diff options
| author | SoniEx2 <endermoneymod@gmail.com> | 2021-05-30 00:34:43 -0300 |
|---|---|---|
| committer | SoniEx2 <endermoneymod@gmail.com> | 2021-05-30 00:34:43 -0300 |
| commit | aa921ca2a04f674d81ca61d8a305ed35745df48a (patch) | |
| tree | 4879550c767622dd134555adb0b624496cd10bfe | |
| parent | e2cfba040e26927b94a4e311a0a61365a81a41b1 (diff) | |
Allow setting cert path for SASL EXTERNALfeature/flexible-cert
| -rw-r--r-- | src/common/server.c | 32 | ||||
| -rw-r--r-- | src/fe-gtk/servlistgui.c | 22 |
2 files changed, 38 insertions, 16 deletions
diff --git a/src/common/server.c b/src/common/server.c index 5c645eb5..7f6a003b 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -1582,23 +1582,33 @@ server_connect (server *serv, char *hostname, int port, int no_login) char *cert_file; serv->have_cert = FALSE; - /* first try network specific cert/key */ - cert_file = g_strdup_printf ("%s" G_DIR_SEPARATOR_S "certs" G_DIR_SEPARATOR_S "%s.pem", - get_xdir (), server_get_network (serv, TRUE)); - if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) + /* try user-supplied cert (only for SASL EXTERNAL) */ + if (serv->password[0] && serv->loginmethod == LOGIN_SASLEXTERNAL && + SSL_CTX_use_certificate_file (serv->ctx, + cert_file = g_strdup_printf ("%s", serv->password), + SSL_FILETYPE_PEM) == 1) { if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) serv->have_cert = TRUE; } else + /* try network specific cert/key */ + if (SSL_CTX_use_certificate_file (serv->ctx, + cert_file = g_strdup_printf ("%s" G_DIR_SEPARATOR_S "certs" G_DIR_SEPARATOR_S "%s.pem", + get_xdir (), server_get_network (serv, TRUE)), + SSL_FILETYPE_PEM) == 1) { - /* if that doesn't exist, try <config>/certs/client.pem */ - cert_file = g_build_filename (get_xdir (), "certs", "client.pem", NULL); - if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) - { - if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) - serv->have_cert = TRUE; - } + if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) + serv->have_cert = TRUE; + } + else + /* if that doesn't exist, try <config>/certs/client.pem */ + if (SSL_CTX_use_certificate_file (serv->ctx, + cert_file = g_build_filename (get_xdir (), "certs", "client.pem", NULL), + SSL_FILETYPE_PEM) == 1) + { + if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1) + serv->have_cert = TRUE; } g_free (cert_file); } diff --git a/src/fe-gtk/servlistgui.c b/src/fe-gtk/servlistgui.c index b22330ac..e2f1adb3 100644 --- a/src/fe-gtk/servlistgui.c +++ b/src/fe-gtk/servlistgui.c @@ -70,6 +70,7 @@ static GtkWidget *edit_entry_nick; static GtkWidget *edit_entry_nick2; static GtkWidget *edit_entry_user; static GtkWidget *edit_entry_real; +static GtkWidget *edit_entry_pass_label; static GtkWidget *edit_entry_pass; static GtkWidget *edit_label_nick; static GtkWidget *edit_label_nick2; @@ -1539,9 +1540,16 @@ servlist_logintypecombo_cb (GtkComboBox *cb, gpointer *userdata) /* EXTERNAL uses a cert, not a pass */ if (login_types_conf[index] == LOGIN_SASLEXTERNAL) - gtk_widget_set_sensitive (edit_entry_pass, FALSE); - else - gtk_widget_set_sensitive (edit_entry_pass, TRUE); + { + gtk_entry_set_visibility (GTK_ENTRY (edit_entry_pass), TRUE); + gtk_label_set_text_with_mnemonic (GTK_LABEL (edit_entry_pass_label), _("Certificate:")); + gtk_widget_set_tooltip_text (edit_entry_pass, _("Certificate used for login. If in doubt, leave blank.")); + } else + { + gtk_entry_set_visibility (GTK_ENTRY (edit_entry_pass), FALSE); + gtk_label_set_text_with_mnemonic (GTK_LABEL (edit_entry_pass_label), _("Password:")); + gtk_widget_set_tooltip_text (edit_entry_pass, _("Password used for login. If in doubt, leave blank.")); + } } static void @@ -1888,10 +1896,14 @@ servlist_open_edit (GtkWidget *parent, ircnet *net) combobox_logintypes = servlist_create_logintypecombo (notebook); gtk_table_attach (GTK_TABLE (table3), combobox_logintypes, 1, 2, 10, 11, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (GTK_FILL), 4, 2); - edit_entry_pass = servlist_create_entry (table3, _("Password:"), 11, net->pass, 0, _("Password used for login. If in doubt, leave blank.")); + edit_entry_pass = servlist_create_entry (table3, _("Password:"), 11, net->pass, &edit_entry_pass_label, _("Password used for login. If in doubt, leave blank.")); gtk_entry_set_visibility (GTK_ENTRY (edit_entry_pass), FALSE); if (selected_net && selected_net->logintype == LOGIN_SASLEXTERNAL) - gtk_widget_set_sensitive (edit_entry_pass, FALSE); + { + gtk_entry_set_visibility (GTK_ENTRY (edit_entry_pass), TRUE); + gtk_label_set_text_with_mnemonic (GTK_LABEL (edit_entry_pass_label), _("Certificate:")); + gtk_widget_set_tooltip_text (edit_entry_pass, _("Certificate used for login. If in doubt, leave blank.")); + } label34 = gtk_label_new (_("Character set:")); gtk_table_attach (GTK_TABLE (table3), label34, 0, 1, 12, 13, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (0), SERVLIST_X_PADDING, SERVLIST_Y_PADDING); |