From aa921ca2a04f674d81ca61d8a305ed35745df48a Mon Sep 17 00:00:00 2001
From: SoniEx2 <endermoneymod@gmail.com>
Date: Sun, 30 May 2021 00:34:43 -0300
Subject: Allow setting cert path for SASL EXTERNAL

---
 src/common/server.c      | 32 +++++++++++++++++++++-----------
 src/fe-gtk/servlistgui.c | 22 +++++++++++++++++-----
 2 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/src/common/server.c b/src/common/server.c
index 5c645eb5..7f6a003b 100644
--- a/src/common/server.c
+++ b/src/common/server.c
@@ -1582,23 +1582,33 @@ server_connect (server *serv, char *hostname, int port, int no_login)
 		char *cert_file;
 		serv->have_cert = FALSE;
 
-		/* first try network specific cert/key */
-		cert_file = g_strdup_printf ("%s" G_DIR_SEPARATOR_S "certs" G_DIR_SEPARATOR_S "%s.pem",
-					 get_xdir (), server_get_network (serv, TRUE));
-		if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
+		/* try user-supplied cert (only for SASL EXTERNAL) */
+		if (serv->password[0] && serv->loginmethod == LOGIN_SASLEXTERNAL &&
+			SSL_CTX_use_certificate_file (serv->ctx,
+			cert_file = g_strdup_printf ("%s", serv->password),
+			SSL_FILETYPE_PEM) == 1)
 		{
 			if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
 				serv->have_cert = TRUE;
 		}
 		else
+		/* try network specific cert/key */
+		if (SSL_CTX_use_certificate_file (serv->ctx,
+			cert_file = g_strdup_printf ("%s" G_DIR_SEPARATOR_S "certs" G_DIR_SEPARATOR_S "%s.pem",
+			 get_xdir (), server_get_network (serv, TRUE)),
+			SSL_FILETYPE_PEM) == 1)
 		{
-			/* if that doesn't exist, try <config>/certs/client.pem */
-			cert_file = g_build_filename (get_xdir (), "certs", "client.pem", NULL);
-			if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
-			{
-				if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
-					serv->have_cert = TRUE;
-			}
+			if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
+				serv->have_cert = TRUE;
+		}
+		else
+		/* if that doesn't exist, try <config>/certs/client.pem */
+		if (SSL_CTX_use_certificate_file (serv->ctx,
+			cert_file = g_build_filename (get_xdir (), "certs", "client.pem", NULL),
+			SSL_FILETYPE_PEM) == 1)
+		{
+			if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
+				serv->have_cert = TRUE;
 		}
 		g_free (cert_file);
 	}
diff --git a/src/fe-gtk/servlistgui.c b/src/fe-gtk/servlistgui.c
index b22330ac..e2f1adb3 100644
--- a/src/fe-gtk/servlistgui.c
+++ b/src/fe-gtk/servlistgui.c
@@ -70,6 +70,7 @@ static GtkWidget *edit_entry_nick;
 static GtkWidget *edit_entry_nick2;
 static GtkWidget *edit_entry_user;
 static GtkWidget *edit_entry_real;
+static GtkWidget *edit_entry_pass_label;
 static GtkWidget *edit_entry_pass;
 static GtkWidget *edit_label_nick;
 static GtkWidget *edit_label_nick2;
@@ -1539,9 +1540,16 @@ servlist_logintypecombo_cb (GtkComboBox *cb, gpointer *userdata)
 	
 	/* EXTERNAL uses a cert, not a pass */
 	if (login_types_conf[index] == LOGIN_SASLEXTERNAL)
-		gtk_widget_set_sensitive (edit_entry_pass, FALSE);
-	else
-		gtk_widget_set_sensitive (edit_entry_pass, TRUE);
+	{
+		gtk_entry_set_visibility (GTK_ENTRY (edit_entry_pass), TRUE);
+		gtk_label_set_text_with_mnemonic (GTK_LABEL (edit_entry_pass_label), _("Certificate:"));
+		gtk_widget_set_tooltip_text (edit_entry_pass, _("Certificate used for login. If in doubt, leave blank."));
+	} else
+	{
+		gtk_entry_set_visibility (GTK_ENTRY (edit_entry_pass), FALSE);
+		gtk_label_set_text_with_mnemonic (GTK_LABEL (edit_entry_pass_label), _("Password:"));
+		gtk_widget_set_tooltip_text (edit_entry_pass, _("Password used for login. If in doubt, leave blank."));
+	}
 }
 
 static void
@@ -1888,10 +1896,14 @@ servlist_open_edit (GtkWidget *parent, ircnet *net)
 	combobox_logintypes = servlist_create_logintypecombo (notebook);
 	gtk_table_attach (GTK_TABLE (table3), combobox_logintypes, 1, 2, 10, 11, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (GTK_FILL), 4, 2);
 
-	edit_entry_pass = servlist_create_entry (table3, _("Password:"), 11, net->pass, 0, _("Password used for login. If in doubt, leave blank."));
+	edit_entry_pass = servlist_create_entry (table3, _("Password:"), 11, net->pass, &edit_entry_pass_label, _("Password used for login. If in doubt, leave blank."));
 	gtk_entry_set_visibility (GTK_ENTRY (edit_entry_pass), FALSE);
 	if (selected_net && selected_net->logintype == LOGIN_SASLEXTERNAL)
-		gtk_widget_set_sensitive (edit_entry_pass, FALSE);
+	{
+		gtk_entry_set_visibility (GTK_ENTRY (edit_entry_pass), TRUE);
+		gtk_label_set_text_with_mnemonic (GTK_LABEL (edit_entry_pass_label), _("Certificate:"));
+		gtk_widget_set_tooltip_text (edit_entry_pass, _("Certificate used for login. If in doubt, leave blank."));
+	}
 
 	label34 = gtk_label_new (_("Character set:"));
 	gtk_table_attach (GTK_TABLE (table3), label34, 0, 1, 12, 13, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (0), SERVLIST_X_PADDING, SERVLIST_Y_PADDING);
-- 
cgit v1.2.3