1
0
mirror of https://github.com/profanity-im/profanity.git synced 2024-12-04 14:46:46 -05:00

Added TLS trusted certificate path preference

This commit is contained in:
James Booth 2015-09-23 20:37:41 +01:00
parent bd9c28c100
commit a37d55e1a9
5 changed files with 81 additions and 10 deletions

View File

@ -106,6 +106,7 @@ static char * _time_autocomplete(ProfWin *window, const char * const input);
static char * _receipts_autocomplete(ProfWin *window, const char * const input); static char * _receipts_autocomplete(ProfWin *window, const char * const input);
static char * _help_autocomplete(ProfWin *window, const char * const input); static char * _help_autocomplete(ProfWin *window, const char * const input);
static char * _wins_autocomplete(ProfWin *window, const char * const input); static char * _wins_autocomplete(ProfWin *window, const char * const input);
static char * _tls_autocomplete(ProfWin *window, const char * const input);
GHashTable *commands = NULL; GHashTable *commands = NULL;
@ -187,19 +188,25 @@ static struct cmd_t command_defs[] =
}, },
{ "/tls", { "/tls",
cmd_tls, parse_args, 0, 0, NULL, cmd_tls, parse_args, 1, 3, NULL,
CMD_TAGS( CMD_TAGS(
CMD_TAG_CONNECTION) CMD_TAG_CONNECTION)
CMD_SYN( CMD_SYN(
"/tls allow", "/tls allow",
"/tls always", "/tls always",
"/tls deny") "/tls deny",
"/tls certpath",
"/tls certpath set <path>",
"/tls certpath clear")
CMD_DESC( CMD_DESC(
"Handle TLS certificates. ") "Handle TLS certificates. ")
CMD_ARGS( CMD_ARGS(
{ "allow", "Allow connection to continue with an invalid TLS certificate." }, { "allow", "Allow connection to continue with an invalid TLS certificate." },
{ "always", "Always allow connections with this invalid TLS certificate." }, { "always", "Always allow connections with this invalid TLS certificate." },
{ "deny", "Terminate TLS connection." }) { "deny", "Terminate TLS connection." },
{ "certpath", "Show the trusted certificate path." },
{ "certpath set <path>", "Specify filesystem path containing trusted certificates." },
{ "certpath clear", "Clear the trusted certificate path." })
CMD_NOEXAMPLES CMD_NOEXAMPLES
}, },
@ -1692,6 +1699,7 @@ static Autocomplete receipts_ac;
static Autocomplete pgp_ac; static Autocomplete pgp_ac;
static Autocomplete pgp_log_ac; static Autocomplete pgp_log_ac;
static Autocomplete tls_ac; static Autocomplete tls_ac;
static Autocomplete tls_certpath_ac;
/* /*
* Initialise command autocompleter and history * Initialise command autocompleter and history
@ -2092,6 +2100,11 @@ cmd_init(void)
autocomplete_add(tls_ac, "allow"); autocomplete_add(tls_ac, "allow");
autocomplete_add(tls_ac, "always"); autocomplete_add(tls_ac, "always");
autocomplete_add(tls_ac, "deny"); autocomplete_add(tls_ac, "deny");
autocomplete_add(tls_ac, "certpath");
tls_certpath_ac = autocomplete_new();
autocomplete_add(tls_certpath_ac, "set");
autocomplete_add(tls_certpath_ac, "clear");
} }
void void
@ -2157,6 +2170,7 @@ cmd_uninit(void)
autocomplete_free(pgp_ac); autocomplete_free(pgp_ac);
autocomplete_free(pgp_log_ac); autocomplete_free(pgp_log_ac);
autocomplete_free(tls_ac); autocomplete_free(tls_ac);
autocomplete_free(tls_certpath_ac);
} }
gboolean gboolean
@ -2338,6 +2352,7 @@ cmd_reset_autocomplete(ProfWin *window)
autocomplete_reset(pgp_ac); autocomplete_reset(pgp_ac);
autocomplete_reset(pgp_log_ac); autocomplete_reset(pgp_log_ac);
autocomplete_reset(tls_ac); autocomplete_reset(tls_ac);
autocomplete_reset(tls_certpath_ac);
if (window->type == WIN_CHAT) { if (window->type == WIN_CHAT) {
ProfChatWin *chatwin = (ProfChatWin*)window; ProfChatWin *chatwin = (ProfChatWin*)window;
@ -2550,8 +2565,8 @@ _cmd_complete_parameters(ProfWin *window, const char * const input)
} }
} }
gchar *cmds[] = { "/prefs", "/disco", "/close", "/subject", "/room", "/tls" }; gchar *cmds[] = { "/prefs", "/disco", "/close", "/subject", "/room" };
Autocomplete completers[] = { prefs_ac, disco_ac, close_ac, subject_ac, room_ac, tls_ac }; Autocomplete completers[] = { prefs_ac, disco_ac, close_ac, subject_ac, room_ac };
for (i = 0; i < ARRAY_SIZE(cmds); i++) { for (i = 0; i < ARRAY_SIZE(cmds); i++) {
result = autocomplete_param_with_ac(input, cmds[i], completers[i], TRUE); result = autocomplete_param_with_ac(input, cmds[i], completers[i], TRUE);
@ -2591,6 +2606,7 @@ _cmd_complete_parameters(ProfWin *window, const char * const input)
g_hash_table_insert(ac_funcs, "/time", _time_autocomplete); g_hash_table_insert(ac_funcs, "/time", _time_autocomplete);
g_hash_table_insert(ac_funcs, "/receipts", _receipts_autocomplete); g_hash_table_insert(ac_funcs, "/receipts", _receipts_autocomplete);
g_hash_table_insert(ac_funcs, "/wins", _wins_autocomplete); g_hash_table_insert(ac_funcs, "/wins", _wins_autocomplete);
g_hash_table_insert(ac_funcs, "/tls", _tls_autocomplete);
int len = strlen(input); int len = strlen(input);
char parsed[len+1]; char parsed[len+1];
@ -3497,6 +3513,24 @@ _wins_autocomplete(ProfWin *window, const char * const input)
return NULL; return NULL;
} }
static char *
_tls_autocomplete(ProfWin *window, const char * const input)
{
char *result = NULL;
result = autocomplete_param_with_ac(input, "/tls certpath", tls_certpath_ac, TRUE);
if (result) {
return result;
}
result = autocomplete_param_with_ac(input, "/tls", tls_ac, TRUE);
if (result) {
return result;
}
return result;
}
static char * static char *
_receipts_autocomplete(ProfWin *window, const char * const input) _receipts_autocomplete(ProfWin *window, const char * const input)
{ {

View File

@ -159,8 +159,36 @@ cmd_execute_alias(ProfWin *window, const char * const inp, gboolean *ran)
gboolean gboolean
cmd_tls(ProfWin *window, const char * const command, gchar **args) cmd_tls(ProfWin *window, const char * const command, gchar **args)
{ {
cons_bad_cmd_usage(command); if (g_strcmp0(args[0], "certpath") == 0) {
return TRUE; if (g_strcmp0(args[1], "set") == 0) {
if (args[2] == NULL) {
cons_bad_cmd_usage(command);
return TRUE;
}
prefs_set_string(PREF_CERT_PATH, args[2]);
cons_show("Certificate path set to: %s", args[2]);
return TRUE;
} else if (g_strcmp0(args[1], "clear") == 0) {
prefs_set_string(PREF_CERT_PATH, NULL);
cons_show("Certificate path cleared");
return TRUE;
} else if (args[1] == NULL) {
char *path = prefs_get_string(PREF_CERT_PATH);
if (path) {
cons_show("Trusted certificate path: %s", path);
prefs_free_string(path);
} else {
cons_show("No trusted certificate path set.");
}
return TRUE;
} else {
cons_bad_cmd_usage(command);
return TRUE;
}
} else {
cons_bad_cmd_usage(command);
return TRUE;
}
} }
gboolean gboolean

View File

@ -686,6 +686,7 @@ _get_group(preference_t pref)
case PREF_CARBONS: case PREF_CARBONS:
case PREF_RECEIPTS_SEND: case PREF_RECEIPTS_SEND:
case PREF_RECEIPTS_REQUEST: case PREF_RECEIPTS_REQUEST:
case PREF_CERT_PATH:
return PREF_GROUP_CONNECTION; return PREF_GROUP_CONNECTION;
case PREF_OTR_LOG: case PREF_OTR_LOG:
case PREF_OTR_POLICY: case PREF_OTR_POLICY:
@ -818,6 +819,8 @@ _get_key(preference_t pref)
return "enc.warn"; return "enc.warn";
case PREF_PGP_LOG: case PREF_PGP_LOG:
return "log"; return "log";
case PREF_CERT_PATH:
return "certpath";
default: default:
return NULL; return NULL;
} }

View File

@ -103,7 +103,8 @@ typedef enum {
PREF_RESOURCE_MESSAGE, PREF_RESOURCE_MESSAGE,
PREF_INPBLOCK_DYNAMIC, PREF_INPBLOCK_DYNAMIC,
PREF_ENC_WARN, PREF_ENC_WARN,
PREF_PGP_LOG PREF_PGP_LOG,
PREF_CERT_PATH,
} preference_t; } preference_t;
typedef struct prof_alias_t { typedef struct prof_alias_t {

View File

@ -419,6 +419,11 @@ _jabber_connect(const char * const fulljid, const char * const passwd,
xmpp_conn_disable_tls(jabber_conn.conn); xmpp_conn_disable_tls(jabber_conn.conn);
} }
char *cert_path = prefs_get_string(PREF_CERT_PATH);
if (cert_path) {
xmpp_conn_tlscert_path(jabber_conn.conn, cert_path);
}
#ifdef HAVE_LIBMESODE #ifdef HAVE_LIBMESODE
int connect_status = xmpp_connect_client(jabber_conn.conn, altdomain, port, int connect_status = xmpp_connect_client(jabber_conn.conn, altdomain, port,
_connection_certfail_cb, _connection_handler, jabber_conn.ctx); _connection_certfail_cb, _connection_handler, jabber_conn.ctx);