Added TLS trusted certificate path preference

2024-12-04 14:46:46 -05:00 · 2015-09-23 20:37:41 +01:00 · 2015-09-23 20:37:41 +01:00 · a37d55e1a9
commit a37d55e1a9
parent bd9c28c100
5 changed files with 81 additions and 10 deletions
--- a/src/command/command.c
+++ b/src/command/command.c
@ -106,6 +106,7 @@ static char * _time_autocomplete(ProfWin *window, const char * const input);
 static char * _receipts_autocomplete(ProfWin *window, const char * const input);
 static char * _help_autocomplete(ProfWin *window, const char * const input);
 static char * _wins_autocomplete(ProfWin *window, const char * const input);
+static char * _tls_autocomplete(ProfWin *window, const char * const input);

 GHashTable *commands = NULL;

@ -187,19 +188,25 @@ static struct cmd_t command_defs[] =
        },

    { "/tls",
-        cmd_tls, parse_args, 0, 0, NULL,
+        cmd_tls, parse_args, 1, 3, NULL,
        CMD_TAGS(
            CMD_TAG_CONNECTION)
        CMD_SYN(
            "/tls allow",
            "/tls always",
-            "/tls deny")
+            "/tls deny",
+            "/tls certpath",
+            "/tls certpath set <path>",
+            "/tls certpath clear")
        CMD_DESC(
            "Handle TLS certificates. ")
        CMD_ARGS(
-            { "allow",  "Allow connection to continue with an invalid TLS certificate." },
-            { "always", "Always allow connections with this invalid TLS certificate." },
-            { "deny",   "Terminate TLS connection." })
+            { "allow",               "Allow connection to continue with an invalid TLS certificate." },
+            { "always",              "Always allow connections with this invalid TLS certificate." },
+            { "deny",                "Terminate TLS connection." },
+            { "certpath",            "Show the trusted certificate path." },
+            { "certpath set <path>", "Specify filesystem path containing trusted certificates." },
+            { "certpath clear",      "Clear the trusted certificate path." })
        CMD_NOEXAMPLES
    },

@ -1692,6 +1699,7 @@ static Autocomplete receipts_ac;
 static Autocomplete pgp_ac;
 static Autocomplete pgp_log_ac;
 static Autocomplete tls_ac;
+static Autocomplete tls_certpath_ac;

 /*
 * Initialise command autocompleter and history
@ -2092,6 +2100,11 @@ cmd_init(void)
    autocomplete_add(tls_ac, "allow");
    autocomplete_add(tls_ac, "always");
    autocomplete_add(tls_ac, "deny");
+    autocomplete_add(tls_ac, "certpath");
+
+    tls_certpath_ac = autocomplete_new();
+    autocomplete_add(tls_certpath_ac, "set");
+    autocomplete_add(tls_certpath_ac, "clear");
 }

 void
@ -2157,6 +2170,7 @@ cmd_uninit(void)
    autocomplete_free(pgp_ac);
    autocomplete_free(pgp_log_ac);
    autocomplete_free(tls_ac);
+    autocomplete_free(tls_certpath_ac);
 }

 gboolean
@ -2338,6 +2352,7 @@ cmd_reset_autocomplete(ProfWin *window)
    autocomplete_reset(pgp_ac);
    autocomplete_reset(pgp_log_ac);
    autocomplete_reset(tls_ac);
+    autocomplete_reset(tls_certpath_ac);

    if (window->type == WIN_CHAT) {
        ProfChatWin *chatwin = (ProfChatWin*)window;
@ -2550,8 +2565,8 @@ _cmd_complete_parameters(ProfWin *window, const char * const input)
        }
    }

-    gchar *cmds[] = { "/prefs", "/disco", "/close", "/subject", "/room", "/tls" };
-    Autocomplete completers[] = { prefs_ac, disco_ac, close_ac, subject_ac, room_ac, tls_ac };
+    gchar *cmds[] = { "/prefs", "/disco", "/close", "/subject", "/room" };
+    Autocomplete completers[] = { prefs_ac, disco_ac, close_ac, subject_ac, room_ac };

    for (i = 0; i < ARRAY_SIZE(cmds); i++) {
        result = autocomplete_param_with_ac(input, cmds[i], completers[i], TRUE);
@ -2591,6 +2606,7 @@ _cmd_complete_parameters(ProfWin *window, const char * const input)
    g_hash_table_insert(ac_funcs, "/time",          _time_autocomplete);
    g_hash_table_insert(ac_funcs, "/receipts",      _receipts_autocomplete);
    g_hash_table_insert(ac_funcs, "/wins",          _wins_autocomplete);
+    g_hash_table_insert(ac_funcs, "/tls",           _tls_autocomplete);

    int len = strlen(input);
    char parsed[len+1];
@ -3497,6 +3513,24 @@ _wins_autocomplete(ProfWin *window, const char * const input)
    return NULL;
 }

+static char *
+_tls_autocomplete(ProfWin *window, const char * const input)
+{
+    char *result = NULL;
+
+    result = autocomplete_param_with_ac(input, "/tls certpath", tls_certpath_ac, TRUE);
+    if (result) {
+        return result;
+    }
+
+    result = autocomplete_param_with_ac(input, "/tls", tls_ac, TRUE);
+    if (result) {
+        return result;
+    }
+
+    return result;
+}
+
 static char *
 _receipts_autocomplete(ProfWin *window, const char * const input)
 {
--- a/src/command/commands.c
+++ b/src/command/commands.c
@ -159,8 +159,36 @@ cmd_execute_alias(ProfWin *window, const char * const inp, gboolean *ran)
 gboolean
 cmd_tls(ProfWin *window, const char * const command, gchar **args)
 {
-    cons_bad_cmd_usage(command);
-    return TRUE;
+    if (g_strcmp0(args[0], "certpath") == 0) {
+        if (g_strcmp0(args[1], "set") == 0) {
+            if (args[2] == NULL) {
+                cons_bad_cmd_usage(command);
+                return TRUE;
+            }
+            prefs_set_string(PREF_CERT_PATH, args[2]);
+            cons_show("Certificate path set to: %s", args[2]);
+            return TRUE;
+        } else if (g_strcmp0(args[1], "clear") == 0) {
+            prefs_set_string(PREF_CERT_PATH, NULL);
+            cons_show("Certificate path cleared");
+            return TRUE;
+        } else if (args[1] == NULL) {
+            char *path = prefs_get_string(PREF_CERT_PATH);
+            if (path) {
+                cons_show("Trusted certificate path: %s", path);
+                prefs_free_string(path);
+            } else {
+                cons_show("No trusted certificate path set.");
+            }
+            return TRUE;
+        } else {
+            cons_bad_cmd_usage(command);
+            return TRUE;
+        }
+    } else {
+        cons_bad_cmd_usage(command);
+        return TRUE;
+    }
 }

 gboolean
--- a/src/config/preferences.c
+++ b/src/config/preferences.c
@ -686,6 +686,7 @@ _get_group(preference_t pref)
        case PREF_CARBONS:
        case PREF_RECEIPTS_SEND:
        case PREF_RECEIPTS_REQUEST:
+        case PREF_CERT_PATH:
            return PREF_GROUP_CONNECTION;
        case PREF_OTR_LOG:
        case PREF_OTR_POLICY:
@ -818,6 +819,8 @@ _get_key(preference_t pref)
            return "enc.warn";
        case PREF_PGP_LOG:
            return "log";
+        case PREF_CERT_PATH:
+            return "certpath";
        default:
            return NULL;
    }
--- a/src/config/preferences.h
+++ b/src/config/preferences.h
@ -103,7 +103,8 @@ typedef enum {
    PREF_RESOURCE_MESSAGE,
    PREF_INPBLOCK_DYNAMIC,
    PREF_ENC_WARN,
-    PREF_PGP_LOG
+    PREF_PGP_LOG,
+    PREF_CERT_PATH,
 } preference_t;

 typedef struct prof_alias_t {
--- a/src/xmpp/connection.c
+++ b/src/xmpp/connection.c
@ -419,6 +419,11 @@ _jabber_connect(const char * const fulljid, const char * const passwd,
        xmpp_conn_disable_tls(jabber_conn.conn);
    }

+    char *cert_path = prefs_get_string(PREF_CERT_PATH);
+    if (cert_path) {
+        xmpp_conn_tlscert_path(jabber_conn.conn, cert_path);
+    }
+
 #ifdef HAVE_LIBMESODE
    int connect_status = xmpp_connect_client(jabber_conn.conn, altdomain, port,
        _connection_certfail_cb, _connection_handler, jabber_conn.ctx);