Store current TLS certificate fingerpint in memory for reconnect

2024-11-03 19:37:16 -05:00 · 2015-11-09 20:57:26 +00:00 · 2015-11-09 20:57:26 +00:00 · 4cbfb88814
commit 4cbfb88814
parent b3737b225f
4 changed files with 47 additions and 0 deletions
--- a/src/command/commands.c
+++ b/src/command/commands.c
@ -831,6 +831,7 @@ cmd_disconnect(ProfWin *window, const char *const command, gchar **args)
        roster_clear();
        muc_invites_clear();
        chat_sessions_clear();
+        tlscerts_clear_current();
        ui_disconnected();
 #ifdef HAVE_LIBGPGME
        p_gpg_on_disconnect();
--- a/src/config/tlscerts.c
+++ b/src/config/tlscerts.c
@ -51,6 +51,8 @@ static void _save_tlscerts(void);

 static Autocomplete certs_ac;

+static char *current_fp;
+
 void
 tlscerts_init(void)
 {
@ -73,6 +75,32 @@ tlscerts_init(void)
        autocomplete_add(certs_ac, groups[i]);
    }
    g_strfreev(groups);
+
+    current_fp = NULL;
+}
+
+void
+tlscerts_set_current(const char *const fp)
+{
+    if (current_fp) {
+        free(current_fp);
+    }
+    current_fp = strdup(fp);
+}
+
+char*
+tlscerts_get_current(void)
+{
+    return current_fp;
+}
+
+void
+tlscerts_clear_current(void)
+{
+    if (current_fp) {
+        free(current_fp);
+        current_fp = NULL;
+    }
 }

 gboolean
@ -223,6 +251,10 @@ tlscerts_close(void)
 {
    g_key_file_free(tlscerts);
    tlscerts = NULL;
+
+    free(current_fp);
+    current_fp = NULL;
+
    autocomplete_free(certs_ac);
 }

--- a/src/config/tlscerts.h
+++ b/src/config/tlscerts.h
@ -50,6 +50,12 @@ TLSCertificate* tlscerts_new(const char *const fingerprint, const char *const do
    const char *const organisation, const char *const email,
    const char *const notbefore, const char *const notafter);

+void tlscerts_set_current(const char *const fp);
+
+char* tlscerts_get_current(void);
+
+void tlscerts_clear_current(void);
+
 gboolean tlscerts_exists(const char *const fingerprint);

 void tlscerts_add(TLSCertificate *cert);
--- a/src/event/server_events.c
+++ b/src/event/server_events.c
@ -718,10 +718,17 @@ int
 sv_ev_certfail(const char *const errormsg, const char *const certname, const char *const certfp,
    const char *const notbefore, const char *const notafter)
 {
+    // check profanity trusted certs
    if (tlscerts_exists(certfp)) {
        return 1;
    }

+    // check current cert
+    char *current_fp = tlscerts_get_current();
+    if (current_fp && g_strcmp0(current_fp, certfp) == 0) {
+        return 1;
+    }
+
    char *domain = NULL;
    char *org = NULL;
    char *email = NULL;
@ -780,6 +787,7 @@ sv_ev_certfail(const char *const errormsg, const char *const certname, const cha
    }

    if (g_strcmp0(cmd, "/tls allow") == 0) {
+        tlscerts_set_current(certfp);
        free(cmd);
        free(domain);
        free(org);