adium 5591:f378111148c4: Remember kids, -[NSObject hash] has abs...

[commits at adium.im]

details:	http://hg.adium.im/adium/rev/f378111148c4
revision:	5591:f378111148c4
branch:		adium-1.5.7
author:		Thijs Alkemade <me at thijsalkema.de>
date:		Tue Jun 25 21:41:03 2013 +0200

Remember kids, -[NSObject hash] has absolutely no cryptographic guarantees. Using it to decide to trust a certificate is RETARDED.

Also, fix a possible overrelease of a trustref, which might be related to #16365

Refs #16365

diffs (81 lines):

diff -r 38a86a06aa15 -r f378111148c4 Plugins/Purple Service/AIPurpleCertificateTrustWarningAlert.m
--- a/Plugins/Purple Service/AIPurpleCertificateTrustWarningAlert.m	Sun Jun 23 13:32:14 2013 +0200
+++ b/Plugins/Purple Service/AIPurpleCertificateTrustWarningAlert.m	Tue Jun 25 21:41:03 2013 +0200
@@ -26,8 +26,6 @@
 
 //#define ALWAYS_SHOW_TRUST_WARNING
 
-static NSMutableDictionary *acceptedCertificates = nil;
-
 @interface AIPurpleCertificateTrustWarningAlert ()
 - (id)initWithAccount:(AIAccount*)account
 			 hostname:(NSString*)hostname
@@ -80,8 +78,6 @@
 			 userData:(void*)ud
 {
 	if((self = [super init])) {
-		if(!acceptedCertificates)
-			acceptedCertificates = [[NSMutableDictionary alloc] init];
 		query_cert_cb = _query_cert_cb;
 		
 		certificates = certs;
@@ -111,23 +107,6 @@
 	
 	CSSM_DATA data;
 	err = SecCertificateGetData((SecCertificateRef)CFArrayGetValueAtIndex(certificates, 0), &data);
-	if(err == noErr) {
-		// Did we ask the user to confirm this certificate before?
-		// Note that this information is not stored on the disk, which is on purpose.
-		NSUInteger oldCertHash = [[acceptedCertificates objectForKey:hostname] unsignedIntegerValue];
-		if (oldCertHash) {
-			NSData *certData = [[NSData alloc] initWithBytesNoCopy:data.Data length:data.Length freeWhenDone:NO];
-			NSUInteger newCertHash = [certData hash];
-			[certData release];
-			
-			if (oldCertHash == newCertHash) {
-				query_cert_cb(true, userdata);
-				[self release];
-				return;
-			}
-		}
-	}
-		
 	
 	err = SecPolicySearchCreate(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_SSL, NULL, &searchRef);
 	if(err != noErr) {
@@ -166,8 +145,6 @@
 	if(err != noErr) {
 		CFRelease(searchRef);
 		CFRelease(policyRef);
-		if (trustRef)
-			CFRelease(trustRef);
 		NSBeep();
 		[self release];
 		return;
@@ -285,7 +262,7 @@
 					 didEndSelector:@selector(certificateTrustSheetDidEnd:returnCode:contextInfo:)
 						contextInfo:window
 							  trust:trustRef
-							message:title];	
+							message:title];
 }
 
 
@@ -299,17 +276,6 @@
 	NSWindow *parentWindow = (NSWindow *)contextInfo;
 
 	query_cert_cb(didTrustCerficate, userdata);
-	/* If the user confirmed this cert, we store this information until the app is closed so the user doesn't have to re-confirm it every time
-	 * (doing otherwise might be particularily annoying on auto-reconnect)
-	 */
-	if (didTrustCerficate) {
-		CSSM_DATA certdata;
-		OSStatus err = SecCertificateGetData((SecCertificateRef)CFArrayGetValueAtIndex(certificates, 0), &certdata);
-		if(err == noErr) {
-			[acceptedCertificates setObject:[NSNumber numberWithUnsignedInteger:[[NSData dataWithBytes:certdata.Data length:certdata.Length] hash]]
-									 forKey:hostname];
-		}
-	}
 
 	[trustpanel release];