Add /tls certpath default

issue #871

src/command/cmd_ac.c

@@ -683,6 +683,7 @@ cmd_ac_init(void)
     tls_certpath_ac = autocomplete_new();
     autocomplete_add(tls_certpath_ac, "set");
     autocomplete_add(tls_certpath_ac, "clear");
+    autocomplete_add(tls_certpath_ac, "default");
 
     script_ac = autocomplete_new();
     autocomplete_add(script_ac, "run");

src/command/cmd_defs.c

@@ -200,6 +200,7 @@ static struct cmd_t command_defs[] =
             "/tls certpath",
             "/tls certpath set <path>",
             "/tls certpath clear",
+            "/tls certpath default",
             "/tls show on|off")
         CMD_DESC(
             "Handle TLS certificates. ")
@@ -215,6 +216,7 @@ static struct cmd_t command_defs[] =
             { "certpath",             "Show the trusted certificate path." },
             { "certpath set <path>",  "Specify filesystem path containing trusted certificates." },
             { "certpath clear",       "Clear the trusted certificate path." },
+            { "certpath default",     "Use default system certificate path, if it can be found." },
             { "show on|off",          "Show or hide the TLS indicator in the titlebar." })
         CMD_NOEXAMPLES
     },

src/command/cmd_funcs.c

@@ -171,14 +171,18 @@ cmd_tls_certpath(ProfWin *window, const char *const command, gchar **args)
         }
         return TRUE;
     } else if (g_strcmp0(args[1], "clear") == 0) {
-        prefs_set_string(PREF_TLS_CERTPATH, NULL);
+        prefs_set_string(PREF_TLS_CERTPATH, "none");
         cons_show("Certificate path cleared");
         return TRUE;
+    } else if (g_strcmp0(args[1], "default") == 0) {
+        prefs_set_string(PREF_TLS_CERTPATH, NULL);
+        cons_show("Certificate path defaulted to finding system certpath.");
+        return TRUE;
     } else if (args[1] == NULL) {
-        char *path = prefs_get_string(PREF_TLS_CERTPATH);
+        char *path = prefs_get_tls_certpath();
         if (path) {
             cons_show("Trusted certificate path: %s", path);
-            prefs_free_string(path);
+            free(path);
         } else {
             cons_show("No trusted certificate path set.");
         }

src/config/preferences.c

@@ -460,6 +460,45 @@ prefs_set_string(preference_t pref, char *value)
     _save_prefs();
 }
 
+char*
+prefs_get_tls_certpath(void)
+{
+    const char *group = _get_group(PREF_TLS_CERTPATH);
+    const char *key = _get_key(PREF_TLS_CERTPATH);
+
+    char *setting = g_key_file_get_string(prefs, group, key, NULL);
+
+    if (g_strcmp0(setting, "none") == 0) {
+        prefs_free_string(setting);
+        return NULL;
+    }
+
+    if (setting == NULL) {
+        if (g_file_test("/etc/ssl/certs",  G_FILE_TEST_IS_DIR)) {
+            return strdup("/etc/ssl/certs");
+        }
+        if (g_file_test("/etc/pki/tls/certs",  G_FILE_TEST_IS_DIR)) {
+            return strdup("/etc/pki/tls/certs");
+        }
+        if (g_file_test("/etc/ssl",  G_FILE_TEST_IS_DIR)) {
+            return strdup("/etc/ssl");
+        }
+        if (g_file_test("/etc/pki/tls",  G_FILE_TEST_IS_DIR)) {
+            return strdup("/etc/pki/tls");
+        }
+        if (g_file_test("/system/etc/security/cacerts",  G_FILE_TEST_IS_DIR)) {
+            return strdup("/system/etc/security/cacerts");
+        }
+
+        return NULL;
+    }
+
+    char *result = strdup(setting);
+    prefs_free_string(setting);
+
+    return result;
+}
+
 gint
 prefs_get_gone(void)
 {

src/config/preferences.h

@@ -266,6 +266,8 @@ char* prefs_get_string(preference_t pref);
 void prefs_free_string(char *pref);
 void prefs_set_string(preference_t pref, char *value);
 
+char* prefs_get_tls_certpath(void);
+
 gboolean prefs_do_chat_notify(gboolean current_win);
 gboolean prefs_do_room_notify(gboolean current_win, const char *const roomjid, const char *const mynick,
     const char *const theirnick, const char *const message, gboolean mention, gboolean trigger_found);

src/xmpp/connection.c

@@ -160,11 +160,11 @@ connection_connect(const char *const fulljid, const char *const passwd, const ch
     }
 
 #ifdef HAVE_LIBMESODE
-    char *cert_path = prefs_get_string(PREF_TLS_CERTPATH);
+    char *cert_path = prefs_get_tls_certpath();
     if (cert_path) {
         xmpp_conn_tlscert_path(conn.xmpp_conn, cert_path);
+        free(cert_path);
     }
-    prefs_free_string(cert_path);
 
     int connect_status = xmpp_connect_client(
         conn.xmpp_conn,