Added /tls cert to show current certificate fingerprint

This commit is contained in:
James Booth
2015-11-09 23:31:21 +00:00
parent 4cbfb88814
commit bee27f4773
5 changed files with 61 additions and 0 deletions

View File

@@ -206,6 +206,7 @@ static struct cmd_t command_defs[] =
"/tls allow",
"/tls always",
"/tls deny",
"/tls cert",
"/tls trusted",
"/tls revoke <fingerprint>",
"/tls certpath",
@@ -218,6 +219,7 @@ static struct cmd_t command_defs[] =
{ "allow", "Allow connection to continue with an invalid TLS certificate." },
{ "always", "Always allow connections with this invalid TLS certificate." },
{ "deny", "Terminate TLS connection." },
{ "cert", "Show the current TLS certificate." },
{ "trusted", "List manually trusted certificates (with /tls always)." },
{ "revoke <fingerprint>", "Remove a manually trusted certificate." },
{ "certpath", "Show the trusted certificate path." },
@@ -2220,6 +2222,7 @@ cmd_init(void)
autocomplete_add(tls_ac, "allow");
autocomplete_add(tls_ac, "always");
autocomplete_add(tls_ac, "deny");
autocomplete_add(tls_ac, "cert");
autocomplete_add(tls_ac, "trusted");
autocomplete_add(tls_ac, "revoke");
autocomplete_add(tls_ac, "certpath");

View File

@@ -159,6 +159,7 @@ gboolean
cmd_tls(ProfWin *window, const char *const command, gchar **args)
{
if (g_strcmp0(args[0], "certpath") == 0) {
#ifdef HAVE_LIBMESODE
if (g_strcmp0(args[1], "set") == 0) {
if (args[2] == NULL) {
cons_bad_cmd_usage(command);
@@ -189,7 +190,12 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
cons_bad_cmd_usage(command);
return TRUE;
}
#else
cons_show("Certificate path setting only supported when built with libmesode.");
return TRUE;
#endif
} else if (g_strcmp0(args[0], "trusted") == 0) {
#ifdef HAVE_LIBMESODE
GList *certs = tlscerts_list();
GList *curr = certs;
@@ -224,7 +230,12 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
}
g_list_free_full(certs, (GDestroyNotify)tlscerts_free);
return TRUE;
#else
cons_show("Manual certificate trust only supported when built with libmesode.");
return TRUE;
#endif
} else if (g_strcmp0(args[0], "revoke") == 0) {
#ifdef HAVE_LIBMESODE
if (args[1] == NULL) {
cons_bad_cmd_usage(command);
} else {
@@ -236,8 +247,34 @@ cmd_tls(ProfWin *window, const char *const command, gchar **args)
}
}
return TRUE;
#else
cons_show("Manual certificate trust only supported when built with libmesode.");
return TRUE;
#endif
} else if (g_strcmp0(args[0], "show") == 0) {
return _cmd_set_boolean_preference(args[1], command, "TLS titlebar indicator", PREF_TLS_SHOW);
} else if (g_strcmp0(args[0], "cert") == 0) {
#ifdef HAVE_LIBMESODE
jabber_conn_status_t conn_status = jabber_get_connection_status();
if (conn_status != JABBER_CONNECTED) {
cons_show("You are not currently connected.");
return TRUE;
}
if (!jabber_conn_is_secured()) {
cons_show("No TLS connection established");
return TRUE;
}
char *cert = jabber_get_tls_peer_cert();
if (cert) {
cons_show("TLS certificate fingerprint: %s", cert);
} else {
cons_show("Error getting TLS fingerprint.");
}
return TRUE;
#else
cons_show("Certificate fetching not supported.");
return TRUE;
#endif
} else {
cons_bad_cmd_usage(command);
return TRUE;