From 7f1f9787cb6de128d2ddc628dd57b9d89cba51ec Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 22 Mar 2022 11:26:53 +0100 Subject: add profanity-specific CAfile The profanity-internal mechanism to allow connecting to a server isn't easily portable to cURL. Therefor introduce a profanity-specific CAfile which is managed individually and will be configured in libcurl calls. Signed-off-by: Steffen Jaeckel --- src/config/cafile.c | 106 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 src/config/cafile.c (limited to 'src/config/cafile.c') diff --git a/src/config/cafile.c b/src/config/cafile.c new file mode 100644 index 00000000..4ac832bf --- /dev/null +++ b/src/config/cafile.c @@ -0,0 +1,106 @@ +/* + * cafile.c + * vim: expandtab:ts=4:sts=4:sw=4 + * + * Copyright (C) 2022 Steffen Jaeckel + * + * This file is part of Profanity. + * + * Profanity is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Profanity is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Profanity. If not, see . + * + * In addition, as a special exception, the copyright holders give permission to + * link the code of portions of this program with the OpenSSL library under + * certain conditions as described in each individual source file, and + * distribute linked combinations including the two. + * + * You must obey the GNU General Public License in all respects for all of the + * code used other than OpenSSL. If you modify file(s) with this exception, you + * may extend this exception to your version of the file(s), but you are not + * obligated to do so. If you do not wish to do so, delete this exception + * statement from your version. If you delete this exception statement from all + * source files in the program, then also delete it here. + * + */ + +#include +#include +#include +#include +#include + +#include "common.h" +#include "config/files.h" +#include "log.h" + +static gchar* +_cafile_name(void) +{ + gchar* certs_dir = files_get_data_path(DIR_CERTS); + if (!create_dir(certs_dir)) { + g_free(certs_dir); + return NULL; + } + gchar* filename = g_strdup_printf("%s/CAfile.pem", certs_dir); + g_free(certs_dir); + return filename; +} + +void +cafile_add(const TLSCertificate* cert) +{ + if (!cert->pem) { + log_error("[CAfile] can't store cert with fingerprint %s: PEM is empty", cert->fingerprint); + return; + } + gchar* cafile = _cafile_name(); + if (!cafile) + return; + gchar *contents = NULL, *new_contents = NULL; + gsize length; + GError* glib_error = NULL; + if (g_file_test(cafile, G_FILE_TEST_EXISTS)) { + if (!g_file_get_contents(cafile, &contents, &length, &glib_error)) { + log_error("[CAfile] could not read from %s: %s", cafile, glib_error ? glib_error->message : "No GLib error given"); + goto out; + } + if (strstr(contents, cert->fingerprint)) { + log_debug("[CAfile] fingerprint %s already stored", cert->fingerprint); + goto out; + } + } + const char* header = "# Profanity CAfile\n# DO NOT EDIT - this file is automatically generated"; + new_contents = g_strdup_printf("%s\n\n# %s\n%s", contents ? contents : header, cert->fingerprint, cert->pem); + if (!g_file_set_contents(cafile, new_contents, -1, &glib_error)) + log_error("[CAfile] could not write to %s: %s", cafile, glib_error ? glib_error->message : "No GLib error given"); +out: + g_free(new_contents); + g_free(contents); + g_free(cafile); +} + +gchar* +cafile_get_name(void) +{ + gchar* cafile = _cafile_name(); + if (!g_file_test(cafile, G_FILE_TEST_EXISTS)) { + /* That's no problem! + * There's no need to have a profanity-specific CAfile if all CA's + * of servers you're trying to connect to are in your OS trust-store + */ + log_debug("[CAfile] file %s not created yet", cafile); + g_free(cafile); + cafile = NULL; + } + return cafile; +} -- cgit 1.4.1-2-gfad0