diff options
| author | Jaakko Keränen <jaakko.keranen@iki.fi> | 2021-11-09 11:11:54 +0200 |
|---|---|---|
| committer | Jaakko Keränen <jaakko.keranen@iki.fi> | 2021-11-09 11:12:10 +0200 |
| commit | c9372aaf43992ac15b66d43ee1859f21fef862ac (patch) | |
| tree | 8e5ca15909bbbe7f66d87fb224bb4c6483e4c26f | |
| parent | bc83f14c8822977caa80c95c8d06941e124e2008 (diff) | |
GmCerts: Allow trusting certificate regardless of domain name
| -rw-r--r-- | src/gmcerts.c | 8 | ||||
| -rw-r--r-- | src/ui/documentwidget.c | 2 |
2 files changed, 4 insertions, 6 deletions
diff --git a/src/gmcerts.c b/src/gmcerts.c index 9073f2e7..36fd7d55 100644 --- a/src/gmcerts.c +++ b/src/gmcerts.c | |||
| @@ -457,10 +457,8 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTls | |||
| 457 | return iFalse; | 457 | return iFalse; |
| 458 | } | 458 | } |
| 459 | /* We trust CA verification implicitly. */ | 459 | /* We trust CA verification implicitly. */ |
| 460 | const iBool isCATrusted = (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus); | 460 | const iBool isCATrusted = (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus); |
| 461 | if (!verifyDomain_GmCerts(cert, domain)) { | 461 | const iBool isDomainValid = verifyDomain_GmCerts(cert, domain); |
| 462 | return iFalse; | ||
| 463 | } | ||
| 464 | /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */ | 462 | /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */ |
| 465 | /* Good certificate. If not already trusted, add it now. */ | 463 | /* Good certificate. If not already trusted, add it now. */ |
| 466 | iDate until; | 464 | iDate until; |
| @@ -470,7 +468,7 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTls | |||
| 470 | init_String(&key); | 468 | init_String(&key); |
| 471 | makeTrustKey_(domain, port, &key); | 469 | makeTrustKey_(domain, port, &key); |
| 472 | lock_Mutex(d->mtx); | 470 | lock_Mutex(d->mtx); |
| 473 | iBool ok = !isExpired_TlsCertificate(cert); | 471 | iBool ok = isDomainValid && !isExpired_TlsCertificate(cert); |
| 474 | iTrustEntry *trust = value_StringHash(d->trusted, &key); | 472 | iTrustEntry *trust = value_StringHash(d->trusted, &key); |
| 475 | if (trust) { | 473 | if (trust) { |
| 476 | /* We already have it, check if it matches the one we trust for this domain (if it's | 474 | /* We already have it, check if it matches the one we trust for this domain (if it's |
diff --git a/src/ui/documentwidget.c b/src/ui/documentwidget.c index 60662b03..41ca1d7f 100644 --- a/src/ui/documentwidget.c +++ b/src/ui/documentwidget.c | |||
| @@ -2836,7 +2836,7 @@ static iBool handleCommand_DocumentWidget_(iDocumentWidget *d, const char *cmd) | |||
| 2836 | const iBool haveFingerprint = (d->certFlags & haveFingerprint_GmCertFlag) != 0; | 2836 | const iBool haveFingerprint = (d->certFlags & haveFingerprint_GmCertFlag) != 0; |
| 2837 | const iBool canTrust = | 2837 | const iBool canTrust = |
| 2838 | (d->certFlags == (available_GmCertFlag | haveFingerprint_GmCertFlag | | 2838 | (d->certFlags == (available_GmCertFlag | haveFingerprint_GmCertFlag | |
| 2839 | timeVerified_GmCertFlag | domainVerified_GmCertFlag)); | 2839 | timeVerified_GmCertFlag /* | domainVerified_GmCertFlag*/)); |
| 2840 | const iRecentUrl *recent = findUrl_History(d->mod.history, d->mod.url); | 2840 | const iRecentUrl *recent = findUrl_History(d->mod.history, d->mod.url); |
| 2841 | const iString *meta = &d->sourceMime; | 2841 | const iString *meta = &d->sourceMime; |
| 2842 | if (recent && recent->cachedResponse) { | 2842 | if (recent && recent->cachedResponse) { |