Add option to trust server's certificate

New tls policy "trust" added to /connect and /account. With the policy
TLS connection is established even with invalid certificate. Note, that
trust policy forces TLS connection and it fails when server doesn't
support TLS.

Examples:
 /connect <jid> tls trust
 /account <name> set tls trust

CHANGELOG

@@ -17,6 +17,7 @@
 - Adjust configure for OpenBSD
 - Use UUIDs instead of counter for messages
 - Support basic ad-hoc commands(xep-0050) (/command)
+- Add option to trust server's certificate (/connect, /account)
 - Bug fixes: https://github.com/boothj5/profanity/milestone/16?closed=1
 
 0.5.1

src/command/cmd_ac.c

@@ -582,6 +582,7 @@ cmd_ac_init(void)
     tls_property_ac = autocomplete_new();
     autocomplete_add(tls_property_ac, "force");
     autocomplete_add(tls_property_ac, "allow");
+    autocomplete_add(tls_property_ac, "trust");
     autocomplete_add(tls_property_ac, "legacy");
     autocomplete_add(tls_property_ac, "disable");
 

src/command/cmd_defs.c

@@ -158,7 +158,7 @@ static struct cmd_t command_defs[] =
             CMD_TAG_CONNECTION)
         CMD_SYN(
             "/connect [<account>]",
-            "/connect <account> [server <server>] [port <port>] [tls force|allow|legacy|disable]")
+            "/connect <account> [server <server>] [port <port>] [tls force|allow|trust|legacy|disable]")
         CMD_DESC(
             "Login to a chat service. "
             "If no account is specified, the default is used if one is configured. "
@@ -169,6 +169,7 @@ static struct cmd_t command_defs[] =
             { "port <port>",       "The port to use if different to the default (5222, or 5223 for SSL)." },
             { "tls force",         "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
             { "tls allow",         "Use TLS for the connection if it is available." },
+            { "tls trust",         "Force TLS connection and trust server's certificate." },
             { "tls legacy",        "Use legacy TLS for the connection. It means server doesn't support STARTTLS and TLS is forced just after TCP connection is established." },
             { "tls disable",       "Disable TLS for the connection." })
         CMD_EXAMPLES(
@@ -2014,7 +2015,7 @@ static struct cmd_t command_defs[] =
             "/account set <account> otr <policy>",
             "/account set <account> pgpkeyid <pgpkeyid>",
             "/account set <account> startscript <script>",
-            "/account set <account> tls force|allow|legacy|disable",
+            "/account set <account> tls force|allow|trust|legacy|disable",
             "/account set <account> theme <theme>",
             "/account clear <account> password",
             "/account clear <account> eval_password",
@@ -2054,6 +2055,7 @@ static struct cmd_t command_defs[] =
             { "set <account> startscript <script>",     "Set the script to execute after connecting." },
             { "set <account> tls force",                "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
             { "set <account> tls allow",                "Use TLS for the connection if it is available." },
+            { "set <account> tls trust",                "Force TLS connection and trust server's certificate." },
             { "set <account> tls legacy",               "Use legacy TLS for the connection. It means server doesn't support STARTTLS and TLS is forced just after TCP connection is established." },
             { "set <account> tls disable",              "Disable TLS for the connection." },
             { "set <account> <theme>",                  "Set the UI theme for the account." },

src/command/cmd_funcs.c

@@ -351,6 +351,7 @@ cmd_connect(ProfWin *window, const char *const command, gchar **args)
     if (tls_policy &&
             (g_strcmp0(tls_policy, "force") != 0) &&
             (g_strcmp0(tls_policy, "allow") != 0) &&
+            (g_strcmp0(tls_policy, "trust") != 0) &&
             (g_strcmp0(tls_policy, "disable") != 0) &&
             (g_strcmp0(tls_policy, "legacy") != 0)) {
         cons_bad_cmd_usage(command);
@@ -815,6 +816,7 @@ _account_set_tls(char *account_name, char *policy)
 {
     if ((g_strcmp0(policy, "force") != 0)
             && (g_strcmp0(policy, "allow") != 0)
+            && (g_strcmp0(policy, "trust") != 0)
             && (g_strcmp0(policy, "disable") != 0)
             && (g_strcmp0(policy, "legacy") != 0)) {
         cons_show("TLS policy must be one of: force, allow, legacy or disable.");

src/config/accounts.c

@@ -291,6 +291,7 @@ accounts_get_account(const char *const name)
         gchar *tls_policy = g_key_file_get_string(accounts, name, "tls.policy", NULL);
         if (tls_policy && ((g_strcmp0(tls_policy, "force") != 0) &&
                 (g_strcmp0(tls_policy, "allow") != 0) &&
+                (g_strcmp0(tls_policy, "trust") != 0) &&
                 (g_strcmp0(tls_policy, "disable") != 0) &&
                 (g_strcmp0(tls_policy, "legacy") != 0))) {
             g_free(tls_policy);

src/xmpp/connection.c

@@ -150,6 +150,9 @@ connection_connect(const char *const jid, const char *const passwd, const char *
 
     if (!tls_policy || (g_strcmp0(tls_policy, "force") == 0)) {
         xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_MANDATORY_TLS);
+    } else if (g_strcmp0(tls_policy, "trust") == 0) {
+        xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_MANDATORY_TLS);
+        xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_TRUST_TLS);
     } else if (g_strcmp0(tls_policy, "disable") == 0) {
         xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_DISABLE_TLS);
     } else if (g_strcmp0(tls_policy, "legacy") == 0) {