From e8386bd14e9783f0bef39bdf577545522e33e719 Mon Sep 17 00:00:00 2001
From: Florent Le Coz <louiz@louiz.org>
Date: Tue, 3 Nov 2015 16:56:38 +0100
Subject: Provide an adhoc option to let user pass the cert verif for some IRC
 servers

---
 src/irc/irc_client.cpp              | 11 +++++++++++
 src/irc/irc_client.hpp              |  3 +++
 src/xmpp/biboumi_adhoc_commands.cpp | 20 ++++++++++++++++++++
 3 files changed, 34 insertions(+)

(limited to 'src')

diff --git a/src/irc/irc_client.cpp b/src/irc/irc_client.cpp
index 7caf443..93ea2ae 100644
--- a/src/irc/irc_client.cpp
+++ b/src/irc/irc_client.cpp
@@ -962,3 +962,14 @@ void IrcClient::leave_dummy_channel(const std::string& exit_message)
   this->dummy_channel.remove_all_users();
   this->bridge->send_muc_leave(Iid("%"s + this->hostname), std::string(this->current_nick), exit_message, true);
 }
+
+#ifdef BOTAN_FOUND
+bool IrcClient::abort_on_invalid_cert() const
+{
+#ifdef USE_DATABASE
+  auto options = Database::get_irc_server_options(this->bridge->get_bare_jid(), this->hostname);
+  return options.verifyCert.value();
+#endif
+  return true;
+}
+#endif
diff --git a/src/irc/irc_client.hpp b/src/irc/irc_client.hpp
index cdae0aa..733fc92 100644
--- a/src/irc/irc_client.hpp
+++ b/src/irc/irc_client.hpp
@@ -52,6 +52,9 @@ public:
    * complete messages from it.
    */
   void parse_in_buffer(const size_t) override final;
+#ifdef BOTAN_FOUND
+  virtual bool abort_on_invalid_cert() const override final;
+#endif
   /**
    * Return the channel with this name, create it if it does not yet exist
    */
diff --git a/src/xmpp/biboumi_adhoc_commands.cpp b/src/xmpp/biboumi_adhoc_commands.cpp
index fa3a35c..ff0c8d4 100644
--- a/src/xmpp/biboumi_adhoc_commands.cpp
+++ b/src/xmpp/biboumi_adhoc_commands.cpp
@@ -162,6 +162,19 @@ void ConfigureIrcServerStep1(XmppComponent*, AdhocSession& session, XmlNode& com
     }
   tls_ports.add_child(required);
   x.add_child(std::move(tls_ports));
+
+  XmlNode verify_cert("field");
+  verify_cert["var"] = "verify_cert";
+  verify_cert["type"] = "boolean";
+  verify_cert["label"] = "Verify certificate";
+  verify_cert["desc"] = "Whether or not to abort the connection if the server’s TLS certificate is invalid";
+  XmlNode verify_cert_value("value");
+  if (options.verifyCert.value())
+    verify_cert_value.set_inner("true");
+  else
+    verify_cert_value.set_inner("false");
+  verify_cert.add_child(std::move(verify_cert_value));
+  x.add_child(std::move(verify_cert));
 #endif
 
   XmlNode pass("field");
@@ -252,6 +265,13 @@ void ConfigureIrcServerStep2(XmppComponent*, AdhocSession& session, XmlNode& com
                 ports += val->get_inner() + ";";
               options.tlsPorts = ports;
             }
+
+            else if (field->get_tag("var") == "verify_cert" && value
+              && !value->get_inner().empty())
+            {
+              auto val = to_bool(value->get_inner());
+              options.verifyCert = val;
+            }
 #endif // BOTAN_FOUND
 
           else if (field->get_tag("var") == "pass" &&
-- 
cgit v1.2.3