From 4cbfb888141cf060608f213499672e0b2c56f331 Mon Sep 17 00:00:00 2001 From: James Booth Date: Mon, 9 Nov 2015 20:57:26 +0000 Subject: [PATCH] Store current TLS certificate fingerpint in memory for reconnect --- src/command/commands.c | 1 + src/config/tlscerts.c | 32 ++++++++++++++++++++++++++++++++ src/config/tlscerts.h | 6 ++++++ src/event/server_events.c | 8 ++++++++ 4 files changed, 47 insertions(+) diff --git a/src/command/commands.c b/src/command/commands.c index 0331d691..cf7290ad 100644 --- a/src/command/commands.c +++ b/src/command/commands.c @@ -831,6 +831,7 @@ cmd_disconnect(ProfWin *window, const char *const command, gchar **args) roster_clear(); muc_invites_clear(); chat_sessions_clear(); + tlscerts_clear_current(); ui_disconnected(); #ifdef HAVE_LIBGPGME p_gpg_on_disconnect(); diff --git a/src/config/tlscerts.c b/src/config/tlscerts.c index 17c32cb5..299b98cf 100644 --- a/src/config/tlscerts.c +++ b/src/config/tlscerts.c @@ -51,6 +51,8 @@ static void _save_tlscerts(void); static Autocomplete certs_ac; +static char *current_fp; + void tlscerts_init(void) { @@ -73,6 +75,32 @@ tlscerts_init(void) autocomplete_add(certs_ac, groups[i]); } g_strfreev(groups); + + current_fp = NULL; +} + +void +tlscerts_set_current(const char *const fp) +{ + if (current_fp) { + free(current_fp); + } + current_fp = strdup(fp); +} + +char* +tlscerts_get_current(void) +{ + return current_fp; +} + +void +tlscerts_clear_current(void) +{ + if (current_fp) { + free(current_fp); + current_fp = NULL; + } } gboolean @@ -223,6 +251,10 @@ tlscerts_close(void) { g_key_file_free(tlscerts); tlscerts = NULL; + + free(current_fp); + current_fp = NULL; + autocomplete_free(certs_ac); } diff --git a/src/config/tlscerts.h b/src/config/tlscerts.h index dfb200b7..c3b273e7 100644 --- a/src/config/tlscerts.h +++ b/src/config/tlscerts.h @@ -50,6 +50,12 @@ TLSCertificate* tlscerts_new(const char *const fingerprint, const char *const do const char *const organisation, const char *const email, const char *const notbefore, const char *const notafter); +void tlscerts_set_current(const char *const fp); + +char* tlscerts_get_current(void); + +void tlscerts_clear_current(void); + gboolean tlscerts_exists(const char *const fingerprint); void tlscerts_add(TLSCertificate *cert); diff --git a/src/event/server_events.c b/src/event/server_events.c index 3622b327..032c8d16 100644 --- a/src/event/server_events.c +++ b/src/event/server_events.c @@ -718,10 +718,17 @@ int sv_ev_certfail(const char *const errormsg, const char *const certname, const char *const certfp, const char *const notbefore, const char *const notafter) { + // check profanity trusted certs if (tlscerts_exists(certfp)) { return 1; } + // check current cert + char *current_fp = tlscerts_get_current(); + if (current_fp && g_strcmp0(current_fp, certfp) == 0) { + return 1; + } + char *domain = NULL; char *org = NULL; char *email = NULL; @@ -780,6 +787,7 @@ sv_ev_certfail(const char *const errormsg, const char *const certname, const cha } if (g_strcmp0(cmd, "/tls allow") == 0) { + tlscerts_set_current(certfp); free(cmd); free(domain); free(org);