diff --git a/src/command/cmd_funcs.c b/src/command/cmd_funcs.c index e26048b9..a90f848d 100644 --- a/src/command/cmd_funcs.c +++ b/src/command/cmd_funcs.c @@ -295,11 +295,11 @@ cmd_tls_trust(ProfWin* window, const char* const command, gchar** args) } cafile_add(cert); if (tlscerts_exists(cert)) { - cons_show("Certificate %s already trusted.", cert->fingerprint_sha1); + cons_show("Certificate %s already trusted.", cert->fingerprint); tlscerts_free(cert); return TRUE; } - cons_show("Adding %s to trusted certificates.", cert->fingerprint_sha1); + cons_show("Adding %s to trusted certificates.", cert->fingerprint); tlscerts_add(cert); tlscerts_free(cert); return TRUE; diff --git a/src/config/cafile.c b/src/config/cafile.c index 1e4a02df..1f3a9584 100644 --- a/src/config/cafile.c +++ b/src/config/cafile.c @@ -61,7 +61,7 @@ void cafile_add(const TLSCertificate* cert) { if (!cert->pem) { - log_error("[CAfile] can't store cert with fingerprint %s: PEM is empty", cert->fingerprint_sha1); + log_error("[CAfile] can't store cert with fingerprint %s: PEM is empty", cert->fingerprint); return; } auto_gchar gchar* cafile = _cafile_name(); @@ -76,13 +76,17 @@ cafile_add(const TLSCertificate* cert) log_error("[CAfile] could not read from %s: %s", cafile, glib_error ? glib_error->message : "No GLib error given"); return; } + if (strstr(contents, cert->fingerprint)) { + log_debug("[CAfile] fingerprint %s already stored", cert->fingerprint); + return; + } if (strstr(contents, cert->fingerprint_sha1)) { log_debug("[CAfile] fingerprint %s already stored", cert->fingerprint_sha1); return; } } const char* header = "# Profanity CAfile\n# DO NOT EDIT - this file is automatically generated"; - new_contents = g_strdup_printf("%s\n\n# %s\n%s", contents ? contents : header, cert->fingerprint_sha1, cert->pem); + new_contents = g_strdup_printf("%s\n# %s\n%s", contents ? contents : header, cert->fingerprint, cert->pem); if (!g_file_set_contents(cafile, new_contents, -1, &glib_error)) log_error("[CAfile] could not write to %s: %s", cafile, glib_error ? glib_error->message : "No GLib error given"); } diff --git a/src/config/tlscerts.c b/src/config/tlscerts.c index 3cd7cf14..d2d59a5e 100644 --- a/src/config/tlscerts.c +++ b/src/config/tlscerts.c @@ -95,13 +95,13 @@ tlscerts_set_current(const TLSCertificate* cert) if (current_fp) { free(current_fp); } - current_fp = strdup(cert->fingerprint_sha1); + current_fp = strdup(cert->fingerprint); } gboolean tlscerts_current_fingerprint_equals(const TLSCertificate* cert) { - return g_strcmp0(current_fp, cert->fingerprint_sha1) == 0; + return g_strcmp0(current_fp, cert->fingerprint) == 0; } void @@ -116,7 +116,7 @@ tlscerts_clear_current(void) gboolean tlscerts_exists(const TLSCertificate* cert) { - return g_key_file_has_group(tlscerts, cert->fingerprint_sha1); + return g_key_file_has_group(tlscerts, cert->fingerprint); } GList* @@ -154,11 +154,15 @@ tlscerts_new(const char* fingerprint_sha1, int version, const char* serialnumber { TLSCertificate* cert = calloc(1, sizeof(TLSCertificate)); - if (fingerprint_sha1) { - cert->fingerprint_sha1 = strdup(fingerprint_sha1); - } if (fingerprint_sha256) { cert->fingerprint_sha256 = strdup(fingerprint_sha256); + cert->fingerprint = cert->fingerprint_sha256; + } + if (fingerprint_sha1) { + cert->fingerprint_sha1 = strdup(fingerprint_sha1); + if (!cert->fingerprint) { + cert->fingerprint = cert->fingerprint_sha1; + } } cert->version = version; if (serialnumber) { @@ -261,33 +265,33 @@ tlscerts_add(const TLSCertificate* cert) return; } - if (!cert->fingerprint_sha1) { + if (!cert->fingerprint) { return; } - autocomplete_add(certs_ac, cert->fingerprint_sha1); + autocomplete_add(certs_ac, cert->fingerprint); - g_key_file_set_integer(tlscerts, cert->fingerprint_sha1, "version", cert->version); + g_key_file_set_integer(tlscerts, cert->fingerprint, "version", cert->version); if (cert->serialnumber) { - g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "serialnumber", cert->serialnumber); + g_key_file_set_string(tlscerts, cert->fingerprint, "serialnumber", cert->serialnumber); } if (cert->subjectname) { - g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "subjectname", cert->subjectname); + g_key_file_set_string(tlscerts, cert->fingerprint, "subjectname", cert->subjectname); } if (cert->issuername) { - g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "issuername", cert->issuername); + g_key_file_set_string(tlscerts, cert->fingerprint, "issuername", cert->issuername); } if (cert->notbefore) { - g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "start", cert->notbefore); + g_key_file_set_string(tlscerts, cert->fingerprint, "start", cert->notbefore); } if (cert->notafter) { - g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "end", cert->notafter); + g_key_file_set_string(tlscerts, cert->fingerprint, "end", cert->notafter); } if (cert->key_alg) { - g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "keyalg", cert->key_alg); + g_key_file_set_string(tlscerts, cert->fingerprint, "keyalg", cert->key_alg); } if (cert->signature_alg) { - g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "signaturealg", cert->signature_alg); + g_key_file_set_string(tlscerts, cert->fingerprint, "signaturealg", cert->signature_alg); } _save_tlscerts(); diff --git a/src/config/tlscerts.h b/src/config/tlscerts.h index 55bc67bd..e7ed7290 100644 --- a/src/config/tlscerts.h +++ b/src/config/tlscerts.h @@ -41,6 +41,7 @@ typedef struct tls_cert_t { int version; + const char* fingerprint; char* serialnumber; char* subjectname; char* subject_country; diff --git a/src/event/server_events.c b/src/event/server_events.c index ae793dec..e85876e8 100644 --- a/src/event/server_events.c +++ b/src/event/server_events.c @@ -1192,7 +1192,7 @@ sv_ev_certfail(const char* const errormsg, const TLSCertificate* cert) tlscerts_set_current(cert); return 1; } else if (g_strcmp0(cmd, "/tls always") == 0) { - cons_show("Adding %s to trusted certificates.", cert->fingerprint_sha1); + cons_show("Adding %s to trusted certificates.", cert->fingerprint); if (!tlscerts_exists(cert)) { tlscerts_add(cert); cafile_add(cert); diff --git a/src/ui/console.c b/src/ui/console.c index ffd520cf..38f9eb4e 100644 --- a/src/ui/console.c +++ b/src/ui/console.c @@ -187,7 +187,7 @@ cons_show_tlscert_summary(const TLSCertificate* cert) cons_show("Subject : %s", cert->subject_commonname); cons_show("Issuer : %s", cert->issuer_commonname); - cons_show("Fingerprint : %s", cert->fingerprint_sha1); + cons_show("Fingerprint : %s", cert->fingerprint); } void