summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJaakko Keränen <jaakko.keranen@iki.fi>2021-11-09 11:11:54 +0200
committerJaakko Keränen <jaakko.keranen@iki.fi>2021-11-09 11:12:10 +0200
commitc9372aaf43992ac15b66d43ee1859f21fef862ac (patch)
tree8e5ca15909bbbe7f66d87fb224bb4c6483e4c26f /src
parentbc83f14c8822977caa80c95c8d06941e124e2008 (diff)
GmCerts: Allow trusting certificate regardless of domain name
Diffstat (limited to 'src')
-rw-r--r--src/gmcerts.c8
-rw-r--r--src/ui/documentwidget.c2
2 files changed, 4 insertions, 6 deletions
diff --git a/src/gmcerts.c b/src/gmcerts.c
index 9073f2e7..36fd7d55 100644
--- a/src/gmcerts.c
+++ b/src/gmcerts.c
@@ -457,10 +457,8 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTls
457 return iFalse; 457 return iFalse;
458 } 458 }
459 /* We trust CA verification implicitly. */ 459 /* We trust CA verification implicitly. */
460 const iBool isCATrusted = (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus); 460 const iBool isCATrusted = (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus);
461 if (!verifyDomain_GmCerts(cert, domain)) { 461 const iBool isDomainValid = verifyDomain_GmCerts(cert, domain);
462 return iFalse;
463 }
464 /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */ 462 /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */
465 /* Good certificate. If not already trusted, add it now. */ 463 /* Good certificate. If not already trusted, add it now. */
466 iDate until; 464 iDate until;
@@ -470,7 +468,7 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTls
470 init_String(&key); 468 init_String(&key);
471 makeTrustKey_(domain, port, &key); 469 makeTrustKey_(domain, port, &key);
472 lock_Mutex(d->mtx); 470 lock_Mutex(d->mtx);
473 iBool ok = !isExpired_TlsCertificate(cert); 471 iBool ok = isDomainValid && !isExpired_TlsCertificate(cert);
474 iTrustEntry *trust = value_StringHash(d->trusted, &key); 472 iTrustEntry *trust = value_StringHash(d->trusted, &key);
475 if (trust) { 473 if (trust) {
476 /* We already have it, check if it matches the one we trust for this domain (if it's 474 /* We already have it, check if it matches the one we trust for this domain (if it's
diff --git a/src/ui/documentwidget.c b/src/ui/documentwidget.c
index 60662b03..41ca1d7f 100644
--- a/src/ui/documentwidget.c
+++ b/src/ui/documentwidget.c
@@ -2836,7 +2836,7 @@ static iBool handleCommand_DocumentWidget_(iDocumentWidget *d, const char *cmd)
2836 const iBool haveFingerprint = (d->certFlags & haveFingerprint_GmCertFlag) != 0; 2836 const iBool haveFingerprint = (d->certFlags & haveFingerprint_GmCertFlag) != 0;
2837 const iBool canTrust = 2837 const iBool canTrust =
2838 (d->certFlags == (available_GmCertFlag | haveFingerprint_GmCertFlag | 2838 (d->certFlags == (available_GmCertFlag | haveFingerprint_GmCertFlag |
2839 timeVerified_GmCertFlag | domainVerified_GmCertFlag)); 2839 timeVerified_GmCertFlag /* | domainVerified_GmCertFlag*/));
2840 const iRecentUrl *recent = findUrl_History(d->mod.history, d->mod.url); 2840 const iRecentUrl *recent = findUrl_History(d->mod.history, d->mod.url);
2841 const iString *meta = &d->sourceMime; 2841 const iString *meta = &d->sourceMime;
2842 if (recent && recent->cachedResponse) { 2842 if (recent && recent->cachedResponse) {