Prompt user to allow or deny untrusted TLS certificates

src/command/command.c

@@ -186,6 +186,21 @@ static struct cmd_t command_defs[] =
             "/connect me@chatty server chatty.com port 5443")
         },
 
+    { "/tls",
+        cmd_tls, parse_args, 0, 0, NULL,
+        CMD_TAGS(
+            CMD_TAG_CONNECTION)
+        CMD_SYN(
+            "/tls allow",
+            "/tls deny")
+        CMD_DESC(
+            "Handle TLS certificates. ")
+        CMD_ARGS(
+            { "allow", "Allow connection using invalid TLS certificate." },
+            { "deny",  "Allow connection using invalid TLS certificate." })
+        CMD_NOEXAMPLES
+    },
+
     { "/disconnect",
         cmd_disconnect, parse_args, 0, 0, NULL,
         CMD_TAGS(
@@ -1674,6 +1689,7 @@ static Autocomplete inpblock_ac;
 static Autocomplete receipts_ac;
 static Autocomplete pgp_ac;
 static Autocomplete pgp_log_ac;
+static Autocomplete tls_ac;
 
 /*
  * Initialise command autocompleter and history
@@ -2069,6 +2085,10 @@ cmd_init(void)
     autocomplete_add(pgp_log_ac, "on");
     autocomplete_add(pgp_log_ac, "off");
     autocomplete_add(pgp_log_ac, "redact");
+
+    tls_ac = autocomplete_new();
+    autocomplete_add(tls_ac, "allow");
+    autocomplete_add(tls_ac, "deny");
 }
 
 void
@@ -2133,6 +2153,7 @@ cmd_uninit(void)
     autocomplete_free(receipts_ac);
     autocomplete_free(pgp_ac);
     autocomplete_free(pgp_log_ac);
+    autocomplete_free(tls_ac);
 }
 
 gboolean
@@ -2313,6 +2334,7 @@ cmd_reset_autocomplete(ProfWin *window)
     autocomplete_reset(receipts_ac);
     autocomplete_reset(pgp_ac);
     autocomplete_reset(pgp_log_ac);
+    autocomplete_reset(tls_ac);
 
     if (window->type == WIN_CHAT) {
         ProfChatWin *chatwin = (ProfChatWin*)window;
@@ -2525,8 +2547,8 @@ _cmd_complete_parameters(ProfWin *window, const char * const input)
         }
     }
 
-    gchar *cmds[] = { "/prefs", "/disco", "/close", "/subject", "/room" };
+    gchar *cmds[] = { "/prefs", "/disco", "/close", "/subject", "/room", "/tls" };
-    Autocomplete completers[] = { prefs_ac, disco_ac, close_ac, subject_ac, room_ac };
+    Autocomplete completers[] = { prefs_ac, disco_ac, close_ac, subject_ac, room_ac, tls_ac };
 
     for (i = 0; i < ARRAY_SIZE(cmds); i++) {
         result = autocomplete_param_with_ac(input, cmds[i], completers[i], TRUE);

src/command/commands.c

@@ -156,6 +156,13 @@ cmd_execute_alias(ProfWin *window, const char * const inp, gboolean *ran)
     return TRUE;
 }
 
+gboolean
+cmd_tls(ProfWin *window, const char * const command, gchar **args)
+{
+    cons_bad_cmd_usage(command);
+    return TRUE;
+}
+
 gboolean
 cmd_connect(ProfWin *window, const char * const command, gchar **args)
 {

src/command/commands.h

@@ -82,6 +82,7 @@ gboolean cmd_chlog(ProfWin *window, const char * const command, gchar **args);
 gboolean cmd_clear(ProfWin *window, const char * const command, gchar **args);
 gboolean cmd_close(ProfWin *window, const char * const command, gchar **args);
 gboolean cmd_connect(ProfWin *window, const char * const command, gchar **args);
+gboolean cmd_tls(ProfWin *window, const char * const command, gchar **args);
 gboolean cmd_decline(ProfWin *window, const char * const command, gchar **args);
 gboolean cmd_disco(ProfWin *window, const char * const command, gchar **args);
 gboolean cmd_disconnect(ProfWin *window, const char * const command, gchar **args);

src/event/server_events.c

@@ -650,6 +650,27 @@ sv_ev_certfail(const char * const errormsg, const char * const certname, const c
     cons_show("  Start       : %s", notbefore);
     cons_show("  End         : %s", notafter);
     cons_show("");
+    cons_show("Use '/tls allow' to accept this certificate");
+    cons_show("Use '/tls deny' to reject this certificate");
+    cons_show("");
+    ui_update();
 
-    return 1;
+    char *cmd = ui_get_line();
+
+    while ((g_strcmp0(cmd, "/tls allow") != 0) && (g_strcmp0(cmd, "/tls deny") != 0)) {
+        cons_show("Use '/tls allow' to accept this certificate");
+        cons_show("Use '/tls deny' to reject this certificate");
+        cons_show("");
+        ui_update();
+        free(cmd);
+        cmd = ui_get_line();
+    }
+
+    if (g_strcmp0(cmd, "/tls allow") == 0) {
+        free(cmd);
+        return 1;
+    } else {
+        free(cmd);
+        return 0;
+    }
 }

src/ui/core.c

@@ -2106,6 +2106,13 @@ ui_ask_password(void)
     return inp_get_password();
 }
 
+char *
+ui_get_line(void)
+{
+    status_bar_update_virtual();
+    return inp_get_line();
+}
+
 char *
 ui_ask_pgp_passphrase(const char *hint, int prev_fail)
 {

src/ui/inputwin.c

@@ -225,6 +225,21 @@ inp_close(void)
     rl_callback_handler_remove();
 }
 
+char *
+inp_get_line(void)
+{
+    werase(inp_win);
+    wmove(inp_win, 0, 0);
+    _inp_win_update_virtual();
+    doupdate();
+    char *line = NULL;
+    while (!line) {
+        line = inp_readline();
+    }
+    status_bar_clear();
+    return line;
+}
+
 char*
 inp_get_password(void)
 {
@@ -275,6 +290,7 @@ _inp_write(char *line, int offset)
     _inp_win_handle_scroll();
 
     _inp_win_update_virtual();
+    doupdate();
 }
 
 static int

src/ui/inputwin.h

@@ -47,5 +47,6 @@ void inp_win_clear(void);
 void inp_win_resize(void);
 void inp_put_back(void);
 char* inp_get_password(void);
+char * inp_get_line(void);
 
 #endif

src/ui/ui.h

@@ -102,6 +102,7 @@ win_type_t ui_win_type(int index);
 void ui_close_win(int index);
 int ui_win_unread(int index);
 char * ui_ask_password(void);
+char * ui_get_line(void);
 char * ui_ask_pgp_passphrase(const char *hint, int prev_fail);
 
 void ui_handle_stanza(const char * const msg);

tests/unittests/ui/stub_ui.c

@@ -168,6 +168,11 @@ char * ui_ask_password(void)
     return mock_ptr_type(char *);
 }
 
+char *ui_get_line(void)
+{
+    return NULL;
+}
+
 void ui_handle_stanza(const char * const msg) {}
 
 // ui events