From bb53ff49396cae88836ff391fd20589a687ae83f Mon Sep 17 00:00:00 2001
From: Jaakko Keränen <jaakko.keranen@iki.fi>
Date: Sun, 8 Nov 2020 13:45:51 +0200
Subject: Manually trusting a server certificate

---
 src/gmcerts.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'src/gmcerts.c')

diff --git a/src/gmcerts.c b/src/gmcerts.c
index 27b226a0..f7475348 100644
--- a/src/gmcerts.c
+++ b/src/gmcerts.c
@@ -381,6 +381,7 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce
     if (!verifyDomain_TlsCertificate(cert, domain)) {
         return iFalse;
     }
+    /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */
     /* Good certificate. If not already trusted, add it now. */
     iString *key = newRange_String(domain);
     iDate until;
@@ -415,6 +416,22 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, const iTlsCertificate *ce
     return iTrue;
 }
 
+void setTrusted_GmCerts(iGmCerts *d, iRangecc domain, const iBlock *fingerprint,
+                        const iDate *validUntil) {
+    iString *key = collect_String(newRange_String(domain));
+    lock_Mutex(d->mtx);
+    iTrustEntry *trust = value_StringHash(d->trusted, key);
+    if (trust) {
+        init_Time(&trust->validUntil, validUntil);
+        set_Block(&trust->fingerprint, fingerprint);
+    }
+    else {
+        insert_StringHash(d->trusted, key, iClob(trust = new_TrustEntry(fingerprint, validUntil)));
+    }
+    save_GmCerts_(d);
+    unlock_Mutex(d->mtx);
+}
+
 iGmIdentity *identity_GmCerts(iGmCerts *d, unsigned int id) {
     return at_PtrArray(&d->idents, id);
 }
-- 
cgit v1.2.3