diff options
Diffstat (limited to 'src/event/server_events.c')
-rw-r--r-- | src/event/server_events.c | 57 |
1 files changed, 6 insertions, 51 deletions
diff --git a/src/event/server_events.c b/src/event/server_events.c index 2663eb09..58add417 100644 --- a/src/event/server_events.c +++ b/src/event/server_events.c @@ -716,56 +716,22 @@ sv_ev_muc_occupant_online(const char *const room, const char *const nick, const } int -sv_ev_certfail(const char *const errormsg, const char *const certname, const char *const certfp, - const char *const notbefore, const char *const notafter) +sv_ev_certfail(const char *const errormsg, TLSCertificate *cert) { // check profanity trusted certs - if (tlscerts_exists(certfp)) { + if (tlscerts_exists(cert->fingerprint)) { return 1; } // check current cert char *current_fp = tlscerts_get_current(); - if (current_fp && g_strcmp0(current_fp, certfp) == 0) { + if (current_fp && g_strcmp0(current_fp, cert->fingerprint) == 0) { return 1; } - char *domain = NULL; - char *org = NULL; - char *email = NULL; - gchar** fields = g_strsplit(certname, "/", 0); - int i = 0; - for (i = 0; i < g_strv_length(fields); i++) { - gchar** keyval = g_strsplit(fields[i], "=", 2); - if (g_strv_length(keyval) == 2) { - if (g_strcmp0(keyval[0], "CN") == 0) { - domain = strdup(keyval[1]); - } - if (g_strcmp0(keyval[0], "O") == 0) { - org = strdup(keyval[1]); - } - if (g_strcmp0(keyval[0], "emailAddress") == 0) { - email = strdup(keyval[1]); - } - } - g_strfreev(keyval); - } - g_strfreev(fields); - cons_show(""); cons_show_error("TLS certificate verification failed: %s", errormsg); - if (domain) { - cons_show(" Domain : %s", domain); - } - if (org) { - cons_show(" Organisation : %s", org); - } - if (email) { - cons_show(" Email : %s", email); - } - cons_show(" Fingerprint : %s", certfp); - cons_show(" Start : %s", notbefore); - cons_show(" End : %s", notafter); + cons_show_tlscert(cert); cons_show(""); cons_show("Use '/tls allow' to accept this certificate"); cons_show("Use '/tls always' to accept this certificate permanently"); @@ -788,28 +754,17 @@ sv_ev_certfail(const char *const errormsg, const char *const certname, const cha } if (g_strcmp0(cmd, "/tls allow") == 0) { - tlscerts_set_current(certfp); + tlscerts_set_current(cert->fingerprint); free(cmd); - free(domain); - free(org); - free(email); return 1; } else if (g_strcmp0(cmd, "/tls always") == 0) { - if (!tlscerts_exists(certfp)) { - TLSCertificate *cert = tlscerts_new(certfp, domain, org, email, notbefore, notafter); + if (!tlscerts_exists(cert->fingerprint)) { tlscerts_add(cert); - tlscerts_free(cert); } free(cmd); - free(domain); - free(org); - free(email); return 1; } else { free(cmd); - free(domain); - free(org); - free(email); return 0; } } |