From f992ba117fe420a7231f005e62627380689d57ab Mon Sep 17 00:00:00 2001
From: Jaakko Keränen <jaakko.keranen@iki.fi>
Date: Tue, 2 Mar 2021 13:05:02 +0200
Subject: Server certificates may also be verified by CAs

If the CA file/path are configured in preferences, trust CA verification
over manual TOFU checks.
---
 src/prefs.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src/prefs.c')

diff --git a/src/prefs.c b/src/prefs.c
index 97ad7f48..e3b5d603 100644
--- a/src/prefs.c
+++ b/src/prefs.c
@@ -22,6 +22,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
 
 #include "prefs.h"
 
+#include <the_Foundation/fileinfo.h>
+
 void init_Prefs(iPrefs *d) {
     d->dialogTab         = 0;
     d->useSystemTheme    = iTrue;
@@ -48,6 +50,8 @@ void init_Prefs(iPrefs *d) {
     d->docThemeDark      = colorfulDark_GmDocumentTheme;
     d->docThemeLight     = white_GmDocumentTheme;
     d->saturation        = 1.0f;
+    init_String(&d->caFile);
+    init_String(&d->caPath);
     init_String(&d->geminiProxy);
     init_String(&d->gopherProxy);
     init_String(&d->httpProxy);
@@ -56,6 +60,10 @@ void init_Prefs(iPrefs *d) {
 #if defined (iPlatformAppleMobile)
     d->hoverLink = iFalse;
 #endif
+    /* TODO: Add some platform-specific common locations? */
+    if (fileExistsCStr_FileInfo("/etc/ssl/certs")) {
+        setCStr_String(&d->caPath, "/etc/ssl/certs");
+    }
 }
 
 void deinit_Prefs(iPrefs *d) {
@@ -64,4 +72,6 @@ void deinit_Prefs(iPrefs *d) {
     deinit_String(&d->gopherProxy);
     deinit_String(&d->httpProxy);
     deinit_String(&d->downloadDir);
+    deinit_String(&d->caPath);
+    deinit_String(&d->caFile);
 }
-- 
cgit v1.2.3