Store current TLS certificate fingerpint in memory for reconnect

author: James Booth <boothj5@gmail.com> 2015-11-09 20:57:26 +0000
committer: James Booth <boothj5@gmail.com> 2015-11-09 20:57:26 +0000
commit: 4cbfb888141cf060608f213499672e0b2c56f331 (patch)
tree: 88e9c4866369e5212996e5c6f7b78617902e02f9 /src
parent: b3737b225f35a04b34076ff1e581d44c959bd59e (diff)
download: profani-tty-4cbfb888141cf060608f213499672e0b2c56f331.tar.gz
4 files changed, 47 insertions, 0 deletions
diff --git a/src/command/commands.c b/src/command/commands.c
index 0331d691..cf7290ad 100644
--- a/src/command/commands.c
+++ b/src/command/commands.c
@@ -831,6 +831,7 @@ cmd_disconnect(ProfWin *window, const char *const command, gchar **args)
         roster_clear();
         muc_invites_clear();
         chat_sessions_clear();
+        tlscerts_clear_current();
         ui_disconnected();
 #ifdef HAVE_LIBGPGME
         p_gpg_on_disconnect();
diff --git a/src/config/tlscerts.c b/src/config/tlscerts.c
index 17c32cb5..299b98cf 100644
--- a/src/config/tlscerts.c
+++ b/src/config/tlscerts.c
@@ -51,6 +51,8 @@ static void _save_tlscerts(void);
 
 static Autocomplete certs_ac;
 
+static char *current_fp;
+
 void
 tlscerts_init(void)
 {
@@ -73,6 +75,32 @@ tlscerts_init(void)
         autocomplete_add(certs_ac, groups[i]);
     }
     g_strfreev(groups);
+
+    current_fp = NULL;
+}
+
+void
+tlscerts_set_current(const char *const fp)
+{
+    if (current_fp) {
+        free(current_fp);
+    }
+    current_fp = strdup(fp);
+}
+
+char*
+tlscerts_get_current(void)
+{
+    return current_fp;
+}
+
+void
+tlscerts_clear_current(void)
+{
+    if (current_fp) {
+        free(current_fp);
+        current_fp = NULL;
+    }
 }
 
 gboolean
@@ -223,6 +251,10 @@ tlscerts_close(void)
 {
     g_key_file_free(tlscerts);
     tlscerts = NULL;
+
+    free(current_fp);
+    current_fp = NULL;
+
     autocomplete_free(certs_ac);
 }
 
diff --git a/src/config/tlscerts.h b/src/config/tlscerts.h
index dfb200b7..c3b273e7 100644
--- a/src/config/tlscerts.h
+++ b/src/config/tlscerts.h
@@ -50,6 +50,12 @@ TLSCertificate* tlscerts_new(const char *const fingerprint, const char *const do
     const char *const organisation, const char *const email,
     const char *const notbefore, const char *const notafter);
 
+void tlscerts_set_current(const char *const fp);
+
+char* tlscerts_get_current(void);
+
+void tlscerts_clear_current(void);
+
 gboolean tlscerts_exists(const char *const fingerprint);
 
 void tlscerts_add(TLSCertificate *cert);
diff --git a/src/event/server_events.c b/src/event/server_events.c
index 3622b327..032c8d16 100644
--- a/src/event/server_events.c
+++ b/src/event/server_events.c
@@ -718,10 +718,17 @@ int
 sv_ev_certfail(const char *const errormsg, const char *const certname, const char *const certfp,
     const char *const notbefore, const char *const notafter)
 {
+    // check profanity trusted certs
     if (tlscerts_exists(certfp)) {
         return 1;
     }
 
+    // check current cert
+    char *current_fp = tlscerts_get_current();
+    if (current_fp && g_strcmp0(current_fp, certfp) == 0) {
+        return 1;
+    }
+
     char *domain = NULL;
     char *org = NULL;
     char *email = NULL;
@@ -780,6 +787,7 @@ sv_ev_certfail(const char *const errormsg, const char *const certname, const cha
     }
 
     if (g_strcmp0(cmd, "/tls allow") == 0) {
+        tlscerts_set_current(certfp);
         free(cmd);
         free(domain);
         free(org);
author	James Booth <boothj5@gmail.com>	2015-11-09 20:57:26 +0000
committer	James Booth <boothj5@gmail.com>	2015-11-09 20:57:26 +0000
commit	4cbfb888141cf060608f213499672e0b2c56f331 (patch)
tree	88e9c4866369e5212996e5c6f7b78617902e02f9 /src
parent	b3737b225f35a04b34076ff1e581d44c959bd59e (diff)
download	profani-tty-4cbfb888141cf060608f213499672e0b2c56f331.tar.gz