From 5d21e3a3954e947f889f024b8ba9db9e616aa28e Mon Sep 17 00:00:00 2001
From: Josh Rickmar <jrick@devio.us>
Date: Thu, 7 Jun 2012 12:54:25 -0400
Subject: Implement a warn_cert_changes setting to warn users when the remote
 ssl certificate is different from a previously cached certificate to help
 prevent against MITM attacks.  Prompt the user with an action to take (show
 remote cert, allow for that session, or cache the new remote cert).

---
 settings.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'settings.c')

diff --git a/settings.c b/settings.c
index 8a567b2..eabc2ce 100644
--- a/settings.c
+++ b/settings.c
@@ -105,6 +105,7 @@ char		*external_editor = NULL;
 int		referer_mode = XT_DS_REFERER_MODE;
 char		*referer_custom = NULL;
 int		download_notifications = XT_DS_DOWNLOAD_NOTIFICATIONS;
+int		warn_cert_changes = 0;
 
 char		*cmd_font_name = NULL;	/* these are all set at startup */
 char		*oops_font_name = NULL;
@@ -186,6 +187,7 @@ int		set_url_regex(char *);
 int		set_userstyle_global(char *);
 int		set_external_editor(char *);
 int		set_xterm_workaround(char *);
+int		set_warn_cert_changes(char *);
 
 void		walk_mime_type(struct settings *, void (*)(struct settings *,
 		    char *, void *), void *);
@@ -420,6 +422,7 @@ struct settings		rs[] = {
 	{ "referer",			XT_S_STR, 0, NULL, NULL,&s_referer, NULL, set_referer_rt },
 	{ "download_notifications",	XT_S_INT, 0,		&download_notifications, NULL, NULL, NULL, set_download_notifications },
 	{ "include_config",		XT_S_STR, 0, NULL,	&include_config, NULL, NULL, NULL },
+	{ "warn_cert_changes",		XT_S_INT, 0,		&warn_cert_changes, NULL, NULL, NULL, set_warn_cert_changes },
 
 	/* font settings */
 	{ "cmd_font",			XT_S_STR, 0, NULL, &cmd_font_name, NULL, NULL, set_cmd_font },
@@ -2142,6 +2145,19 @@ set_userstyle_global(char *value)
 	return (0);
 }
 
+int
+set_warn_cert_changes(char *value)
+{
+	int			tmp;
+	const char		*errstr;
+
+	tmp = strtonum(value, 0, 1, &errstr);
+	if (errstr)
+		return (-1);
+	warn_cert_changes = tmp;
+	return (0);
+}
+
 char *
 get_edit_mode(struct settings *s)
 {
-- 
cgit 1.4.1-2-gfad0

ater_than'>
<input type='hidden' name='h' value='hlt'/><input type='hidden' name='id' value='79306126a3f6ebe805a5ccc30ad109e7661aa848'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/akkartik/mu/tree/?h=hlt&amp;id=79306126a3f6ebe805a5ccc30ad109e7661aa848'>root</a>/<a href='/akkartik/mu/tree/cpp?h=hlt&amp;id=79306126a3f6ebe805a5ccc30ad109e7661aa848'>cpp</a>/<a href='/akkartik/mu/tree/cpp/.traces?h=hlt&amp;id=79306126a3f6ebe805a5ccc30ad109e7661aa848'>.traces</a>/<a href='/akkartik/mu/tree/cpp/.traces/greater_than?h=hlt&amp;id=79306126a3f6ebe805a5ccc30ad109e7661aa848'>greater_than</a></div><div class='content'>blob: 54d309f71f9c157c3c3d6fc6de6b2015fe133d30 (<a href='/akkartik/mu/plain/cpp/.traces/greater_than?h=hlt&amp;id=79306126a3f6ebe805a5ccc30ad109e7661aa848'>plain</a>) (<a href='/akkartik/mu/blame/cpp/.traces/greater_than?h=hlt&amp;id=79306126a3f6ebe805a5ccc30ad109e7661aa848'>blame</a>)
<table summary='blob content' class='blob'>
<tr><td class='linenumbers'><pre><a id='n1' href='#n1'>1</a>
<a id='n2' href='#n2'>2</a>
<a id='n3' href='#n3'>3</a>
<a id='n4' href='#n4'>4</a>
<a id='n5' href='#n5'>5</a>
<a id='n6' href='#n6'>6</a>
<a id='n7' href='#n7'>7</a>
<a id='n8' href='#n8'>8</a>
<a id='n9' href='#n9'>9</a>
<a id='n10' href='#n10'>10</a>
<a id='n11' href='#n11'>11</a>
<a id='n12' href='#n12'>12</a>
<a id='n13' href='#n13'>13</a>
<a id='n14' href='#n14'>14</a>
<a id='n15' href='#n15'>15</a>
<a id='n16' href='#n16'>16</a>
<a id='n17' href='#n17'>17</a>
<a id='n18' href='#n18'>18</a>
<a id='n19' href='#n19'>19</a>
<a id='n20' href='#n20'>20</a>
<a id='n21' href='#n21'>21</a>
<a id='n22' href='#n22'>22</a>
<a id='n23' href='#n23'>23</a>
<a id='n24' href='#n24'>24</a>
<a id='n25' href='#n25'>25</a>
<a id='n26' href='#n26'>26</a>
<a id='n27' href='#n27'>27</a>
</pre></td>
<td class='lines'><pre><code>