about summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/command/cmd_ac.c1
-rw-r--r--src/command/cmd_defs.c2
-rw-r--r--src/command/cmd_funcs.c10
-rw-r--r--src/config/preferences.c39
-rw-r--r--src/config/preferences.h2
-rw-r--r--src/xmpp/connection.c4
6 files changed, 53 insertions, 5 deletions
diff --git a/src/command/cmd_ac.c b/src/command/cmd_ac.c
index 6d87a5d8..2d3209d5 100644
--- a/src/command/cmd_ac.c
+++ b/src/command/cmd_ac.c
@@ -683,6 +683,7 @@ cmd_ac_init(void)
     tls_certpath_ac = autocomplete_new();
     autocomplete_add(tls_certpath_ac, "set");
     autocomplete_add(tls_certpath_ac, "clear");
+    autocomplete_add(tls_certpath_ac, "default");
 
     script_ac = autocomplete_new();
     autocomplete_add(script_ac, "run");
diff --git a/src/command/cmd_defs.c b/src/command/cmd_defs.c
index f8d8c2ff..34400ae3 100644
--- a/src/command/cmd_defs.c
+++ b/src/command/cmd_defs.c
@@ -200,6 +200,7 @@ static struct cmd_t command_defs[] =
             "/tls certpath",
             "/tls certpath set <path>",
             "/tls certpath clear",
+            "/tls certpath default",
             "/tls show on|off")
         CMD_DESC(
             "Handle TLS certificates. ")
@@ -215,6 +216,7 @@ static struct cmd_t command_defs[] =
             { "certpath",             "Show the trusted certificate path." },
             { "certpath set <path>",  "Specify filesystem path containing trusted certificates." },
             { "certpath clear",       "Clear the trusted certificate path." },
+            { "certpath default",     "Use default system certificate path, if it can be found." },
             { "show on|off",          "Show or hide the TLS indicator in the titlebar." })
         CMD_NOEXAMPLES
     },
diff --git a/src/command/cmd_funcs.c b/src/command/cmd_funcs.c
index c045a627..35ae3119 100644
--- a/src/command/cmd_funcs.c
+++ b/src/command/cmd_funcs.c
@@ -171,14 +171,18 @@ cmd_tls_certpath(ProfWin *window, const char *const command, gchar **args)
         }
         return TRUE;
     } else if (g_strcmp0(args[1], "clear") == 0) {
-        prefs_set_string(PREF_TLS_CERTPATH, NULL);
+        prefs_set_string(PREF_TLS_CERTPATH, "none");
         cons_show("Certificate path cleared");
         return TRUE;
+    } else if (g_strcmp0(args[1], "default") == 0) {
+        prefs_set_string(PREF_TLS_CERTPATH, NULL);
+        cons_show("Certificate path defaulted to finding system certpath.");
+        return TRUE;
     } else if (args[1] == NULL) {
-        char *path = prefs_get_string(PREF_TLS_CERTPATH);
+        char *path = prefs_get_tls_certpath();
         if (path) {
             cons_show("Trusted certificate path: %s", path);
-            prefs_free_string(path);
+            free(path);
         } else {
             cons_show("No trusted certificate path set.");
         }
diff --git a/src/config/preferences.c b/src/config/preferences.c
index f6f73995..4eed12ff 100644
--- a/src/config/preferences.c
+++ b/src/config/preferences.c
@@ -460,6 +460,45 @@ prefs_set_string(preference_t pref, char *value)
     _save_prefs();
 }
 
+char*
+prefs_get_tls_certpath(void)
+{
+    const char *group = _get_group(PREF_TLS_CERTPATH);
+    const char *key = _get_key(PREF_TLS_CERTPATH);
+
+    char *setting = g_key_file_get_string(prefs, group, key, NULL);
+
+    if (g_strcmp0(setting, "none") == 0) {
+        prefs_free_string(setting);
+        return NULL;
+    }
+
+    if (setting == NULL) {
+        if (g_file_test("/etc/ssl/certs",  G_FILE_TEST_IS_DIR)) {
+            return strdup("/etc/ssl/certs");
+        }
+        if (g_file_test("/etc/pki/tls/certs",  G_FILE_TEST_IS_DIR)) {
+            return strdup("/etc/pki/tls/certs");
+        }
+        if (g_file_test("/etc/ssl",  G_FILE_TEST_IS_DIR)) {
+            return strdup("/etc/ssl");
+        }
+        if (g_file_test("/etc/pki/tls",  G_FILE_TEST_IS_DIR)) {
+            return strdup("/etc/pki/tls");
+        }
+        if (g_file_test("/system/etc/security/cacerts",  G_FILE_TEST_IS_DIR)) {
+            return strdup("/system/etc/security/cacerts");
+        }
+
+        return NULL;
+    }
+
+    char *result = strdup(setting);
+    prefs_free_string(setting);
+
+    return result;
+}
+
 gint
 prefs_get_gone(void)
 {
diff --git a/src/config/preferences.h b/src/config/preferences.h
index e0ac7442..72385de5 100644
--- a/src/config/preferences.h
+++ b/src/config/preferences.h
@@ -266,6 +266,8 @@ char* prefs_get_string(preference_t pref);
 void prefs_free_string(char *pref);
 void prefs_set_string(preference_t pref, char *value);
 
+char* prefs_get_tls_certpath(void);
+
 gboolean prefs_do_chat_notify(gboolean current_win);
 gboolean prefs_do_room_notify(gboolean current_win, const char *const roomjid, const char *const mynick,
     const char *const theirnick, const char *const message, gboolean mention, gboolean trigger_found);
diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c
index 70ca12b0..304d984d 100644
--- a/src/xmpp/connection.c
+++ b/src/xmpp/connection.c
@@ -160,11 +160,11 @@ connection_connect(const char *const fulljid, const char *const passwd, const ch
     }
 
 #ifdef HAVE_LIBMESODE
-    char *cert_path = prefs_get_string(PREF_TLS_CERTPATH);
+    char *cert_path = prefs_get_tls_certpath();
     if (cert_path) {
         xmpp_conn_tlscert_path(conn.xmpp_conn, cert_path);
+        free(cert_path);
     }
-    prefs_free_string(cert_path);
 
     int connect_status = xmpp_connect_client(
         conn.xmpp_conn,
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-12-02 04:58:05 +0000