summaryrefslogtreecommitdiff
path: root/src/core/wee-network.c
diff options
context:
space:
mode:
authorSébastien Helleu <flashcode@flashtux.org>2022-03-13 18:04:07 +0100
committerSébastien Helleu <flashcode@flashtux.org>2022-03-13 18:04:07 +0100
commit600413909804edfd32c53ea3d47db5b6d2871a89 (patch)
tree95a459c46c5c134c412e21194a7287ca68590663 /src/core/wee-network.c
parent116f533e0dce23627f439b35525280f37b499dcf (diff)
downloadweechat-600413909804edfd32c53ea3d47db5b6d2871a89.zip
core: set again TLS verification functions after GnuTLS options are changed (closes #1763)
When changing the options weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user, the GnuTLS credentials are freed then allocated again, but the verification function used to check the certificate on connection is not set again. As a consequence, any TLS connection is made without checking the certificate. This regression was introduced in version 3.2, when the options were changed to automatically load system certificates without having to give the path, and to let user give an extra custom path with certificates.
Diffstat (limited to 'src/core/wee-network.c')
-rw-r--r--src/core/wee-network.c38
1 files changed, 23 insertions, 15 deletions
diff --git a/src/core/wee-network.c b/src/core/wee-network.c
index e982fbdb9..202f2b61b 100644
--- a/src/core/wee-network.c
+++ b/src/core/wee-network.c
@@ -92,6 +92,27 @@ network_init_gcrypt ()
}
/*
+ * Allocates credentials structure.
+ */
+
+void
+network_allocate_credentials ()
+{
+ gnutls_certificate_allocate_credentials (&gnutls_xcred);
+#if LIBGNUTLS_VERSION_NUMBER >= 0x02090a /* 2.9.10 */
+ gnutls_certificate_set_verify_function (gnutls_xcred,
+ &hook_connect_gnutls_verify_certificates);
+#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x02090a */
+#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
+ gnutls_certificate_set_retrieve_function (gnutls_xcred,
+ &hook_connect_gnutls_set_certificates);
+#else
+ gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
+ &hook_connect_gnutls_set_certificates);
+#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
+}
+
+/*
* Loads system's default trusted certificate authorities.
*
* Returns the number of certificates loaded.
@@ -259,9 +280,7 @@ network_reload_ca_files (int force_display)
network_num_certs),
network_num_certs);
}
-
- gnutls_certificate_allocate_credentials (&gnutls_xcred);
-
+ network_allocate_credentials ();
network_load_ca_files (force_display);
}
@@ -275,19 +294,8 @@ network_init_gnutls ()
if (!weechat_no_gnutls)
{
gnutls_global_init ();
- gnutls_certificate_allocate_credentials (&gnutls_xcred);
+ network_allocate_credentials ();
network_load_ca_files (0);
-#if LIBGNUTLS_VERSION_NUMBER >= 0x02090a /* 2.9.10 */
- gnutls_certificate_set_verify_function (gnutls_xcred,
- &hook_connect_gnutls_verify_certificates);
-#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x02090a */
-#if LIBGNUTLS_VERSION_NUMBER >= 0x020b00 /* 2.11.0 */
- gnutls_certificate_set_retrieve_function (gnutls_xcred,
- &hook_connect_gnutls_set_certificates);
-#else
- gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
- &hook_connect_gnutls_set_certificates);
-#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020b00 */
}
network_init_gnutls_ok = 1;