From: Carl Hetherington <cth@carlh.net>
Date: Thu, 25 Aug 2016 13:43:09 +0000 (+0100)
Subject: Merge branch 'master' of ssh://git.carlh.net/home/carl/git/dcpomatic
X-Git-Tag: v2.9.16~2
X-Git-Url: https://git.carlh.net/gitweb/?a=commitdiff_plain;h=b42066b7d664ac322e6d2c79c5b0fa8bb0eb75c9;hp=175ec3510439b2184026ee7e8dc75668448f4e21;p=dcpomatic.git

Merge branch 'master' of ssh://git.carlh.net/home/carl/git/dcpomatic
---

diff --git a/ChangeLog b/ChangeLog
index 450f31e49..76a1e2e12 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2016-08-25  c.hetherington  <cth@carlh.net>
+
+	* Fix silent acceptance of certificate chains where
+	single certificates are required (#937).
+
 2016-08-25  Carl Hetherington  <cth@carlh.net>
 
 	* Make burnt-in subtitle outline width configurable (#940).
diff --git a/cscript b/cscript
index 137781398..43a9b0832 100644
--- a/cscript
+++ b/cscript
@@ -237,7 +237,7 @@ def dependencies(target):
         ffmpeg_options = {}
 
     return (('ffmpeg-cdist', '1d4a1a4', ffmpeg_options),
-            ('libdcp', '04def4c'),
+            ('libdcp', 'ac6df08'),
             ('libsub', '067c21c'))
 
 def configure_options(target):
diff --git a/src/wx/config_dialog.cc b/src/wx/config_dialog.cc
index ac5d90296..0369070a7 100644
--- a/src/wx/config_dialog.cc
+++ b/src/wx/config_dialog.cc
@@ -773,8 +773,9 @@ private:
 
 		if (d->ShowModal() == wxID_OK) {
 			try {
-				dcp::Certificate c (dcp::file_to_string (wx_to_std (d->GetPath ())));
-				if (c.extra_data ()) {
+				dcp::Certificate c;
+				string const extra = c.read_string (dcp::file_to_string (wx_to_std (d->GetPath ())));
+				if (!extra.empty ()) {
 					message_dialog (
 						this,
 						_("This file contains other certificates (or other data) after its first certificate. "
diff --git a/src/wx/screen_dialog.cc b/src/wx/screen_dialog.cc
index e01b98962..0ecf223e6 100644
--- a/src/wx/screen_dialog.cc
+++ b/src/wx/screen_dialog.cc
@@ -25,6 +25,7 @@
 #include "lib/compose.hpp"
 #include "lib/util.h"
 #include <dcp/exceptions.h>
+#include <dcp/certificate_chain.h>
 #include <wx/filepicker.h>
 #include <wx/validate.h>
 #include <iostream>
@@ -151,7 +152,9 @@ void
 ScreenDialog::load_recipient (boost::filesystem::path file)
 {
 	try {
-		set_recipient (dcp::Certificate (dcp::file_to_string (file)));
+		/* Load this as a chain, in case it is one, and then pick the leaf certificate */
+		dcp::CertificateChain c (dcp::file_to_string (file));
+		set_recipient (c.leaf ());
 	} catch (dcp::MiscError& e) {
 		error_dialog (this, wxString::Format (_("Could not read certificate file (%s)"), std_to_wx(e.what()).data()));
 	}