From 5b464f4cb0de55daa39fa202819e79d113945e6c Mon Sep 17 00:00:00 2001 From: James Booth Date: Mon, 17 Oct 2016 23:48:03 +0100 Subject: [PATCH] Add /tls certpath default issue #871 --- src/command/cmd_ac.c | 1 + src/command/cmd_defs.c | 2 ++ src/command/cmd_funcs.c | 10 +++++++--- src/config/preferences.c | 39 +++++++++++++++++++++++++++++++++++++++ src/config/preferences.h | 2 ++ src/xmpp/connection.c | 4 ++-- 6 files changed, 53 insertions(+), 5 deletions(-) diff --git a/src/command/cmd_ac.c b/src/command/cmd_ac.c index 6d87a5d8..2d3209d5 100644 --- a/src/command/cmd_ac.c +++ b/src/command/cmd_ac.c @@ -683,6 +683,7 @@ cmd_ac_init(void) tls_certpath_ac = autocomplete_new(); autocomplete_add(tls_certpath_ac, "set"); autocomplete_add(tls_certpath_ac, "clear"); + autocomplete_add(tls_certpath_ac, "default"); script_ac = autocomplete_new(); autocomplete_add(script_ac, "run"); diff --git a/src/command/cmd_defs.c b/src/command/cmd_defs.c index f8d8c2ff..34400ae3 100644 --- a/src/command/cmd_defs.c +++ b/src/command/cmd_defs.c @@ -200,6 +200,7 @@ static struct cmd_t command_defs[] = "/tls certpath", "/tls certpath set ", "/tls certpath clear", + "/tls certpath default", "/tls show on|off") CMD_DESC( "Handle TLS certificates. ") @@ -215,6 +216,7 @@ static struct cmd_t command_defs[] = { "certpath", "Show the trusted certificate path." }, { "certpath set ", "Specify filesystem path containing trusted certificates." }, { "certpath clear", "Clear the trusted certificate path." }, + { "certpath default", "Use default system certificate path, if it can be found." }, { "show on|off", "Show or hide the TLS indicator in the titlebar." }) CMD_NOEXAMPLES }, diff --git a/src/command/cmd_funcs.c b/src/command/cmd_funcs.c index c045a627..35ae3119 100644 --- a/src/command/cmd_funcs.c +++ b/src/command/cmd_funcs.c @@ -171,14 +171,18 @@ cmd_tls_certpath(ProfWin *window, const char *const command, gchar **args) } return TRUE; } else if (g_strcmp0(args[1], "clear") == 0) { - prefs_set_string(PREF_TLS_CERTPATH, NULL); + prefs_set_string(PREF_TLS_CERTPATH, "none"); cons_show("Certificate path cleared"); return TRUE; + } else if (g_strcmp0(args[1], "default") == 0) { + prefs_set_string(PREF_TLS_CERTPATH, NULL); + cons_show("Certificate path defaulted to finding system certpath."); + return TRUE; } else if (args[1] == NULL) { - char *path = prefs_get_string(PREF_TLS_CERTPATH); + char *path = prefs_get_tls_certpath(); if (path) { cons_show("Trusted certificate path: %s", path); - prefs_free_string(path); + free(path); } else { cons_show("No trusted certificate path set."); } diff --git a/src/config/preferences.c b/src/config/preferences.c index f6f73995..4eed12ff 100644 --- a/src/config/preferences.c +++ b/src/config/preferences.c @@ -460,6 +460,45 @@ prefs_set_string(preference_t pref, char *value) _save_prefs(); } +char* +prefs_get_tls_certpath(void) +{ + const char *group = _get_group(PREF_TLS_CERTPATH); + const char *key = _get_key(PREF_TLS_CERTPATH); + + char *setting = g_key_file_get_string(prefs, group, key, NULL); + + if (g_strcmp0(setting, "none") == 0) { + prefs_free_string(setting); + return NULL; + } + + if (setting == NULL) { + if (g_file_test("/etc/ssl/certs", G_FILE_TEST_IS_DIR)) { + return strdup("/etc/ssl/certs"); + } + if (g_file_test("/etc/pki/tls/certs", G_FILE_TEST_IS_DIR)) { + return strdup("/etc/pki/tls/certs"); + } + if (g_file_test("/etc/ssl", G_FILE_TEST_IS_DIR)) { + return strdup("/etc/ssl"); + } + if (g_file_test("/etc/pki/tls", G_FILE_TEST_IS_DIR)) { + return strdup("/etc/pki/tls"); + } + if (g_file_test("/system/etc/security/cacerts", G_FILE_TEST_IS_DIR)) { + return strdup("/system/etc/security/cacerts"); + } + + return NULL; + } + + char *result = strdup(setting); + prefs_free_string(setting); + + return result; +} + gint prefs_get_gone(void) { diff --git a/src/config/preferences.h b/src/config/preferences.h index e0ac7442..72385de5 100644 --- a/src/config/preferences.h +++ b/src/config/preferences.h @@ -266,6 +266,8 @@ char* prefs_get_string(preference_t pref); void prefs_free_string(char *pref); void prefs_set_string(preference_t pref, char *value); +char* prefs_get_tls_certpath(void); + gboolean prefs_do_chat_notify(gboolean current_win); gboolean prefs_do_room_notify(gboolean current_win, const char *const roomjid, const char *const mynick, const char *const theirnick, const char *const message, gboolean mention, gboolean trigger_found); diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c index 70ca12b0..304d984d 100644 --- a/src/xmpp/connection.c +++ b/src/xmpp/connection.c @@ -160,11 +160,11 @@ connection_connect(const char *const fulljid, const char *const passwd, const ch } #ifdef HAVE_LIBMESODE - char *cert_path = prefs_get_string(PREF_TLS_CERTPATH); + char *cert_path = prefs_get_tls_certpath(); if (cert_path) { xmpp_conn_tlscert_path(conn.xmpp_conn, cert_path); + free(cert_path); } - prefs_free_string(cert_path); int connect_status = xmpp_connect_client( conn.xmpp_conn,