From 1e34b9c91492e17db2983e662ec5a266c9d7bdaf Mon Sep 17 00:00:00 2001
From: James Booth <boothj5@gmail.com>
Date: Tue, 10 Nov 2015 23:26:19 +0000
Subject: [PATCH] Added /tls trust

---
 src/command/command.c  | 11 +++++++----
 src/command/commands.c | 14 ++++++++++++++
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/src/command/command.c b/src/command/command.c
index e75757bb..2b8b4d8b 100644
--- a/src/command/command.c
+++ b/src/command/command.c
@@ -207,6 +207,7 @@ static struct cmd_t command_defs[] =
             "/tls always",
             "/tls deny",
             "/tls cert",
+            "/tls trust",
             "/tls trusted",
             "/tls revoke <fingerprint>",
             "/tls certpath",
@@ -216,11 +217,12 @@ static struct cmd_t command_defs[] =
         CMD_DESC(
             "Handle TLS certificates. ")
         CMD_ARGS(
-            { "allow",                "Allow connection to continue with an invalid TLS certificate." },
-            { "always",               "Always allow connections with this invalid TLS certificate." },
-            { "deny",                 "Terminate TLS connection." },
+            { "allow",                "Allow connection to continue with TLS certificate." },
+            { "always",               "Always allow connections with TLS certificate." },
+            { "deny",                 "Abort connection." },
             { "cert",                 "Show the current TLS certificate." },
-            { "trusted",              "List manually trusted certificates (with /tls always)." },
+            { "trust",                "Add the current TLS certificate to manually trusted certiciates." },
+            { "trusted",              "List manually trusted certificates (with '/tls always' or '/tls trust')." },
             { "revoke <fingerprint>", "Remove a manually trusted certificate." },
             { "certpath",             "Show the trusted certificate path." },
             { "certpath set <path>",  "Specify filesystem path containing trusted certificates." },
@@ -2223,6 +2225,7 @@ cmd_init(void)
     autocomplete_add(tls_ac, "always");
     autocomplete_add(tls_ac, "deny");
     autocomplete_add(tls_ac, "cert");
+    autocomplete_add(tls_ac, "trust");
     autocomplete_add(tls_ac, "trusted");
     autocomplete_add(tls_ac, "revoke");
     autocomplete_add(tls_ac, "certpath");
diff --git a/src/command/commands.c b/src/command/commands.c
index 2c3ee1fa..1a74ebc1 100644
--- a/src/command/commands.c
+++ b/src/command/commands.c
@@ -193,6 +193,20 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
 #else
         cons_show("Certificate path setting only supported when built with libmesode.");
         return TRUE;
+#endif
+    } else if (g_strcmp0(args[0], "trust") == 0) {
+#ifdef HAVE_LIBMESODE
+        TLSCertificate *cert = jabber_get_tls_peer_cert();
+        if (!tlscerts_exists(cert->fingerprint)) {
+            cons_show("Adding %s to trusted certificates.", cert->fingerprint);
+            tlscerts_add(cert);
+        } else {
+            cons_show("Certificate %s already trusted.", cert->fingerprint);
+        }
+        return TRUE;
+#else
+        cons_show("Manual certificate trust only supported when built with libmesode.");
+        return TRUE;
 #endif
     } else if (g_strcmp0(args[0], "trusted") == 0) {
 #ifdef HAVE_LIBMESODE