Add option to trust server's certificate

New tls policy "trust" added to /connect and /account. With the policy TLS connection is established even with invalid certificate. Note, that trust policy forces TLS connection and it fails when server doesn't support TLS. Examples: /connect <jid> tls trust /account <name> set tls trust
author: Dmitry Podgorny <pasis.ua@gmail.com> 2018-11-06 14:01:27 +0200
committer: Dmitry Podgorny <pasis.ua@gmail.com> 2018-11-06 14:09:02 +0200
commit: 7f65aaa9a2ba1e7d9fe182cc18938fa39462e095 (patch)
tree: 7de15c627bd8d52ac34e38da1a23b2aa9216550e /src/command
parent: 671849c71152e7cc9272480ecab6d35f92e199ed (diff)
download: profani-tty-7f65aaa9a2ba1e7d9fe182cc18938fa39462e095.tar.gz
3 files changed, 7 insertions, 2 deletions
diff --git a/src/command/cmd_ac.c b/src/command/cmd_ac.c
index 7a340e7f..0e19fd5b 100644
--- a/src/command/cmd_ac.c
+++ b/src/command/cmd_ac.c
@@ -582,6 +582,7 @@ cmd_ac_init(void)
     tls_property_ac = autocomplete_new();
     autocomplete_add(tls_property_ac, "force");
     autocomplete_add(tls_property_ac, "allow");
+    autocomplete_add(tls_property_ac, "trust");
     autocomplete_add(tls_property_ac, "legacy");
     autocomplete_add(tls_property_ac, "disable");
 
diff --git a/src/command/cmd_defs.c b/src/command/cmd_defs.c
index 04a2fe35..0e4b5654 100644
--- a/src/command/cmd_defs.c
+++ b/src/command/cmd_defs.c
@@ -158,7 +158,7 @@ static struct cmd_t command_defs[] =
             CMD_TAG_CONNECTION)
         CMD_SYN(
             "/connect [<account>]",
-            "/connect <account> [server <server>] [port <port>] [tls force|allow|legacy|disable]")
+            "/connect <account> [server <server>] [port <port>] [tls force|allow|trust|legacy|disable]")
         CMD_DESC(
             "Login to a chat service. "
             "If no account is specified, the default is used if one is configured. "
@@ -169,6 +169,7 @@ static struct cmd_t command_defs[] =
             { "port <port>",       "The port to use if different to the default (5222, or 5223 for SSL)." },
             { "tls force",         "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
             { "tls allow",         "Use TLS for the connection if it is available." },
+            { "tls trust",         "Force TLS connection and trust server's certificate." },
             { "tls legacy",        "Use legacy TLS for the connection. It means server doesn't support STARTTLS and TLS is forced just after TCP connection is established." },
             { "tls disable",       "Disable TLS for the connection." })
         CMD_EXAMPLES(
@@ -2014,7 +2015,7 @@ static struct cmd_t command_defs[] =
             "/account set <account> otr <policy>",
             "/account set <account> pgpkeyid <pgpkeyid>",
             "/account set <account> startscript <script>",
-            "/account set <account> tls force|allow|legacy|disable",
+            "/account set <account> tls force|allow|trust|legacy|disable",
             "/account set <account> theme <theme>",
             "/account clear <account> password",
             "/account clear <account> eval_password",
@@ -2054,6 +2055,7 @@ static struct cmd_t command_defs[] =
             { "set <account> startscript <script>",     "Set the script to execute after connecting." },
             { "set <account> tls force",                "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
             { "set <account> tls allow",                "Use TLS for the connection if it is available." },
+            { "set <account> tls trust",                "Force TLS connection and trust server's certificate." },
             { "set <account> tls legacy",               "Use legacy TLS for the connection. It means server doesn't support STARTTLS and TLS is forced just after TCP connection is established." },
             { "set <account> tls disable",              "Disable TLS for the connection." },
             { "set <account> <theme>",                  "Set the UI theme for the account." },
diff --git a/src/command/cmd_funcs.c b/src/command/cmd_funcs.c
index 6ce23849..7f1a791b 100644
--- a/src/command/cmd_funcs.c
+++ b/src/command/cmd_funcs.c
@@ -351,6 +351,7 @@ cmd_connect(ProfWin *window, const char *const command, gchar **args)
     if (tls_policy &&
             (g_strcmp0(tls_policy, "force") != 0) &&
             (g_strcmp0(tls_policy, "allow") != 0) &&
+            (g_strcmp0(tls_policy, "trust") != 0) &&
             (g_strcmp0(tls_policy, "disable") != 0) &&
             (g_strcmp0(tls_policy, "legacy") != 0)) {
         cons_bad_cmd_usage(command);
@@ -815,6 +816,7 @@ _account_set_tls(char *account_name, char *policy)
 {
     if ((g_strcmp0(policy, "force") != 0)
             && (g_strcmp0(policy, "allow") != 0)
+            && (g_strcmp0(policy, "trust") != 0)
             && (g_strcmp0(policy, "disable") != 0)
             && (g_strcmp0(policy, "legacy") != 0)) {
         cons_show("TLS policy must be one of: force, allow, legacy or disable.");
author	Dmitry Podgorny <pasis.ua@gmail.com>	2018-11-06 14:01:27 +0200
committer	Dmitry Podgorny <pasis.ua@gmail.com>	2018-11-06 14:09:02 +0200
commit	7f65aaa9a2ba1e7d9fe182cc18938fa39462e095 (patch)
tree	7de15c627bd8d52ac34e38da1a23b2aa9216550e /src/command
parent	671849c71152e7cc9272480ecab6d35f92e199ed (diff)
download	profani-tty-7f65aaa9a2ba1e7d9fe182cc18938fa39462e095.tar.gz