Manually trusting a server certificate

author: Jaakko Keränen <jaakko.keranen@iki.fi> 2020-11-08 13:45:51 +0200
committer: Jaakko Keränen <jaakko.keranen@iki.fi> 2020-11-08 13:45:51 +0200
commit: bb53ff49396cae88836ff391fd20589a687ae83f (patch)
tree: aadc25a24ed2e12809298791f4566d7e1ecfb770 /src/gmcerts.c
parent: c0280998be065ab075581e46c52c6cc27e4b21a9 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/src/gmcerts.c b/src/gmcerts.c
index 27b226a0..f7475348 100644
--- a/src/gmcerts.c
+++ b/src/gmcerts.c
@@ -381,6 +381,7 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce
    if (!verifyDomain_TlsCertificate(cert, domain)) {
        return iFalse;
    }
+    /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */
    /* Good certificate. If not already trusted, add it now. */
    iString *key = newRange_String(domain);
    iDate until;
@@ -415,6 +416,22 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce
    return iTrue;
 }
+void setTrusted_GmCerts(iGmCerts *d, iRangecc domain, const iBlock *fingerprint,
+                        const iDate *validUntil) {
+    iString *key = collect_String(newRange_String(domain));
+    lock_Mutex(d->mtx);
+    iTrustEntry *trust = value_StringHash(d->trusted, key);
+    if (trust) {
+        init_Time(&trust->validUntil, validUntil);
+        set_Block(&trust->fingerprint, fingerprint);
+    }
+    else {
+        insert_StringHash(d->trusted, key, iClob(trust = new_TrustEntry(fingerprint, validUntil)));
+    }
+    save_GmCerts_(d);
+    unlock_Mutex(d->mtx);
+}
 iGmIdentity *identity_GmCerts(iGmCerts *d, unsigned int id) {
    return at_PtrArray(&d->idents, id);
 }
author	Jaakko Keränen <jaakko.keranen@iki.fi>	2020-11-08 13:45:51 +0200
committer	Jaakko Keränen <jaakko.keranen@iki.fi>	2020-11-08 13:45:51 +0200
commit	bb53ff49396cae88836ff391fd20589a687ae83f (patch)
tree	aadc25a24ed2e12809298791f4566d7e1ecfb770 /src/gmcerts.c
parent	c0280998be065ab075581e46c52c6cc27e4b21a9 (diff)

diff --git a/src/gmcerts.c b/src/gmcerts.c index 27b226a0..f7475348 100644 --- a/src/gmcerts.c +++ b/src/gmcerts.c
@@ -381,6 +381,7 @@ iBool checkTrust_GmCerts(iGmCerts d, iRangecc domain, const iTlsCertificate ce
381	if (!verifyDomain_TlsCertificate(cert, domain)) {	381	if (!verifyDomain_TlsCertificate(cert, domain)) {
382	return iFalse;	382	return iFalse;
383	}	383	}
		384	/* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */
384	/* Good certificate. If not already trusted, add it now. */	385	/* Good certificate. If not already trusted, add it now. */
385	iString *key = newRange_String(domain);	386	iString *key = newRange_String(domain);
386	iDate until;	387	iDate until;
@@ -415,6 +416,22 @@ iBool checkTrust_GmCerts(iGmCerts d, iRangecc domain, const iTlsCertificate ce
415	return iTrue;	416	return iTrue;
416	}	417	}
417		418
		419	void setTrusted_GmCerts(iGmCerts d, iRangecc domain, const iBlock fingerprint,
		420	const iDate *validUntil) {
		421	iString *key = collect_String(newRange_String(domain));
		422	lock_Mutex(d->mtx);
		423	iTrustEntry *trust = value_StringHash(d->trusted, key);
		424	if (trust) {
		425	init_Time(&trust->validUntil, validUntil);
		426	set_Block(&trust->fingerprint, fingerprint);
		427	}
		428	else {
		429	insert_StringHash(d->trusted, key, iClob(trust = new_TrustEntry(fingerprint, validUntil)));
		430	}
		431	save_GmCerts_(d);
		432	unlock_Mutex(d->mtx);
		433	}
		434
418	iGmIdentity identity_GmCerts(iGmCerts d, unsigned int id) {	435	iGmIdentity identity_GmCerts(iGmCerts d, unsigned int id) {
419	return at_PtrArray(&d->idents, id);	436	return at_PtrArray(&d->idents, id);
420	}	437	}