summaryrefslogtreecommitdiff
path: root/src/gmcerts.c
diff options
context:
space:
mode:
authorJaakko Keränen <jaakko.keranen@iki.fi>2021-07-13 10:41:00 +0300
committerJaakko Keränen <jaakko.keranen@iki.fi>2021-07-13 10:41:00 +0300
commit07156681f635a18f0b4e8e76fce60a723c8cddd8 (patch)
tree5491820c9deb03ef02d174fe03bbe1bc6b012b98 /src/gmcerts.c
parent0076a605540337bd89d37b7887541144e44b20f3 (diff)
GmCerts: Make the server port known
Diffstat (limited to 'src/gmcerts.c')
-rw-r--r--src/gmcerts.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/src/gmcerts.c b/src/gmcerts.c
index 8577cf2b..4b84aa05 100644
--- a/src/gmcerts.c
+++ b/src/gmcerts.c
@@ -426,7 +426,7 @@ iBool verifyDomain_GmCerts(const iTlsCertificate *cert, iRangecc domain) {
426 return iFalse; 426 return iFalse;
427} 427}
428 428
429iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *cert) { 429iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTlsCertificate *cert) {
430 if (!cert) { 430 if (!cert) {
431 return iFalse; 431 return iFalse;
432 } 432 }
@@ -441,6 +441,9 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce
441 /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */ 441 /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */
442 /* Good certificate. If not already trusted, add it now. */ 442 /* Good certificate. If not already trusted, add it now. */
443 iString *key = newRange_String(domain); 443 iString *key = newRange_String(domain);
444 if (port && port != GEMINI_DEFAULT_PORT) {
445 appendFormat_String(key, ":%u", port);
446 }
444 iDate until; 447 iDate until;
445 validUntil_TlsCertificate(cert, &until); 448 validUntil_TlsCertificate(cert, &until);
446 iBlock *fingerprint = fingerprint_TlsCertificate(cert); 449 iBlock *fingerprint = fingerprint_TlsCertificate(cert);
@@ -471,10 +474,13 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce
471 return iTrue; 474 return iTrue;
472} 475}
473 476
474void setTrusted_GmCerts(iGmCerts *d, iRangecc domain, const iBlock *fingerprint, 477void setTrusted_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iBlock *fingerprint,
475 const iDate *validUntil) { 478 const iDate *validUntil) {
476 iString *key = collectNew_String(); 479 iString *key = collectNew_String();
477 punyEncodeDomain_Rangecc(domain, key); 480 punyEncodeDomain_Rangecc(domain, key);
481 if (port && port != GEMINI_DEFAULT_PORT) {
482 appendFormat_String(key, ":%u", port);
483 }
478 lock_Mutex(d->mtx); 484 lock_Mutex(d->mtx);
479 iTrustEntry *trust = value_StringHash(d->trusted, key); 485 iTrustEntry *trust = value_StringHash(d->trusted, key);
480 if (trust) { 486 if (trust) {
@@ -488,12 +494,15 @@ void setTrusted_GmCerts(iGmCerts *d, iRangecc domain, const iBlock *fingerprint,
488 unlock_Mutex(d->mtx); 494 unlock_Mutex(d->mtx);
489} 495}
490 496
491iTime domainValidUntil_GmCerts(const iGmCerts *d, iRangecc domain) { 497iTime domainValidUntil_GmCerts(const iGmCerts *d, iRangecc domain, uint16_t port) {
492 iTime expiry; 498 iTime expiry;
493 iZap(expiry); 499 iZap(expiry);
494 lock_Mutex(d->mtx); 500 lock_Mutex(d->mtx);
495 iString key; 501 iString key;
496 initRange_String(&key, domain); 502 initRange_String(&key, domain);
503 if (port && port != GEMINI_DEFAULT_PORT) {
504 appendFormat_String(&key, ":%u", port);
505 }
497 const iTrustEntry *trust = constValue_StringHash(d->trusted, &key); 506 const iTrustEntry *trust = constValue_StringHash(d->trusted, &key);
498 if (trust) { 507 if (trust) {
499 expiry = trust->validUntil; 508 expiry = trust->validUntil;
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 23:11:43 +0000