diff options
author | Steffen Jaeckel <jaeckel-floss@eyet-services.de> | 2022-03-22 11:26:53 +0100 |
---|---|---|
committer | Steffen Jaeckel <jaeckel-floss@eyet-services.de> | 2022-03-22 11:44:01 +0100 |
commit | 7f1f9787cb6de128d2ddc628dd57b9d89cba51ec (patch) | |
tree | 037397a08572305356ee06ab22f767ea9e7aeefb /src/config/cafile.c | |
parent | b28ac093688d0d3dbda8aa9755e1b9b54ed01e05 (diff) | |
download | profani-tty-7f1f9787cb6de128d2ddc628dd57b9d89cba51ec.tar.gz |
add profanity-specific CAfile
The profanity-internal mechanism to allow connecting to a server isn't easily portable to cURL. Therefor introduce a profanity-specific CAfile which is managed individually and will be configured in libcurl calls. Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Diffstat (limited to 'src/config/cafile.c')
-rw-r--r-- | src/config/cafile.c | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/src/config/cafile.c b/src/config/cafile.c new file mode 100644 index 00000000..4ac832bf --- /dev/null +++ b/src/config/cafile.c @@ -0,0 +1,106 @@ +/* + * cafile.c + * vim: expandtab:ts=4:sts=4:sw=4 + * + * Copyright (C) 2022 Steffen Jaeckel <jaeckel-floss@eyet-services.de> + * + * This file is part of Profanity. + * + * Profanity is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Profanity is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Profanity. If not, see <https://www.gnu.org/licenses/>. + * + * In addition, as a special exception, the copyright holders give permission to + * link the code of portions of this program with the OpenSSL library under + * certain conditions as described in each individual source file, and + * distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all of the + * code used other than OpenSSL. If you modify file(s) with this exception, you + * may extend this exception to your version of the file(s), but you are not + * obligated to do so. If you do not wish to do so, delete this exception + * statement from your version. If you delete this exception statement from all + * source files in the program, then also delete it here. + * + */ + +#include <fcntl.h> +#include <glib.h> +#include <errno.h> +#include <string.h> +#include <sys/wait.h> + +#include "common.h" +#include "config/files.h" +#include "log.h" + +static gchar* +_cafile_name(void) +{ + gchar* certs_dir = files_get_data_path(DIR_CERTS); + if (!create_dir(certs_dir)) { + g_free(certs_dir); + return NULL; + } + gchar* filename = g_strdup_printf("%s/CAfile.pem", certs_dir); + g_free(certs_dir); + return filename; +} + +void +cafile_add(const TLSCertificate* cert) +{ + if (!cert->pem) { + log_error("[CAfile] can't store cert with fingerprint %s: PEM is empty", cert->fingerprint); + return; + } + gchar* cafile = _cafile_name(); + if (!cafile) + return; + gchar *contents = NULL, *new_contents = NULL; + gsize length; + GError* glib_error = NULL; + if (g_file_test(cafile, G_FILE_TEST_EXISTS)) { + if (!g_file_get_contents(cafile, &contents, &length, &glib_error)) { + log_error("[CAfile] could not read from %s: %s", cafile, glib_error ? glib_error->message : "No GLib error given"); + goto out; + } + if (strstr(contents, cert->fingerprint)) { + log_debug("[CAfile] fingerprint %s already stored", cert->fingerprint); + goto out; + } + } + const char* header = "# Profanity CAfile\n# DO NOT EDIT - this file is automatically generated"; + new_contents = g_strdup_printf("%s\n\n# %s\n%s", contents ? contents : header, cert->fingerprint, cert->pem); + if (!g_file_set_contents(cafile, new_contents, -1, &glib_error)) + log_error("[CAfile] could not write to %s: %s", cafile, glib_error ? glib_error->message : "No GLib error given"); +out: + g_free(new_contents); + g_free(contents); + g_free(cafile); +} + +gchar* +cafile_get_name(void) +{ + gchar* cafile = _cafile_name(); + if (!g_file_test(cafile, G_FILE_TEST_EXISTS)) { + /* That's no problem! + * There's no need to have a profanity-specific CAfile if all CA's + * of servers you're trying to connect to are in your OS trust-store + */ + log_debug("[CAfile] file %s not created yet", cafile); + g_free(cafile); + cafile = NULL; + } + return cafile; +} |