diff --git a/src/command/cmd_funcs.c b/src/command/cmd_funcs.c index ffdaa11d..e26048b9 100644 --- a/src/command/cmd_funcs.c +++ b/src/command/cmd_funcs.c @@ -294,12 +294,12 @@ cmd_tls_trust(ProfWin* window, const char* const command, gchar** args) return TRUE; } cafile_add(cert); - if (tlscerts_exists(cert->fingerprint)) { - cons_show("Certificate %s already trusted.", cert->fingerprint); + if (tlscerts_exists(cert)) { + cons_show("Certificate %s already trusted.", cert->fingerprint_sha1); tlscerts_free(cert); return TRUE; } - cons_show("Adding %s to trusted certificates.", cert->fingerprint); + cons_show("Adding %s to trusted certificates.", cert->fingerprint_sha1); tlscerts_add(cert); tlscerts_free(cert); return TRUE; diff --git a/src/config/cafile.c b/src/config/cafile.c index 59aff2fb..1e4a02df 100644 --- a/src/config/cafile.c +++ b/src/config/cafile.c @@ -61,7 +61,7 @@ void cafile_add(const TLSCertificate* cert) { if (!cert->pem) { - log_error("[CAfile] can't store cert with fingerprint %s: PEM is empty", cert->fingerprint); + log_error("[CAfile] can't store cert with fingerprint %s: PEM is empty", cert->fingerprint_sha1); return; } auto_gchar gchar* cafile = _cafile_name(); @@ -76,13 +76,13 @@ cafile_add(const TLSCertificate* cert) log_error("[CAfile] could not read from %s: %s", cafile, glib_error ? glib_error->message : "No GLib error given"); return; } - if (strstr(contents, cert->fingerprint)) { - log_debug("[CAfile] fingerprint %s already stored", cert->fingerprint); + if (strstr(contents, cert->fingerprint_sha1)) { + log_debug("[CAfile] fingerprint %s already stored", cert->fingerprint_sha1); return; } } const char* header = "# Profanity CAfile\n# DO NOT EDIT - this file is automatically generated"; - new_contents = g_strdup_printf("%s\n\n# %s\n%s", contents ? contents : header, cert->fingerprint, cert->pem); + new_contents = g_strdup_printf("%s\n\n# %s\n%s", contents ? contents : header, cert->fingerprint_sha1, cert->pem); if (!g_file_set_contents(cafile, new_contents, -1, &glib_error)) log_error("[CAfile] could not write to %s: %s", cafile, glib_error ? glib_error->message : "No GLib error given"); } diff --git a/src/config/tlscerts.c b/src/config/tlscerts.c index 3f99d003..397889b0 100644 --- a/src/config/tlscerts.c +++ b/src/config/tlscerts.c @@ -90,18 +90,18 @@ tlscerts_init(void) } void -tlscerts_set_current(const char* const fp) +tlscerts_set_current(const TLSCertificate* cert) { if (current_fp) { free(current_fp); } - current_fp = strdup(fp); + current_fp = strdup(cert->fingerprint_sha1); } -char* -tlscerts_get_current(void) +gboolean +tlscerts_current_fingerprint_equals(const TLSCertificate* cert) { - return current_fp; + return g_strcmp0(current_fp, cert->fingerprint_sha1) == 0; } void @@ -114,9 +114,9 @@ tlscerts_clear_current(void) } gboolean -tlscerts_exists(const char* const fingerprint) +tlscerts_exists(const TLSCertificate* cert) { - return g_key_file_has_group(tlscerts, fingerprint); + return g_key_file_has_group(tlscerts, cert->fingerprint_sha1); } GList* @@ -147,14 +147,14 @@ tlscerts_list(void) } TLSCertificate* -tlscerts_new(const char* const fingerprint, int version, const char* const serialnumber, const char* const subjectname, - const char* const issuername, const char* const notbefore, const char* const notafter, - const char* const key_alg, const char* const signature_alg, const char* const pem) +tlscerts_new(const char* fingerprint_sha1, int version, const char* serialnumber, const char* subjectname, + const char* issuername, const char* notbefore, const char* notafter, + const char* key_alg, const char* signature_alg, const char* pem) { TLSCertificate* cert = calloc(1, sizeof(TLSCertificate)); - if (fingerprint) { - cert->fingerprint = strdup(fingerprint); + if (fingerprint_sha1) { + cert->fingerprint_sha1 = strdup(fingerprint_sha1); } cert->version = version; if (serialnumber) { @@ -254,40 +254,40 @@ tlscerts_add(const TLSCertificate* cert) return; } - if (!cert->fingerprint) { + if (!cert->fingerprint_sha1) { return; } - autocomplete_add(certs_ac, cert->fingerprint); + autocomplete_add(certs_ac, cert->fingerprint_sha1); - g_key_file_set_integer(tlscerts, cert->fingerprint, "version", cert->version); + g_key_file_set_integer(tlscerts, cert->fingerprint_sha1, "version", cert->version); if (cert->serialnumber) { - g_key_file_set_string(tlscerts, cert->fingerprint, "serialnumber", cert->serialnumber); + g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "serialnumber", cert->serialnumber); } if (cert->subjectname) { - g_key_file_set_string(tlscerts, cert->fingerprint, "subjectname", cert->subjectname); + g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "subjectname", cert->subjectname); } if (cert->issuername) { - g_key_file_set_string(tlscerts, cert->fingerprint, "issuername", cert->issuername); + g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "issuername", cert->issuername); } if (cert->notbefore) { - g_key_file_set_string(tlscerts, cert->fingerprint, "start", cert->notbefore); + g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "start", cert->notbefore); } if (cert->notafter) { - g_key_file_set_string(tlscerts, cert->fingerprint, "end", cert->notafter); + g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "end", cert->notafter); } if (cert->key_alg) { - g_key_file_set_string(tlscerts, cert->fingerprint, "keyalg", cert->key_alg); + g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "keyalg", cert->key_alg); } if (cert->signature_alg) { - g_key_file_set_string(tlscerts, cert->fingerprint, "signaturealg", cert->signature_alg); + g_key_file_set_string(tlscerts, cert->fingerprint_sha1, "signaturealg", cert->signature_alg); } _save_tlscerts(); } gboolean -tlscerts_revoke(const char* const fingerprint) +tlscerts_revoke(const char* fingerprint) { gboolean result = g_key_file_remove_group(tlscerts, fingerprint, NULL); if (result) { @@ -300,7 +300,7 @@ tlscerts_revoke(const char* const fingerprint) } TLSCertificate* -tlscerts_get_trusted(const char* const fingerprint) +tlscerts_get_trusted(const char* fingerprint) { if (!g_key_file_has_group(tlscerts, fingerprint)) { return NULL; @@ -321,7 +321,7 @@ tlscerts_get_trusted(const char* const fingerprint) } char* -tlscerts_complete(const char* const prefix, gboolean previous, void* context) +tlscerts_complete(const char* prefix, gboolean previous, void* context) { return autocomplete_complete(certs_ac, prefix, TRUE, previous); } @@ -360,7 +360,7 @@ tlscerts_free(TLSCertificate* cert) free(cert->notbefore); free(cert->notafter); - free(cert->fingerprint); + free(cert->fingerprint_sha1); free(cert->key_alg); free(cert->signature_alg); diff --git a/src/config/tlscerts.h b/src/config/tlscerts.h index b8c9b5c4..1a14dd00 100644 --- a/src/config/tlscerts.h +++ b/src/config/tlscerts.h @@ -62,7 +62,7 @@ typedef struct tls_cert_t char* issuer_email; char* notbefore; char* notafter; - char* fingerprint; + char* fingerprint_sha1; char* key_alg; char* signature_alg; char* pem; @@ -70,29 +70,29 @@ typedef struct tls_cert_t void tlscerts_init(void); -TLSCertificate* tlscerts_new(const char* const fingerprint, int version, const char* const serialnumber, const char* const subjectname, - const char* const issuername, const char* const notbefore, const char* const notafter, - const char* const key_alg, const char* const signature_alg, const char* const pem); +TLSCertificate* tlscerts_new(const char* fingerprint_sha1, int version, const char* serialnumber, const char* subjectname, + const char* issuername, const char* notbefore, const char* notafter, + const char* key_alg, const char* signature_alg, const char* pem); -void tlscerts_set_current(const char* const fp); +void tlscerts_set_current(const TLSCertificate* cert); -char* tlscerts_get_current(void); +gboolean tlscerts_current_fingerprint_equals(const TLSCertificate* cert); void tlscerts_clear_current(void); -gboolean tlscerts_exists(const char* const fingerprint); +gboolean tlscerts_exists(const TLSCertificate* cert); void tlscerts_add(const TLSCertificate* cert); -gboolean tlscerts_revoke(const char* const fingerprint); +gboolean tlscerts_revoke(const char* fingerprint); -TLSCertificate* tlscerts_get_trusted(const char* const fingerprint); +TLSCertificate* tlscerts_get_trusted(const char* fingerprint); void tlscerts_free(TLSCertificate* cert); GList* tlscerts_list(void); -char* tlscerts_complete(const char* const prefix, gboolean previous, void* context); +char* tlscerts_complete(const char* prefix, gboolean previous, void* context); void tlscerts_reset_ac(void); diff --git a/src/event/server_events.c b/src/event/server_events.c index 76351605..ae793dec 100644 --- a/src/event/server_events.c +++ b/src/event/server_events.c @@ -1152,14 +1152,13 @@ int sv_ev_certfail(const char* const errormsg, const TLSCertificate* cert) { // check profanity trusted certs - if (tlscerts_exists(cert->fingerprint)) { + if (tlscerts_exists(cert)) { cafile_add(cert); return 1; } // check current cert - char* current_fp = tlscerts_get_current(); - if (current_fp && g_strcmp0(current_fp, cert->fingerprint) == 0) { + if (tlscerts_current_fingerprint_equals(cert)) { return 1; } @@ -1190,11 +1189,11 @@ sv_ev_certfail(const char* const errormsg, const TLSCertificate* cert) if (g_strcmp0(cmd, "/tls allow") == 0) { cons_show("Continuing with connection."); - tlscerts_set_current(cert->fingerprint); + tlscerts_set_current(cert); return 1; } else if (g_strcmp0(cmd, "/tls always") == 0) { - cons_show("Adding %s to trusted certificates.", cert->fingerprint); - if (!tlscerts_exists(cert->fingerprint)) { + cons_show("Adding %s to trusted certificates.", cert->fingerprint_sha1); + if (!tlscerts_exists(cert)) { tlscerts_add(cert); cafile_add(cert); } diff --git a/src/ui/console.c b/src/ui/console.c index f4d950c4..56c3cf6e 100644 --- a/src/ui/console.c +++ b/src/ui/console.c @@ -180,7 +180,7 @@ cons_show_tlscert_summary(const TLSCertificate* cert) cons_show("Subject : %s", cert->subject_commonname); cons_show("Issuer : %s", cert->issuer_commonname); - cons_show("Fingerprint : %s", cert->fingerprint); + cons_show("Fingerprint : %s", cert->fingerprint_sha1); } void @@ -260,7 +260,7 @@ cons_show_tlscert(const TLSCertificate* cert) cons_show(" Start : %s", cert->notbefore); cons_show(" End : %s", cert->notafter); - cons_show(" Fingerprint : %s", cert->fingerprint); + cons_show(" Fingerprint : %s", cert->fingerprint_sha1); } void