercettata da una terza parte.", "startTLS-not-supported-client": "Questo client non supporta TLS", "startTLS-not-supported-server": "Questo server non supporta TLS", diff --git a/syncplay/messages_ru.py b/syncplay/messages_ru.py index b4f6332..17bdd00 100755 --- a/syncplay/messages_ru.py +++ b/syncplay/messages_ru.py @@ -316,6 +316,7 @@ ru = { # startTLS messages - TODO: Translate "startTLS-initiated": "Attempting secure connection", "startTLS-secure-connection-ok": "Secure connection established ({})", + "startTLS-server-certificate-invalid": "Secure connection failed. The server uses an invalid security certificate. This communication could be intercepted by a third party.", "startTLS-not-supported-client": "This client does not support TLS", "startTLS-not-supported-server": "This server does not support TLS", diff --git a/syncplay/protocols.py b/syncplay/protocols.py index 56c0a22..b1dbef2 100755 --- a/syncplay/protocols.py +++ b/syncplay/protocols.py @@ -92,10 +92,10 @@ class SyncClientProtocol(JSONCommandProtocol): try: if "Invalid DNS-ID" in str(reason.value): self._client._serverSupportsTLS = False - elif "certificate verify failed" in str(reason.value): - self._client._serverSupportsTLS = False elif "tlsv1 alert protocol version" in str(reason.value): self._client._clientSupportsTLS = False + elif "certificate verify failed" in str(reason.value): + self.dropWithError(getMessage("startTLS-server-certificate-invalid")) except: pass self._client.destroyProtocol()