gmnlm already allows overriding invalid cert error, so it makes little
sense not to allow the same for cert mismatch one. I have also reversed
the offered options for both to reflect the suggested course of action
and added a warning for invalid cert as the possibility of MitM is quite
similar to cert mismatch.
---
src/gmnlm.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/gmnlm.c b/src/gmnlm.c
index 884796c..0270b07 100644
--- a/src/gmnlm.c+++ b/src/gmnlm.c
@@ -1140,9 +1140,11 @@ tofu_callback(enum tofu_error error, const char *fingerprint,
assert(0); // Invariant
case TOFU_INVALID_CERT:
snprintf(prompt, sizeof(prompt),
- "The server presented an invalid certificate. If you choose to proceed, "- "you should not disclose personal information or trust the contents of the page.\n"- "trust [o]nce; [a]bort\n"+ "The certificate offered by this server IS INVALID.\n"+ "/!\\ Someone may be eavesdropping on or manipulating this connection. /!\\\n"+ "If you choose to proceed, you should not disclose personal information or trust "+ "the contents of the page.\n"+ "[a]bort; trust [o]nce\n" "=> ");
break;
case TOFU_UNTRUSTED_CERT:;
@@ -1170,10 +1172,11 @@ tofu_callback(enum tofu_error error, const char *fingerprint,
"%s\n\n"
"The expected fingerprint is:\n"
"%s\n\n"
- "If you're certain that this is correct, edit %s:%d\n",- fingerprint, khost->fingerprint,- browser->tofu.known_hosts_path, khost->lineno);- return TOFU_FAIL;+ "If you choose to proceed, you should not disclose personal information or trust "+ "the contents of the page.\n"+ "[a]bort; trust [o]nce; [t]rust anyway\n"+ "=> ", fingerprint, khost->fingerprint);+ break; }
bool prompting = true;
--
2.37.1