Server certificates may also be verified by CAs

If the CA file/path are configured in preferences, trust CA verification
over manual TOFU checks.

8 files changed, 59 insertions, 7 deletions

diff --git a/src/app.c b/src/app.c
index 9a7ced62..29d0dd17 100644
--- a/src/app.c
+++ b/src/app.c
@@ -224,6 +224,8 @@ static iString *serializePrefs_App_(const iApp *d) {
     appendFormat_String(str, "doctheme.dark.set arg:%d\n", d->prefs.docThemeDark);
     appendFormat_String(str, "doctheme.light.set arg:%d\n", d->prefs.docThemeLight);
     appendFormat_String(str, "saturation.set arg:%d\n", (int) ((d->prefs.saturation * 100) + 0.5f));
+    appendFormat_String(str, "ca.file noset:1 path:%s\n", cstr_String(&d->prefs.caFile));
+    appendFormat_String(str, "ca.path path:%s\n", cstr_String(&d->prefs.caPath));
     appendFormat_String(str, "proxy.gemini address:%s\n", cstr_String(&d->prefs.geminiProxy));
     appendFormat_String(str, "proxy.gopher address:%s\n", cstr_String(&d->prefs.gopherProxy));
     appendFormat_String(str, "proxy.http address:%s\n", cstr_String(&d->prefs.httpProxy));
@@ -306,6 +308,7 @@ static void loadPrefs_App_(iApp *d) {
     }
     else {
         /* default preference values */
+        setCACertificates_TlsRequest(&d->prefs.caFile, &d->prefs.caPath);
     }
 #if !defined (LAGRANGE_CUSTOM_FRAME)
     d->prefs.customFrame = iFalse;
@@ -1205,6 +1208,10 @@ static iBool handlePrefsCommands_(iWidget *d, const char *cmd) {
                          cstr_String(text_InputWidget(findChild_Widget(d, "prefs.searchurl"))));
         postCommandf_App("cachesize.set arg:%d",
                          toInt_String(text_InputWidget(findChild_Widget(d, "prefs.cachesize"))));
+        postCommandf_App("ca.file path:%s",
+                         cstr_String(text_InputWidget(findChild_Widget(d, "prefs.ca.file"))));
+        postCommandf_App("ca.path path:%s",
+                         cstr_String(text_InputWidget(findChild_Widget(d, "prefs.ca.path"))));
         postCommandf_App("proxy.gemini address:%s",
                          cstr_String(text_InputWidget(findChild_Widget(d, "prefs.proxy.gemini"))));
         postCommandf_App("proxy.gopher address:%s",
@@ -1586,6 +1593,20 @@ iBool handleCommand_App(const char *cmd) {
         setCStr_String(&d->prefs.downloadDir, suffixPtr_Command(cmd, "path"));
         return iTrue;
     }
+    else if (equal_Command(cmd, "ca.file")) {
+        setCStr_String(&d->prefs.caFile, suffixPtr_Command(cmd, "path"));
+        if (!argLabel_Command(cmd, "noset")) {
+            setCACertificates_TlsRequest(&d->prefs.caFile, &d->prefs.caPath);
+        }
+        return iTrue;
+    }
+    else if (equal_Command(cmd, "ca.path")) {
+        setCStr_String(&d->prefs.caPath, suffixPtr_Command(cmd, "path"));
+        if (!argLabel_Command(cmd, "noset")) {
+            setCACertificates_TlsRequest(&d->prefs.caFile, &d->prefs.caPath);
+        }
+        return iTrue;
+    }
     else if (equal_Command(cmd, "open")) {
         iString *url = collectNewCStr_String(suffixPtr_Command(cmd, "url"));
         const iBool noProxy = argLabel_Command(cmd, "noproxy");
@@ -1761,6 +1782,8 @@ iBool handleCommand_App(const char *cmd) {
                             collectNewFormat_String("%d", d->prefs.maxCacheSize));
         setToggle_Widget(findChild_Widget(dlg, "prefs.decodeurls"), d->prefs.decodeUserVisibleURLs);
         setText_InputWidget(findChild_Widget(dlg, "prefs.searchurl"), &d->prefs.searchUrl);
+        setText_InputWidget(findChild_Widget(dlg, "prefs.ca.file"), &d->prefs.caFile);
+        setText_InputWidget(findChild_Widget(dlg, "prefs.ca.path"), &d->prefs.caPath);
         setText_InputWidget(findChild_Widget(dlg, "prefs.proxy.gemini"), &d->prefs.geminiProxy);
         setText_InputWidget(findChild_Widget(dlg, "prefs.proxy.gopher"), &d->prefs.gopherProxy);
         setText_InputWidget(findChild_Widget(dlg, "prefs.proxy.http"), &d->prefs.httpProxy);
diff --git a/src/gmcerts.c b/src/gmcerts.c
index da918279..3e629f8f 100644
--- a/src/gmcerts.c
+++ b/src/gmcerts.c
@@ -380,7 +380,9 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce
     if (isExpired_TlsCertificate(cert)) {
         return iFalse;
     }
-    if (!verifyDomain_TlsCertificate(cert, domain)) {
+    /* We trust CA verification implicitly. */
+    const iBool isAuth = verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus;
+    if (!isAuth && !verifyDomain_TlsCertificate(cert, domain)) {
         return iFalse;
     }
     /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */
@@ -394,9 +396,7 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce
     if (trust) {
         /* We already have it, check if it matches the one we trust for this domain (if it's
            still valid. */
-        iTime now;
-        initCurrent_Time(&now);
-        if (secondsSince_Time(&trust->validUntil, &now) > 0) {
+        if (!isAuth && elapsedSeconds_Time(&trust->validUntil) > 0) {
             /* Trusted cert is still valid. */
             const iBool isTrusted = cmp_Block(fingerprint, &trust->fingerprint) == 0;
             unlock_Mutex(d->mtx);
diff --git a/src/gmrequest.c b/src/gmrequest.c
index 0208dc94..ea0a2d80 100644
--- a/src/gmrequest.c
+++ b/src/gmrequest.c
@@ -163,6 +163,9 @@ static void checkServerCertificate_GmRequest_(iGmRequest *d) {
         if (checkTrust_GmCerts(d->certs, domain, cert)) {
             resp->certFlags |= trusted_GmCertFlag;
         }
+        if (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus) {
+            resp->certFlags |= authorityVerified_GmCertFlag;
+        }
         validUntil_TlsCertificate(cert, &resp->certValidUntil);
         set_String(&resp->certSubject, collect_String(subject_TlsCertificate(cert)));
     }
diff --git a/src/gmrequest.h b/src/gmrequest.h
index 6d4eb2f8..9f20e0eb 100644
--- a/src/gmrequest.h
+++ b/src/gmrequest.h
@@ -36,6 +36,7 @@ enum iGmCertFlags {
     timeVerified_GmCertFlag    = iBit(3), /* has not expired */
     domainVerified_GmCertFlag  = iBit(4), /* cert matches server domain */
     haveFingerprint_GmCertFlag = iBit(5),
+    authorityVerified_GmCertFlag = iBit(6),
 };
 
 struct Impl_GmResponse {
diff --git a/src/prefs.c b/src/prefs.c
index 97ad7f48..e3b5d603 100644
--- a/src/prefs.c
+++ b/src/prefs.c
@@ -22,6 +22,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
 
 #include "prefs.h"
 
+#include <the_Foundation/fileinfo.h>
+
 void init_Prefs(iPrefs *d) {
     d->dialogTab         = 0;
     d->useSystemTheme    = iTrue;
@@ -48,6 +50,8 @@ void init_Prefs(iPrefs *d) {
     d->docThemeDark      = colorfulDark_GmDocumentTheme;
     d->docThemeLight     = white_GmDocumentTheme;
     d->saturation        = 1.0f;
+    init_String(&d->caFile);
+    init_String(&d->caPath);
     init_String(&d->geminiProxy);
     init_String(&d->gopherProxy);
     init_String(&d->httpProxy);
@@ -56,6 +60,10 @@ void init_Prefs(iPrefs *d) {
 #if defined (iPlatformAppleMobile)
     d->hoverLink = iFalse;
 #endif
+    /* TODO: Add some platform-specific common locations? */
+    if (fileExistsCStr_FileInfo("/etc/ssl/certs")) {
+        setCStr_String(&d->caPath, "/etc/ssl/certs");
+    }
 }
 
 void deinit_Prefs(iPrefs *d) {
@@ -64,4 +72,6 @@ void deinit_Prefs(iPrefs *d) {
     deinit_String(&d->gopherProxy);
     deinit_String(&d->httpProxy);
     deinit_String(&d->downloadDir);
+    deinit_String(&d->caPath);
+    deinit_String(&d->caFile);
 }
diff --git a/src/prefs.h b/src/prefs.h
index 4bbe3ad5..56cef52c 100644
--- a/src/prefs.h
+++ b/src/prefs.h
@@ -51,6 +51,8 @@ struct Impl_Prefs {
     iBool            loadImageInsteadOfScrolling;
     iString          searchUrl;
     /* Network */
+    iString          caFile;
+    iString          caPath;
     iBool            decodeUserVisibleURLs;
     int              maxCacheSize; /* MB */
     iString          geminiProxy;
diff --git a/src/ui/documentwidget.c b/src/ui/documentwidget.c
index 947d9d5f..0af022c5 100644
--- a/src/ui/documentwidget.c
+++ b/src/ui/documentwidget.c
@@ -1585,10 +1585,16 @@ static iBool handleCommand_DocumentWidget_(iDocumentWidget *d, const char *cmd)
             }
         }
         appendFormat_String(msg,
-                      "\n%sCertificate Status:\n%s%s  Domain name %s%s\n"
+                      "\n%sCertificate Status:\n"
+                      "%s%s  %s by CA\n"
+                      "%s%s  Domain name %s%s\n"
                       "%s%s  %s (%04d-%02d-%02d %02d:%02d:%02d)\n"
                       "%s%s  %s",
                       uiHeading_ColorEscape,
+                      d->certFlags & authorityVerified_GmCertFlag ?
+                            checked : uiTextAction_ColorEscape "\u2610",
+                      uiText_ColorEscape,
+                      d->certFlags & authorityVerified_GmCertFlag ? "Verified" : "Not verified",
                       d->certFlags & domainVerified_GmCertFlag ? checked : unchecked,
                       uiText_ColorEscape,
                       d->certFlags & domainVerified_GmCertFlag ? "matches" : "mismatch",
diff --git a/src/ui/util.c b/src/ui/util.c
index 603a65cc..5fb3e9f3 100644
--- a/src/ui/util.c
+++ b/src/ui/util.c
@@ -1177,6 +1177,8 @@ iWidget *makePreferences_Widget(void) {
         addChild_Widget(headings, iClob(makeHeading_Widget("Downloads folder:")));
         setId_Widget(addChild_Widget(values, iClob(new_InputWidget(0))), "prefs.downloads");
 #endif
+        addChild_Widget(headings, iClob(makeHeading_Widget("Search URL:")));
+        setId_Widget(addChild_Widget(values, iClob(new_InputWidget(0))), "prefs.searchurl");
         addChild_Widget(headings, iClob(makeHeading_Widget("Show URL on hover:")));
         addChild_Widget(values, iClob(makeToggle_Widget("prefs.hoverlink")));
         addChild_Widget(headings, iClob(makeHeading_Widget("Vertical centering:")));
@@ -1300,8 +1302,6 @@ iWidget *makePreferences_Widget(void) {
     }
     /* Network. */ {
         appendTwoColumnPage_(tabs, "Network", '5', &headings, &values);
-        addChild_Widget(headings, iClob(makeHeading_Widget("Search URL:")));
-        setId_Widget(addChild_Widget(values, iClob(new_InputWidget(0))), "prefs.searchurl");
         addChild_Widget(headings, iClob(makeHeading_Widget("Decode URLs:")));
         addChild_Widget(values, iClob(makeToggle_Widget("prefs.decodeurls")));
         addChild_Widget(headings, iClob(makeHeading_Widget("Cache size:")));
@@ -1312,6 +1312,11 @@ iWidget *makePreferences_Widget(void) {
             addChildFlags_Widget(cacheGroup, iClob(new_LabelWidget("MB", NULL)), frameless_WidgetFlag);
         }
         addChildFlags_Widget(values, iClob(cacheGroup), arrangeHorizontal_WidgetFlag | arrangeSize_WidgetFlag);
+        makeTwoColumnHeading_("CERTIFICATES", headings, values);
+        addChild_Widget(headings, iClob(makeHeading_Widget("CA file:")));
+        setId_Widget(addChild_Widget(values, iClob(new_InputWidget(0))), "prefs.ca.file");
+        addChild_Widget(headings, iClob(makeHeading_Widget("CA path:")));
+        setId_Widget(addChild_Widget(values, iClob(new_InputWidget(0))), "prefs.ca.path");
         makeTwoColumnHeading_("PROXIES", headings, values);
         addChild_Widget(headings, iClob(makeHeading_Widget("Gemini proxy:")));
         setId_Widget(addChild_Widget(values, iClob(new_InputWidget(0))), "prefs.proxy.gemini");
@@ -1331,6 +1336,8 @@ iWidget *makePreferences_Widget(void) {
     /* Set input field sizes. */ {
         expandInputFieldWidth_(findChild_Widget(tabs, "prefs.searchurl"));
         expandInputFieldWidth_(findChild_Widget(tabs, "prefs.downloads"));
+        expandInputFieldWidth_(findChild_Widget(tabs, "prefs.ca.file"));
+        expandInputFieldWidth_(findChild_Widget(tabs, "prefs.ca.path"));
         expandInputFieldWidth_(findChild_Widget(tabs, "prefs.proxy.gemini"));
         expandInputFieldWidth_(findChild_Widget(tabs, "prefs.proxy.gopher"));
         expandInputFieldWidth_(findChild_Widget(tabs, "prefs.proxy.http"));