~sircmpwn/gmni-devel

gmni: gmnlm: treat invalid cert and cert mismatch similarly v1 PROPOSED

Ondřej Fiala: 1
 gmnlm: treat invalid cert and cert mismatch similarly

 1 files changed, 10 insertions(+), 7 deletions(-)
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~sircmpwn/gmni-devel/patches/34147/mbox | git am -3
Learn more about email & git

[PATCH gmni] gmnlm: treat invalid cert and cert mismatch similarly Export this patch

gmnlm already allows overriding invalid cert error, so it makes little
sense not to allow the same for cert mismatch one. I have also reversed
the offered options for both to reflect the suggested course of action
and added a warning for invalid cert as the possibility of MitM is quite
similar to cert mismatch.
---
 src/gmnlm.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/gmnlm.c b/src/gmnlm.c
index 884796c..0270b07 100644
--- a/src/gmnlm.c
+++ b/src/gmnlm.c
@@ -1140,9 +1140,11 @@ tofu_callback(enum tofu_error error, const char *fingerprint,
		assert(0); // Invariant
	case TOFU_INVALID_CERT:
		snprintf(prompt, sizeof(prompt),
			"The server presented an invalid certificate. If you choose to proceed, "
			"you should not disclose personal information or trust the contents of the page.\n"
			"trust [o]nce; [a]bort\n"
			"The certificate offered by this server IS INVALID.\n"
			"/!\\ Someone may be eavesdropping on or manipulating this connection. /!\\\n"
			"If you choose to proceed, you should not disclose personal information or trust "
			"the contents of the page.\n"
			"[a]bort; trust [o]nce\n"
			"=> ");
		break;
	case TOFU_UNTRUSTED_CERT:;
@@ -1170,10 +1172,11 @@ tofu_callback(enum tofu_error error, const char *fingerprint,
			"%s\n\n"
			"The expected fingerprint is:\n"
			"%s\n\n"
			"If you're certain that this is correct, edit %s:%d\n",
			fingerprint, khost->fingerprint,
			browser->tofu.known_hosts_path, khost->lineno);
		return TOFU_FAIL;
			"If you choose to proceed, you should not disclose personal information or trust "
			"the contents of the page.\n"
			"[a]bort; trust [o]nce; [t]rust anyway\n"
			"=> ", fingerprint, khost->fingerprint);
		break;
	}

	bool prompting = true;
-- 
2.37.1
We should still print the path and line number of the offending cert in
known_hosts here.