diff options
author | Jaakko Keränen <jaakko.keranen@iki.fi> | 2021-11-09 11:11:54 +0200 |
---|---|---|
committer | Jaakko Keränen <jaakko.keranen@iki.fi> | 2021-11-09 11:12:10 +0200 |
commit | c9372aaf43992ac15b66d43ee1859f21fef862ac (patch) | |
tree | 8e5ca15909bbbe7f66d87fb224bb4c6483e4c26f /src | |
parent | bc83f14c8822977caa80c95c8d06941e124e2008 (diff) |
GmCerts: Allow trusting certificate regardless of domain name
Diffstat (limited to 'src')
-rw-r--r-- | src/gmcerts.c | 8 | ||||
-rw-r--r-- | src/ui/documentwidget.c | 2 |
2 files changed, 4 insertions, 6 deletions
diff --git a/src/gmcerts.c b/src/gmcerts.c index 9073f2e7..36fd7d55 100644 --- a/src/gmcerts.c +++ b/src/gmcerts.c | |||
@@ -457,10 +457,8 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTls | |||
457 | return iFalse; | 457 | return iFalse; |
458 | } | 458 | } |
459 | /* We trust CA verification implicitly. */ | 459 | /* We trust CA verification implicitly. */ |
460 | const iBool isCATrusted = (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus); | 460 | const iBool isCATrusted = (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus); |
461 | if (!verifyDomain_GmCerts(cert, domain)) { | 461 | const iBool isDomainValid = verifyDomain_GmCerts(cert, domain); |
462 | return iFalse; | ||
463 | } | ||
464 | /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */ | 462 | /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */ |
465 | /* Good certificate. If not already trusted, add it now. */ | 463 | /* Good certificate. If not already trusted, add it now. */ |
466 | iDate until; | 464 | iDate until; |
@@ -470,7 +468,7 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTls | |||
470 | init_String(&key); | 468 | init_String(&key); |
471 | makeTrustKey_(domain, port, &key); | 469 | makeTrustKey_(domain, port, &key); |
472 | lock_Mutex(d->mtx); | 470 | lock_Mutex(d->mtx); |
473 | iBool ok = !isExpired_TlsCertificate(cert); | 471 | iBool ok = isDomainValid && !isExpired_TlsCertificate(cert); |
474 | iTrustEntry *trust = value_StringHash(d->trusted, &key); | 472 | iTrustEntry *trust = value_StringHash(d->trusted, &key); |
475 | if (trust) { | 473 | if (trust) { |
476 | /* We already have it, check if it matches the one we trust for this domain (if it's | 474 | /* We already have it, check if it matches the one we trust for this domain (if it's |
diff --git a/src/ui/documentwidget.c b/src/ui/documentwidget.c index 60662b03..41ca1d7f 100644 --- a/src/ui/documentwidget.c +++ b/src/ui/documentwidget.c | |||
@@ -2836,7 +2836,7 @@ static iBool handleCommand_DocumentWidget_(iDocumentWidget *d, const char *cmd) | |||
2836 | const iBool haveFingerprint = (d->certFlags & haveFingerprint_GmCertFlag) != 0; | 2836 | const iBool haveFingerprint = (d->certFlags & haveFingerprint_GmCertFlag) != 0; |
2837 | const iBool canTrust = | 2837 | const iBool canTrust = |
2838 | (d->certFlags == (available_GmCertFlag | haveFingerprint_GmCertFlag | | 2838 | (d->certFlags == (available_GmCertFlag | haveFingerprint_GmCertFlag | |
2839 | timeVerified_GmCertFlag | domainVerified_GmCertFlag)); | 2839 | timeVerified_GmCertFlag /* | domainVerified_GmCertFlag*/)); |
2840 | const iRecentUrl *recent = findUrl_History(d->mod.history, d->mod.url); | 2840 | const iRecentUrl *recent = findUrl_History(d->mod.history, d->mod.url); |
2841 | const iString *meta = &d->sourceMime; | 2841 | const iString *meta = &d->sourceMime; |
2842 | if (recent && recent->cachedResponse) { | 2842 | if (recent && recent->cachedResponse) { |