diff options
author | Jaakko Keränen <jaakko.keranen@iki.fi> | 2021-07-13 10:41:00 +0300 |
---|---|---|
committer | Jaakko Keränen <jaakko.keranen@iki.fi> | 2021-07-13 10:41:00 +0300 |
commit | 07156681f635a18f0b4e8e76fce60a723c8cddd8 (patch) | |
tree | 5491820c9deb03ef02d174fe03bbe1bc6b012b98 /src/gmcerts.c | |
parent | 0076a605540337bd89d37b7887541144e44b20f3 (diff) |
GmCerts: Make the server port known
Diffstat (limited to 'src/gmcerts.c')
-rw-r--r-- | src/gmcerts.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/gmcerts.c b/src/gmcerts.c index 8577cf2b..4b84aa05 100644 --- a/src/gmcerts.c +++ b/src/gmcerts.c | |||
@@ -426,7 +426,7 @@ iBool verifyDomain_GmCerts(const iTlsCertificate *cert, iRangecc domain) { | |||
426 | return iFalse; | 426 | return iFalse; |
427 | } | 427 | } |
428 | 428 | ||
429 | iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *cert) { | 429 | iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTlsCertificate *cert) { |
430 | if (!cert) { | 430 | if (!cert) { |
431 | return iFalse; | 431 | return iFalse; |
432 | } | 432 | } |
@@ -441,6 +441,9 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce | |||
441 | /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */ | 441 | /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */ |
442 | /* Good certificate. If not already trusted, add it now. */ | 442 | /* Good certificate. If not already trusted, add it now. */ |
443 | iString *key = newRange_String(domain); | 443 | iString *key = newRange_String(domain); |
444 | if (port && port != GEMINI_DEFAULT_PORT) { | ||
445 | appendFormat_String(key, ":%u", port); | ||
446 | } | ||
444 | iDate until; | 447 | iDate until; |
445 | validUntil_TlsCertificate(cert, &until); | 448 | validUntil_TlsCertificate(cert, &until); |
446 | iBlock *fingerprint = fingerprint_TlsCertificate(cert); | 449 | iBlock *fingerprint = fingerprint_TlsCertificate(cert); |
@@ -471,10 +474,13 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce | |||
471 | return iTrue; | 474 | return iTrue; |
472 | } | 475 | } |
473 | 476 | ||
474 | void setTrusted_GmCerts(iGmCerts *d, iRangecc domain, const iBlock *fingerprint, | 477 | void setTrusted_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iBlock *fingerprint, |
475 | const iDate *validUntil) { | 478 | const iDate *validUntil) { |
476 | iString *key = collectNew_String(); | 479 | iString *key = collectNew_String(); |
477 | punyEncodeDomain_Rangecc(domain, key); | 480 | punyEncodeDomain_Rangecc(domain, key); |
481 | if (port && port != GEMINI_DEFAULT_PORT) { | ||
482 | appendFormat_String(key, ":%u", port); | ||
483 | } | ||
478 | lock_Mutex(d->mtx); | 484 | lock_Mutex(d->mtx); |
479 | iTrustEntry *trust = value_StringHash(d->trusted, key); | 485 | iTrustEntry *trust = value_StringHash(d->trusted, key); |
480 | if (trust) { | 486 | if (trust) { |
@@ -488,12 +494,15 @@ void setTrusted_GmCerts(iGmCerts *d, iRangecc domain, const iBlock *fingerprint, | |||
488 | unlock_Mutex(d->mtx); | 494 | unlock_Mutex(d->mtx); |
489 | } | 495 | } |
490 | 496 | ||
491 | iTime domainValidUntil_GmCerts(const iGmCerts *d, iRangecc domain) { | 497 | iTime domainValidUntil_GmCerts(const iGmCerts *d, iRangecc domain, uint16_t port) { |
492 | iTime expiry; | 498 | iTime expiry; |
493 | iZap(expiry); | 499 | iZap(expiry); |
494 | lock_Mutex(d->mtx); | 500 | lock_Mutex(d->mtx); |
495 | iString key; | 501 | iString key; |
496 | initRange_String(&key, domain); | 502 | initRange_String(&key, domain); |
503 | if (port && port != GEMINI_DEFAULT_PORT) { | ||
504 | appendFormat_String(&key, ":%u", port); | ||
505 | } | ||
497 | const iTrustEntry *trust = constValue_StringHash(d->trusted, &key); | 506 | const iTrustEntry *trust = constValue_StringHash(d->trusted, &key); |
498 | if (trust) { | 507 | if (trust) { |
499 | expiry = trust->validUntil; | 508 | expiry = trust->validUntil; |