From e5d18e1221b7f232822f0110d80f042ab3bb708e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
Date: Sat, 17 Apr 2021 16:07:14 +0200
Subject: core: evaluate option weechat.network.gnutls_ca_file (issue #1285)

---
 src/core/wee-config.c  |  5 +++--
 src/core/wee-network.c | 41 +++++++++++++++++++----------------------
 2 files changed, 22 insertions(+), 24 deletions(-)

(limited to 'src')

diff --git a/src/core/wee-config.c b/src/core/wee-config.c
index d352d08bc..aa7fd4d0d 100644
--- a/src/core/wee-config.c
+++ b/src/core/wee-config.c
@@ -4497,8 +4497,9 @@ config_weechat_init_options ()
     config_network_gnutls_ca_file = config_file_new_option (
         weechat_config_file, ptr_section,
         "gnutls_ca_file", "string",
-        N_("file containing the certificate authorities (\"%h\" will be "
-           "replaced by WeeChat home, \"~/.weechat\" by default)"),
+        N_("file containing the certificate authorities "
+           "(path is evaluated, see function string_eval_path_home in "
+           "plugin API reference)"),
         NULL, 0, 0, CA_FILE, NULL, 0,
         NULL, NULL, NULL,
         &config_change_network_gnutls_ca_file, NULL, NULL,
diff --git a/src/core/wee-network.c b/src/core/wee-network.c
index 056a0c2f6..7f7dc4d14 100644
--- a/src/core/wee-network.c
+++ b/src/core/wee-network.c
@@ -92,40 +92,37 @@ network_init_gcrypt ()
 void
 network_set_gnutls_ca_file ()
 {
-    char *ca_path, *ca_path2;
+    char *ca_path;
 
     if (weechat_no_gnutls)
         return;
 
-    ca_path = string_expand_home (CONFIG_STRING(config_network_gnutls_ca_file));
+    ca_path = string_eval_path_home (
+        CONFIG_STRING(config_network_gnutls_ca_file),
+        NULL, NULL, NULL);
     if (ca_path)
     {
-        ca_path2 = string_replace (ca_path, "%h", weechat_home);
-        if (ca_path2)
+        if (access (ca_path, R_OK) == 0)
         {
-            if (access (ca_path2, R_OK) == 0)
-            {
-                if (gnutls_certificate_set_x509_trust_file (gnutls_xcred, ca_path2,
-                                                            GNUTLS_X509_FMT_PEM) < 0)
-                {
-                    gui_chat_printf (
-                        NULL,
-                        _("%sWarning: failed to load certificate authorities "
-                          "from file %s"),
-                          gui_chat_prefix[GUI_CHAT_PREFIX_ERROR],
-                          ca_path2);
-                }
-            }
-            else
+            if (gnutls_certificate_set_x509_trust_file (gnutls_xcred, ca_path,
+                                                        GNUTLS_X509_FMT_PEM) < 0)
             {
                 gui_chat_printf (
                     NULL,
-                    _("%sWarning: no certificate authorities loaded "
-                      "(file not found: %s)"),
+                    _("%sWarning: failed to load certificate authorities "
+                      "from file %s"),
                     gui_chat_prefix[GUI_CHAT_PREFIX_ERROR],
-                    ca_path2);
+                    ca_path);
             }
-            free (ca_path2);
+        }
+        else
+        {
+            gui_chat_printf (
+                NULL,
+                _("%sWarning: no certificate authorities loaded "
+                  "(file not found: %s)"),
+                gui_chat_prefix[GUI_CHAT_PREFIX_ERROR],
+                ca_path);
         }
         free (ca_path);
     }
-- 
cgit v1.2.3