Added /tls trust

2024-11-03 19:37:16 -05:00 · 2015-11-10 23:26:19 +00:00 · 2015-11-10 23:26:19 +00:00 · 1e34b9c914
commit 1e34b9c914
parent fcfdc175b6
2 changed files with 21 additions and 4 deletions
--- a/src/command/command.c
+++ b/src/command/command.c
@ -207,6 +207,7 @@ static struct cmd_t command_defs[] =
            "/tls always",
            "/tls deny",
            "/tls cert",
+            "/tls trust",
            "/tls trusted",
            "/tls revoke <fingerprint>",
            "/tls certpath",
@ -216,11 +217,12 @@ static struct cmd_t command_defs[] =
        CMD_DESC(
            "Handle TLS certificates. ")
        CMD_ARGS(
-            { "allow",                "Allow connection to continue with an invalid TLS certificate." },
-            { "always",               "Always allow connections with this invalid TLS certificate." },
-            { "deny",                 "Terminate TLS connection." },
+            { "allow",                "Allow connection to continue with TLS certificate." },
+            { "always",               "Always allow connections with TLS certificate." },
+            { "deny",                 "Abort connection." },
            { "cert",                 "Show the current TLS certificate." },
-            { "trusted",              "List manually trusted certificates (with /tls always)." },
+            { "trust",                "Add the current TLS certificate to manually trusted certiciates." },
+            { "trusted",              "List manually trusted certificates (with '/tls always' or '/tls trust')." },
            { "revoke <fingerprint>", "Remove a manually trusted certificate." },
            { "certpath",             "Show the trusted certificate path." },
            { "certpath set <path>",  "Specify filesystem path containing trusted certificates." },
@ -2223,6 +2225,7 @@ cmd_init(void)
    autocomplete_add(tls_ac, "always");
    autocomplete_add(tls_ac, "deny");
    autocomplete_add(tls_ac, "cert");
+    autocomplete_add(tls_ac, "trust");
    autocomplete_add(tls_ac, "trusted");
    autocomplete_add(tls_ac, "revoke");
    autocomplete_add(tls_ac, "certpath");
--- a/src/command/commands.c
+++ b/src/command/commands.c
@ -193,6 +193,20 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
 #else
        cons_show("Certificate path setting only supported when built with libmesode.");
        return TRUE;
+#endif
+    } else if (g_strcmp0(args[0], "trust") == 0) {
+#ifdef HAVE_LIBMESODE
+        TLSCertificate *cert = jabber_get_tls_peer_cert();
+        if (!tlscerts_exists(cert->fingerprint)) {
+            cons_show("Adding %s to trusted certificates.", cert->fingerprint);
+            tlscerts_add(cert);
+        } else {
+            cons_show("Certificate %s already trusted.", cert->fingerprint);
+        }
+        return TRUE;
+#else
+        cons_show("Manual certificate trust only supported when built with libmesode.");
+        return TRUE;
 #endif
    } else if (g_strcmp0(args[0], "trusted") == 0) {
 #ifdef HAVE_LIBMESODE