mirror of
https://github.com/profanity-im/profanity.git
synced 2024-12-04 14:46:46 -05:00
Store trusted TLS cert fingerprints
This commit is contained in:
parent
9a53854a1d
commit
b88885aaae
@ -192,12 +192,14 @@ static struct cmd_t command_defs[] =
|
|||||||
CMD_TAG_CONNECTION)
|
CMD_TAG_CONNECTION)
|
||||||
CMD_SYN(
|
CMD_SYN(
|
||||||
"/tls allow",
|
"/tls allow",
|
||||||
|
"/tls always",
|
||||||
"/tls deny")
|
"/tls deny")
|
||||||
CMD_DESC(
|
CMD_DESC(
|
||||||
"Handle TLS certificates. ")
|
"Handle TLS certificates. ")
|
||||||
CMD_ARGS(
|
CMD_ARGS(
|
||||||
{ "allow", "Allow connection using invalid TLS certificate." },
|
{ "allow", "Allow connection to continue with an invalid TLS certificate." },
|
||||||
{ "deny", "Allow connection using invalid TLS certificate." })
|
{ "always", "Always allow connections with this invalid TLS certificate." },
|
||||||
|
{ "deny", "Terminate TLS connection." })
|
||||||
CMD_NOEXAMPLES
|
CMD_NOEXAMPLES
|
||||||
},
|
},
|
||||||
|
|
||||||
@ -2088,6 +2090,7 @@ cmd_init(void)
|
|||||||
|
|
||||||
tls_ac = autocomplete_new();
|
tls_ac = autocomplete_new();
|
||||||
autocomplete_add(tls_ac, "allow");
|
autocomplete_add(tls_ac, "allow");
|
||||||
|
autocomplete_add(tls_ac, "always");
|
||||||
autocomplete_add(tls_ac, "deny");
|
autocomplete_add(tls_ac, "deny");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -430,6 +430,80 @@ prefs_set_pgp_char(char ch)
|
|||||||
_save_prefs();
|
_save_prefs();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
GList *
|
||||||
|
prefs_get_trusted_certs(void)
|
||||||
|
{
|
||||||
|
gsize length;
|
||||||
|
GList *fp_list = NULL;
|
||||||
|
gchar **fps = g_key_file_get_string_list(prefs, PREF_GROUP_CONNECTION, "certs", &length, NULL);
|
||||||
|
if (fps) {
|
||||||
|
int i = 0;
|
||||||
|
for (i = 0; i < length; i++) {
|
||||||
|
fp_list = g_list_append(fp_list, strdup(fps[i]));
|
||||||
|
}
|
||||||
|
g_strfreev(fps);
|
||||||
|
return fp_list;
|
||||||
|
} else {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
prefs_free_trusted_certs(GList *certs)
|
||||||
|
{
|
||||||
|
if (certs) {
|
||||||
|
g_list_free_full(certs, free);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
prefs_add_trusted_cert(const char * const fp)
|
||||||
|
{
|
||||||
|
gsize length;
|
||||||
|
gchar **list = g_key_file_get_string_list(prefs, PREF_GROUP_CONNECTION, "certs", &length, NULL);
|
||||||
|
GList *glist = NULL;
|
||||||
|
|
||||||
|
// list found
|
||||||
|
if (list) {
|
||||||
|
int i = 0;
|
||||||
|
for (i = 0; i < length; i++) {
|
||||||
|
// item already in list, exit function
|
||||||
|
if (strcmp(list[i], fp) == 0) {
|
||||||
|
g_list_free_full(glist, g_free);
|
||||||
|
g_strfreev(list);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// add item to our g_list
|
||||||
|
glist = g_list_append(glist, strdup(list[i]));
|
||||||
|
}
|
||||||
|
|
||||||
|
// item not found, add to our g_list
|
||||||
|
glist = g_list_append(glist, strdup(fp));
|
||||||
|
|
||||||
|
// create the new list entry
|
||||||
|
const gchar* new_list[g_list_length(glist)+1];
|
||||||
|
GList *curr = glist;
|
||||||
|
i = 0;
|
||||||
|
while (curr) {
|
||||||
|
new_list[i++] = strdup(curr->data);
|
||||||
|
curr = g_list_next(curr);
|
||||||
|
}
|
||||||
|
new_list[i] = NULL;
|
||||||
|
g_key_file_set_string_list(prefs, PREF_GROUP_CONNECTION, "certs", new_list, g_list_length(glist));
|
||||||
|
|
||||||
|
// list not found
|
||||||
|
} else {
|
||||||
|
const gchar* new_list[2];
|
||||||
|
new_list[0] = strdup(fp);
|
||||||
|
new_list[1] = NULL;
|
||||||
|
g_key_file_set_string_list(prefs, PREF_GROUP_CONNECTION, "certs", new_list, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
g_strfreev(list);
|
||||||
|
g_list_free_full(glist, g_free);
|
||||||
|
_save_prefs();
|
||||||
|
}
|
||||||
|
|
||||||
gboolean
|
gboolean
|
||||||
prefs_add_alias(const char * const name, const char * const value)
|
prefs_add_alias(const char * const name, const char * const value)
|
||||||
{
|
{
|
||||||
|
@ -162,4 +162,8 @@ char * prefs_get_string(preference_t pref);
|
|||||||
void prefs_free_string(char *pref);
|
void prefs_free_string(char *pref);
|
||||||
void prefs_set_string(preference_t pref, char *value);
|
void prefs_set_string(preference_t pref, char *value);
|
||||||
|
|
||||||
|
GList* prefs_get_trusted_certs(void);
|
||||||
|
void prefs_free_trusted_certs(GList *certs);
|
||||||
|
void prefs_add_trusted_cert(const char * const fp);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -643,6 +643,13 @@ int
|
|||||||
sv_ev_certfail(const char * const errormsg, const char * const certname, const char * const certfp,
|
sv_ev_certfail(const char * const errormsg, const char * const certname, const char * const certfp,
|
||||||
const char * const notbefore, const char * const notafter)
|
const char * const notbefore, const char * const notafter)
|
||||||
{
|
{
|
||||||
|
GList *trusted = prefs_get_trusted_certs();
|
||||||
|
if (g_list_find_custom(trusted, certfp, (GCompareFunc)g_strcmp0)) {
|
||||||
|
prefs_free_trusted_certs(trusted);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
prefs_free_trusted_certs(trusted);
|
||||||
|
|
||||||
cons_show("");
|
cons_show("");
|
||||||
cons_show_error("TLS certficiate verification failed: %s", errormsg);
|
cons_show_error("TLS certficiate verification failed: %s", errormsg);
|
||||||
cons_show(" Issuer : %s", certname);
|
cons_show(" Issuer : %s", certname);
|
||||||
@ -651,14 +658,18 @@ sv_ev_certfail(const char * const errormsg, const char * const certname, const c
|
|||||||
cons_show(" End : %s", notafter);
|
cons_show(" End : %s", notafter);
|
||||||
cons_show("");
|
cons_show("");
|
||||||
cons_show("Use '/tls allow' to accept this certificate");
|
cons_show("Use '/tls allow' to accept this certificate");
|
||||||
|
cons_show("Use '/tls always' to accept this certificate permanently");
|
||||||
cons_show("Use '/tls deny' to reject this certificate");
|
cons_show("Use '/tls deny' to reject this certificate");
|
||||||
cons_show("");
|
cons_show("");
|
||||||
ui_update();
|
ui_update();
|
||||||
|
|
||||||
char *cmd = ui_get_line();
|
char *cmd = ui_get_line();
|
||||||
|
|
||||||
while ((g_strcmp0(cmd, "/tls allow") != 0) && (g_strcmp0(cmd, "/tls deny") != 0)) {
|
while ((g_strcmp0(cmd, "/tls allow") != 0)
|
||||||
|
&& (g_strcmp0(cmd, "/tls always") != 0)
|
||||||
|
&& (g_strcmp0(cmd, "/tls deny") != 0)) {
|
||||||
cons_show("Use '/tls allow' to accept this certificate");
|
cons_show("Use '/tls allow' to accept this certificate");
|
||||||
|
cons_show("Use '/tls always' to accept this certificate permanently");
|
||||||
cons_show("Use '/tls deny' to reject this certificate");
|
cons_show("Use '/tls deny' to reject this certificate");
|
||||||
cons_show("");
|
cons_show("");
|
||||||
ui_update();
|
ui_update();
|
||||||
@ -669,6 +680,10 @@ sv_ev_certfail(const char * const errormsg, const char * const certname, const c
|
|||||||
if (g_strcmp0(cmd, "/tls allow") == 0) {
|
if (g_strcmp0(cmd, "/tls allow") == 0) {
|
||||||
free(cmd);
|
free(cmd);
|
||||||
return 1;
|
return 1;
|
||||||
|
} else if (g_strcmp0(cmd, "/tls always") == 0) {
|
||||||
|
prefs_add_trusted_cert(certfp);
|
||||||
|
free(cmd);
|
||||||
|
return 1;
|
||||||
} else {
|
} else {
|
||||||
free(cmd);
|
free(cmd);
|
||||||
return 0;
|
return 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user