Do not copy TLS settings to reconnection record

This was causing us to use the TLS settings from one server on another which is not always appropriate. Instead, we now treat it like other connection information and do not copy it. We get the TLS settings later as appropriate when connecting. Note there is still probably more that could be cleaned up here. For example, the unix socket might be better treated as connection info too. Fixes #1027.
2024-11-03 04:27:19 -05:00 · 2019-10-12 15:43:14 -07:00 · 2019-10-12 15:43:14 -07:00 · 1639425217
commit 1639425217
parent 4476fbbad9
2 changed files with 29 additions and 29 deletions
--- a/src/core/servers-reconnect.c
+++ b/src/core/servers-reconnect.c
@ -185,6 +185,16 @@ server_connect_copy_skeleton(SERVER_CONNECT_REC *src, int connect_info)
 		dest->address = g_strdup(src->address);
 		dest->port = src->port;
 		dest->password = g_strdup(src->password);
 		dest->use_tls = src->use_tls;
 		dest->tls_cert = g_strdup(src->tls_cert);
 		dest->tls_pkey = g_strdup(src->tls_pkey);
 		dest->tls_verify = src->tls_verify;
 		dest->tls_cafile = g_strdup(src->tls_cafile);
 		dest->tls_capath = g_strdup(src->tls_capath);
 		dest->tls_ciphers = g_strdup(src->tls_ciphers);
 		dest->tls_pinned_cert = g_strdup(src->tls_pinned_cert);
 		dest->tls_pinned_pubkey = g_strdup(src->tls_pinned_pubkey);
 	}
 	dest->chatnet = g_strdup(src->chatnet);
@ -207,16 +217,6 @@ server_connect_copy_skeleton(SERVER_CONNECT_REC *src, int connect_info)
 	dest->no_autosendcmd = src->no_autosendcmd;
 	dest->unix_socket = src->unix_socket;
 	dest->use_tls = src->use_tls;
 	dest->tls_cert = g_strdup(src->tls_cert);
 	dest->tls_pkey = g_strdup(src->tls_pkey);
 	dest->tls_verify = src->tls_verify;
 	dest->tls_cafile = g_strdup(src->tls_cafile);
 	dest->tls_capath = g_strdup(src->tls_capath);
 	dest->tls_ciphers = g_strdup(src->tls_ciphers);
 	dest->tls_pinned_cert = g_strdup(src->tls_pinned_cert);
 	dest->tls_pinned_pubkey = g_strdup(src->tls_pinned_pubkey);
 	return dest;
 }
--- a/src/core/servers-setup.c
+++ b/src/core/servers-setup.c
@ -108,6 +108,25 @@ void server_setup_fill_reconn(SERVER_CONNECT_REC *conn,
 	if (sserver->password != NULL && conn->password == NULL)
 		conn->password = g_strdup(sserver->password);
 	conn->use_tls = sserver->use_tls;
 	if (conn->tls_cert == NULL && sserver->tls_cert != NULL && sserver->tls_cert[0] != '\0')
 		conn->tls_cert = g_strdup(sserver->tls_cert);
 	if (conn->tls_pkey == NULL && sserver->tls_pkey != NULL && sserver->tls_pkey[0] != '\0')
 		conn->tls_pkey = g_strdup(sserver->tls_pkey);
 	if (conn->tls_pass == NULL && sserver->tls_pass != NULL && sserver->tls_pass[0] != '\0')
 		conn->tls_pass = g_strdup(sserver->tls_pass);
 	conn->tls_verify = sserver->tls_verify;
 	if (conn->tls_cafile == NULL && sserver->tls_cafile != NULL && sserver->tls_cafile[0] != '\0')
 		conn->tls_cafile = g_strdup(sserver->tls_cafile);
 	if (conn->tls_capath == NULL && sserver->tls_capath != NULL && sserver->tls_capath[0] != '\0')
 		conn->tls_capath = g_strdup(sserver->tls_capath);
 	if (conn->tls_ciphers == NULL && sserver->tls_ciphers != NULL && sserver->tls_ciphers[0] != '\0')
 		conn->tls_ciphers = g_strdup(sserver->tls_ciphers);
 	if (conn->tls_pinned_cert == NULL && sserver->tls_pinned_cert != NULL && sserver->tls_pinned_cert[0] != '\0')
 		conn->tls_pinned_cert = g_strdup(sserver->tls_pinned_cert);
 	if (conn->tls_pinned_pubkey == NULL && sserver->tls_pinned_pubkey != NULL && sserver->tls_pinned_pubkey[0] != '\0')
 		conn->tls_pinned_pubkey = g_strdup(sserver->tls_pinned_pubkey);
 	signal_emit("server setup fill reconn", 2, conn, sserver);
 }
@ -167,25 +186,6 @@ static void server_setup_fill_server(SERVER_CONNECT_REC *conn,
 	if (sserver->port > 0 && conn->port <= 0)
 		conn->port = sserver->port;
 	conn->use_tls = sserver->use_tls;
 	if (conn->tls_cert == NULL && sserver->tls_cert != NULL && sserver->tls_cert[0] != '\0')
 		conn->tls_cert = g_strdup(sserver->tls_cert);
 	if (conn->tls_pkey == NULL && sserver->tls_pkey != NULL && sserver->tls_pkey[0] != '\0')
 		conn->tls_pkey = g_strdup(sserver->tls_pkey);
 	if (conn->tls_pass == NULL && sserver->tls_pass != NULL && sserver->tls_pass[0] != '\0')
 		conn->tls_pass = g_strdup(sserver->tls_pass);
 	conn->tls_verify = sserver->tls_verify;
 	if (conn->tls_cafile == NULL && sserver->tls_cafile != NULL && sserver->tls_cafile[0] != '\0')
 		conn->tls_cafile = g_strdup(sserver->tls_cafile);
 	if (conn->tls_capath == NULL && sserver->tls_capath != NULL && sserver->tls_capath[0] != '\0')
 		conn->tls_capath = g_strdup(sserver->tls_capath);
 	if (conn->tls_ciphers == NULL && sserver->tls_ciphers != NULL && sserver->tls_ciphers[0] != '\0')
 		conn->tls_ciphers = g_strdup(sserver->tls_ciphers);
 	if (conn->tls_pinned_cert == NULL && sserver->tls_pinned_cert != NULL && sserver->tls_pinned_cert[0] != '\0')
 		conn->tls_pinned_cert = g_strdup(sserver->tls_pinned_cert);
 	if (conn->tls_pinned_pubkey == NULL && sserver->tls_pinned_pubkey != NULL && sserver->tls_pinned_pubkey[0] != '\0')
 		conn->tls_pinned_pubkey = g_strdup(sserver->tls_pinned_pubkey);
 	server_setup_fill_reconn(conn, sserver);
 	signal_emit("server setup fill server", 2, conn, sserver);