IdleServerConnection: check certificates properly, except in the tests

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63810
Reviewed-by: Guillaume Desmottes <guillaume.desmottes@collabora.co.uk>

2 files changed, 11 insertions, 5 deletions

diff --git a/src/idle-server-connection.c b/src/idle-server-connection.c
index 8a4bb98..6c5894f 100644
--- a/src/idle-server-connection.c
+++ b/src/idle-server-connection.c
@@ -505,9 +505,14 @@ IdleServerConnectionState idle_server_connection_get_state(IdleServerConnection
 void idle_server_connection_set_tls(IdleServerConnection *conn, gboolean tls) {
 	IdleServerConnectionPrivate *priv = IDLE_SERVER_CONNECTION_GET_PRIVATE(conn);
 	g_socket_client_set_tls(priv->socket_client, tls);
-	g_socket_client_set_tls_validation_flags(priv->socket_client,
-		G_TLS_CERTIFICATE_VALIDATE_ALL
-		& ~G_TLS_CERTIFICATE_UNKNOWN_CA
-		& ~G_TLS_CERTIFICATE_BAD_IDENTITY
-		& ~G_TLS_CERTIFICATE_EXPIRED);
+
+	/* The regression tests don't have a CA-issued certificate,
+	 * oddly enough. */
+	if (!tp_strdiff (g_getenv ("IDLE_TEST_BE_VULNERABLE_TO_MAN_IN_THE_MIDDLE_ATTACKS"), "vulnerable")) {
+		g_socket_client_set_tls_validation_flags(priv->socket_client,
+			G_TLS_CERTIFICATE_VALIDATE_ALL
+			& ~G_TLS_CERTIFICATE_UNKNOWN_CA
+			& ~G_TLS_CERTIFICATE_BAD_IDENTITY
+			& ~G_TLS_CERTIFICATE_EXPIRED);
+	}
 }
diff --git a/tests/twisted/Makefile.am b/tests/twisted/Makefile.am
index 8329514..aa749ef 100644
--- a/tests/twisted/Makefile.am
+++ b/tests/twisted/Makefile.am
@@ -46,6 +46,7 @@ check-twisted:
 	rm -f tools/core
 	rm -f tools/idle-testing.log
 	failed=0; \
+	IDLE_TEST_BE_VULNERABLE_TO_MAN_IN_THE_MIDDLE_ATTACKS=vulnerable \
 	sh $(srcdir)/tools/with-session-bus.sh \
 		--config-file=tools/tmp-session-bus.conf \
 		-- $(MAKE) check-TESTS \