diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/command/command.c | 11 | ||||
-rw-r--r-- | src/command/commands.c | 14 |
2 files changed, 21 insertions, 4 deletions
diff --git a/src/command/command.c b/src/command/command.c index e75757bb..2b8b4d8b 100644 --- a/src/command/command.c +++ b/src/command/command.c @@ -207,6 +207,7 @@ static struct cmd_t command_defs[] = "/tls always", "/tls deny", "/tls cert", + "/tls trust", "/tls trusted", "/tls revoke <fingerprint>", "/tls certpath", @@ -216,11 +217,12 @@ static struct cmd_t command_defs[] = CMD_DESC( "Handle TLS certificates. ") CMD_ARGS( - { "allow", "Allow connection to continue with an invalid TLS certificate." }, - { "always", "Always allow connections with this invalid TLS certificate." }, - { "deny", "Terminate TLS connection." }, + { "allow", "Allow connection to continue with TLS certificate." }, + { "always", "Always allow connections with TLS certificate." }, + { "deny", "Abort connection." }, { "cert", "Show the current TLS certificate." }, - { "trusted", "List manually trusted certificates (with /tls always)." }, + { "trust", "Add the current TLS certificate to manually trusted certiciates." }, + { "trusted", "List manually trusted certificates (with '/tls always' or '/tls trust')." }, { "revoke <fingerprint>", "Remove a manually trusted certificate." }, { "certpath", "Show the trusted certificate path." }, { "certpath set <path>", "Specify filesystem path containing trusted certificates." }, @@ -2223,6 +2225,7 @@ cmd_init(void) autocomplete_add(tls_ac, "always"); autocomplete_add(tls_ac, "deny"); autocomplete_add(tls_ac, "cert"); + autocomplete_add(tls_ac, "trust"); autocomplete_add(tls_ac, "trusted"); autocomplete_add(tls_ac, "revoke"); autocomplete_add(tls_ac, "certpath"); diff --git a/src/command/commands.c b/src/command/commands.c index 2c3ee1fa..1a74ebc1 100644 --- a/src/command/commands.c +++ b/src/command/commands.c @@ -194,6 +194,20 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args) cons_show("Certificate path setting only supported when built with libmesode."); return TRUE; #endif + } else if (g_strcmp0(args[0], "trust") == 0) { +#ifdef HAVE_LIBMESODE + TLSCertificate *cert = jabber_get_tls_peer_cert(); + if (!tlscerts_exists(cert->fingerprint)) { + cons_show("Adding %s to trusted certificates.", cert->fingerprint); + tlscerts_add(cert); + } else { + cons_show("Certificate %s already trusted.", cert->fingerprint); + } + return TRUE; +#else + cons_show("Manual certificate trust only supported when built with libmesode."); + return TRUE; +#endif } else if (g_strcmp0(args[0], "trusted") == 0) { #ifdef HAVE_LIBMESODE GList *certs = tlscerts_list(); |