diff options
| -rw-r--r-- | src/command/command.c | 7 | ||||
| -rw-r--r-- | src/config/preferences.c | 74 | ||||
| -rw-r--r-- | src/config/preferences.h | 4 | ||||
| -rw-r--r-- | src/event/server_events.c | 17 |
4 files changed, 99 insertions, 3 deletions
diff --git a/src/command/command.c b/src/command/command.c index 949f21c7..c89bcb05 100644 --- a/src/command/command.c +++ b/src/command/command.c @@ -192,12 +192,14 @@ static struct cmd_t command_defs[] = CMD_TAG_CONNECTION) CMD_SYN( "/tls allow", + "/tls always", "/tls deny") CMD_DESC( "Handle TLS certificates. ") CMD_ARGS( - { "allow", "Allow connection using invalid TLS certificate." }, - { "deny", "Allow connection using invalid TLS certificate." }) + { "allow", "Allow connection to continue with an invalid TLS certificate." }, + { "always", "Always allow connections with this invalid TLS certificate." }, + { "deny", "Terminate TLS connection." }) CMD_NOEXAMPLES }, @@ -2088,6 +2090,7 @@ cmd_init(void) tls_ac = autocomplete_new(); autocomplete_add(tls_ac, "allow"); + autocomplete_add(tls_ac, "always"); autocomplete_add(tls_ac, "deny"); } diff --git a/src/config/preferences.c b/src/config/preferences.c index 6d63d3e9..e11b4cf2 100644 --- a/src/config/preferences.c +++ b/src/config/preferences.c @@ -430,6 +430,80 @@ prefs_set_pgp_char(char ch) _save_prefs(); } +GList * +prefs_get_trusted_certs(void) +{ + gsize length; + GList *fp_list = NULL; + gchar **fps = g_key_file_get_string_list(prefs, PREF_GROUP_CONNECTION, "certs", &length, NULL); + if (fps) { + int i = 0; + for (i = 0; i < length; i++) { + fp_list = g_list_append(fp_list, strdup(fps[i])); + } + g_strfreev(fps); + return fp_list; + } else { + return NULL; + } +} + +void +prefs_free_trusted_certs(GList *certs) +{ + if (certs) { + g_list_free_full(certs, free); + } +} + +void +prefs_add_trusted_cert(const char * const fp) +{ + gsize length; + gchar **list = g_key_file_get_string_list(prefs, PREF_GROUP_CONNECTION, "certs", &length, NULL); + GList *glist = NULL; + + // list found + if (list) { + int i = 0; + for (i = 0; i < length; i++) { + // item already in list, exit function + if (strcmp(list[i], fp) == 0) { + g_list_free_full(glist, g_free); + g_strfreev(list); + return; + } + // add item to our g_list + glist = g_list_append(glist, strdup(list[i])); + } + + // item not found, add to our g_list + glist = g_list_append(glist, strdup(fp)); + + // create the new list entry + const gchar* new_list[g_list_length(glist)+1]; + GList *curr = glist; + i = 0; + while (curr) { + new_list[i++] = strdup(curr->data); + curr = g_list_next(curr); + } + new_list[i] = NULL; + g_key_file_set_string_list(prefs, PREF_GROUP_CONNECTION, "certs", new_list, g_list_length(glist)); + + // list not found + } else { + const gchar* new_list[2]; + new_list[0] = strdup(fp); + new_list[1] = NULL; + g_key_file_set_string_list(prefs, PREF_GROUP_CONNECTION, "certs", new_list, 1); + } + + g_strfreev(list); + g_list_free_full(glist, g_free); + _save_prefs(); +} + gboolean prefs_add_alias(const char * const name, const char * const value) { diff --git a/src/config/preferences.h b/src/config/preferences.h index 2a7ab5bf..432137b3 100644 --- a/src/config/preferences.h +++ b/src/config/preferences.h @@ -162,4 +162,8 @@ char * prefs_get_string(preference_t pref); void prefs_free_string(char *pref); void prefs_set_string(preference_t pref, char *value); +GList* prefs_get_trusted_certs(void); +void prefs_free_trusted_certs(GList *certs); +void prefs_add_trusted_cert(const char * const fp); + #endif diff --git a/src/event/server_events.c b/src/event/server_events.c index e8d6a357..d2aaf28b 100644 --- a/src/event/server_events.c +++ b/src/event/server_events.c @@ -643,6 +643,13 @@ int sv_ev_certfail(const char * const errormsg, const char * const certname, const char * const certfp, const char * const notbefore, const char * const notafter) { + GList *trusted = prefs_get_trusted_certs(); + if (g_list_find_custom(trusted, certfp, (GCompareFunc)g_strcmp0)) { + prefs_free_trusted_certs(trusted); + return 1; + } + prefs_free_trusted_certs(trusted); + cons_show(""); cons_show_error("TLS certficiate verification failed: %s", errormsg); cons_show(" Issuer : %s", certname); @@ -651,14 +658,18 @@ sv_ev_certfail(const char * const errormsg, const char * const certname, const c cons_show(" End : %s", notafter); cons_show(""); cons_show("Use '/tls allow' to accept this certificate"); + cons_show("Use '/tls always' to accept this certificate permanently"); cons_show("Use '/tls deny' to reject this certificate"); cons_show(""); ui_update(); char *cmd = ui_get_line(); - while ((g_strcmp0(cmd, "/tls allow") != 0) && (g_strcmp0(cmd, "/tls deny") != 0)) { + while ((g_strcmp0(cmd, "/tls allow") != 0) + && (g_strcmp0(cmd, "/tls always") != 0) + && (g_strcmp0(cmd, "/tls deny") != 0)) { cons_show("Use '/tls allow' to accept this certificate"); + cons_show("Use '/tls always' to accept this certificate permanently"); cons_show("Use '/tls deny' to reject this certificate"); cons_show(""); ui_update(); @@ -669,6 +680,10 @@ sv_ev_certfail(const char * const errormsg, const char * const certname, const c if (g_strcmp0(cmd, "/tls allow") == 0) { free(cmd); return 1; + } else if (g_strcmp0(cmd, "/tls always") == 0) { + prefs_add_trusted_cert(certfp); + free(cmd); + return 1; } else { free(cmd); return 0; |