From c0cb63781ee48f530c3e1de18971d5abc46eab1c Mon Sep 17 00:00:00 2001
From: Hylke Bons <hylkebons@gmail.com>
Date: Sat, 18 Aug 2012 16:45:31 +0100
Subject: [PATCH] controller: check the gravatar.com cert manually. Closes #913

---
 SparkleShare/SparkleControllerBase.cs | 38 ++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/SparkleShare/SparkleControllerBase.cs b/SparkleShare/SparkleControllerBase.cs
index 4a4c23a2..2fabfcf2 100644
--- a/SparkleShare/SparkleControllerBase.cs
+++ b/SparkleShare/SparkleControllerBase.cs
@@ -20,8 +20,11 @@ using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Net;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
 using System.Text.RegularExpressions;
 using System.Threading;
+using System.Security.Cryptography;
 
 using SparkleLib;
 
@@ -651,8 +654,12 @@ namespace SparkleShare {
         }
 
 
+        private List<string> skipped_avatars = new List<string> ();
+
         public string GetAvatar (string email, int size)
         {
+            ServicePointManager.ServerCertificateValidationCallback = GetAvatarValidationCallBack;
+
             string fetch_avatars_option = this.config.GetConfigOption ("fetch_avatars");
 
             if (fetch_avatars_option != null &&
@@ -663,6 +670,9 @@ namespace SparkleShare {
 
             email = email.ToLower ();
 
+            if (this.skipped_avatars.Contains (email))
+                return null;
+
             string avatars_path = new string [] { Path.GetDirectoryName (this.config.FullPath),
                 "avatars", size + "x" + size }.Combine ();
 
@@ -697,12 +707,38 @@ namespace SparkleShare {
                 }
 
             } catch (WebException e) {
-				SparkleLogger.LogInfo ("Controller", "Error fetching avatar: " + e.Message);
+                SparkleLogger.LogInfo ("Controller", "Error fetching avatar for " + email + ": " + e.Message);
+                skipped_avatars.Add (email);
+
                 return null;
             }
         }
 
 
+        private bool GetAvatarValidationCallBack (Object sender, X509Certificate certificate,
+            X509Chain chain, SslPolicyErrors errors)
+        {
+            X509Certificate2 certificate2 = new X509Certificate2 (certificate.GetRawCertData ());
+
+            // On some systems (mostly Linux) we can't assume the needed certificates are
+            // available, so we have to check the certificate's SHA-1 fingerprint manually.
+            //
+            // Obtained from https://www.gravatar.com/ on Aug 18 2012 and
+            // expires on Oct 24 2015.
+            string gravatar_cert_fingerprint = "217ACB08C0A1ACC23A21B6ECDE82CD45E14DEC19";
+
+            if (certificate2.Thumbprint.Equals (gravatar_cert_fingerprint)) {
+                return true;
+            
+            } else {
+                SparkleLogger.LogInfo ("Controller",
+                    "Not connecting to https://www.gravatar.com/ due to invalid certificate");
+
+                return false;
+            }
+        }
+
+
         public string AssignAvatar (string s)
         {
             string hash    = "0" + s.MD5 ().Substring (0, 8);