diff options
| author | Dmitry Podgorny <pasis.ua@gmail.com> | 2018-11-06 14:01:27 +0200 |
|---|---|---|
| committer | Dmitry Podgorny <pasis.ua@gmail.com> | 2018-11-06 14:09:02 +0200 |
| commit | 7f65aaa9a2ba1e7d9fe182cc18938fa39462e095 (patch) | |
| tree | 7de15c627bd8d52ac34e38da1a23b2aa9216550e /src | |
| parent | 671849c71152e7cc9272480ecab6d35f92e199ed (diff) | |
| download | profani-tty-7f65aaa9a2ba1e7d9fe182cc18938fa39462e095.tar.gz | |
Add option to trust server's certificate
New tls policy "trust" added to /connect and /account. With the policy TLS connection is established even with invalid certificate. Note, that trust policy forces TLS connection and it fails when server doesn't support TLS. Examples: /connect <jid> tls trust /account <name> set tls trust
Diffstat (limited to 'src')
| -rw-r--r-- | src/command/cmd_ac.c | 1 | ||||
| -rw-r--r-- | src/command/cmd_defs.c | 6 | ||||
| -rw-r--r-- | src/command/cmd_funcs.c | 2 | ||||
| -rw-r--r-- | src/config/accounts.c | 1 | ||||
| -rw-r--r-- | src/xmpp/connection.c | 3 |
5 files changed, 11 insertions, 2 deletions
diff --git a/src/command/cmd_ac.c b/src/command/cmd_ac.c index 7a340e7f..0e19fd5b 100644 --- a/src/command/cmd_ac.c +++ b/src/command/cmd_ac.c @@ -582,6 +582,7 @@ cmd_ac_init(void) tls_property_ac = autocomplete_new(); autocomplete_add(tls_property_ac, "force"); autocomplete_add(tls_property_ac, "allow"); + autocomplete_add(tls_property_ac, "trust"); autocomplete_add(tls_property_ac, "legacy"); autocomplete_add(tls_property_ac, "disable"); diff --git a/src/command/cmd_defs.c b/src/command/cmd_defs.c index 04a2fe35..0e4b5654 100644 --- a/src/command/cmd_defs.c +++ b/src/command/cmd_defs.c @@ -158,7 +158,7 @@ static struct cmd_t command_defs[] = CMD_TAG_CONNECTION) CMD_SYN( "/connect [<account>]", - "/connect <account> [server <server>] [port <port>] [tls force|allow|legacy|disable]") + "/connect <account> [server <server>] [port <port>] [tls force|allow|trust|legacy|disable]") CMD_DESC( "Login to a chat service. " "If no account is specified, the default is used if one is configured. " @@ -169,6 +169,7 @@ static struct cmd_t command_defs[] = { "port <port>", "The port to use if different to the default (5222, or 5223 for SSL)." }, { "tls force", "Force TLS connection, and fail if one cannot be established, this is default behaviour." }, { "tls allow", "Use TLS for the connection if it is available." }, + { "tls trust", "Force TLS connection and trust server's certificate." }, { "tls legacy", "Use legacy TLS for the connection. It means server doesn't support STARTTLS and TLS is forced just after TCP connection is established." }, { "tls disable", "Disable TLS for the connection." }) CMD_EXAMPLES( @@ -2014,7 +2015,7 @@ static struct cmd_t command_defs[] = "/account set <account> otr <policy>", "/account set <account> pgpkeyid <pgpkeyid>", "/account set <account> startscript <script>", - "/account set <account> tls force|allow|legacy|disable", + "/account set <account> tls force|allow|trust|legacy|disable", "/account set <account> theme <theme>", "/account clear <account> password", "/account clear <account> eval_password", @@ -2054,6 +2055,7 @@ static struct cmd_t command_defs[] = { "set <account> startscript <script>", "Set the script to execute after connecting." }, { "set <account> tls force", "Force TLS connection, and fail if one cannot be established, this is default behaviour." }, { "set <account> tls allow", "Use TLS for the connection if it is available." }, + { "set <account> tls trust", "Force TLS connection and trust server's certificate." }, { "set <account> tls legacy", "Use legacy TLS for the connection. It means server doesn't support STARTTLS and TLS is forced just after TCP connection is established." }, { "set <account> tls disable", "Disable TLS for the connection." }, { "set <account> <theme>", "Set the UI theme for the account." }, diff --git a/src/command/cmd_funcs.c b/src/command/cmd_funcs.c index 6ce23849..7f1a791b 100644 --- a/src/command/cmd_funcs.c +++ b/src/command/cmd_funcs.c @@ -351,6 +351,7 @@ cmd_connect(ProfWin *window, const char *const command, gchar **args) if (tls_policy && (g_strcmp0(tls_policy, "force") != 0) && (g_strcmp0(tls_policy, "allow") != 0) && + (g_strcmp0(tls_policy, "trust") != 0) && (g_strcmp0(tls_policy, "disable") != 0) && (g_strcmp0(tls_policy, "legacy") != 0)) { cons_bad_cmd_usage(command); @@ -815,6 +816,7 @@ _account_set_tls(char *account_name, char *policy) { if ((g_strcmp0(policy, "force") != 0) && (g_strcmp0(policy, "allow") != 0) + && (g_strcmp0(policy, "trust") != 0) && (g_strcmp0(policy, "disable") != 0) && (g_strcmp0(policy, "legacy") != 0)) { cons_show("TLS policy must be one of: force, allow, legacy or disable."); diff --git a/src/config/accounts.c b/src/config/accounts.c index de898dd7..be992dd1 100644 --- a/src/config/accounts.c +++ b/src/config/accounts.c @@ -291,6 +291,7 @@ accounts_get_account(const char *const name) gchar *tls_policy = g_key_file_get_string(accounts, name, "tls.policy", NULL); if (tls_policy && ((g_strcmp0(tls_policy, "force") != 0) && (g_strcmp0(tls_policy, "allow") != 0) && + (g_strcmp0(tls_policy, "trust") != 0) && (g_strcmp0(tls_policy, "disable") != 0) && (g_strcmp0(tls_policy, "legacy") != 0))) { g_free(tls_policy); diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c index 1d142e3f..2602032d 100644 --- a/src/xmpp/connection.c +++ b/src/xmpp/connection.c @@ -150,6 +150,9 @@ connection_connect(const char *const jid, const char *const passwd, const char * if (!tls_policy || (g_strcmp0(tls_policy, "force") == 0)) { xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_MANDATORY_TLS); + } else if (g_strcmp0(tls_policy, "trust") == 0) { + xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_MANDATORY_TLS); + xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_TRUST_TLS); } else if (g_strcmp0(tls_policy, "disable") == 0) { xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_DISABLE_TLS); } else if (g_strcmp0(tls_policy, "legacy") == 0) { |