diff options
author | Maxime “pep” Buquet <pep@bouah.net> | 2021-12-28 18:29:58 +0100 |
---|---|---|
committer | Maxime “pep” Buquet <pep@bouah.net> | 2022-01-30 00:07:03 +0100 |
commit | 7e8fa46402ce688f4feb31e811d5fbff0e34732e (patch) | |
tree | 85847346fcf09c6aa4371f9f621ca99a7f5ec46a | |
parent | 842d71abf9b044af0996fa2b5c194a4ed8ba3346 (diff) | |
download | poezio-7e8fa46402ce688f4feb31e811d5fbff0e34732e.tar.gz poezio-7e8fa46402ce688f4feb31e811d5fbff0e34732e.tar.bz2 poezio-7e8fa46402ce688f4feb31e811d5fbff0e34732e.tar.xz poezio-7e8fa46402ce688f4feb31e811d5fbff0e34732e.zip |
Try to guess CA bundle path
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
-rw-r--r-- | data/default_config.cfg | 6 | ||||
-rw-r--r-- | poezio/config.py | 13 | ||||
-rw-r--r-- | poezio/connection.py | 6 |
3 files changed, 21 insertions, 4 deletions
diff --git a/data/default_config.cfg b/data/default_config.cfg index 9f284f07..d91ff36a 100644 --- a/data/default_config.cfg +++ b/data/default_config.cfg @@ -79,12 +79,14 @@ certificate = # value to the services default. #whitespace_interval = 300 -# Path to the certificate authenticating the Authority +# Path to the certificate authenticating the Authority. # A server may have several certificates, but if it uses a CA, it will often # keep the same for obvious reasons, so this is a good option if your server # does this, rather than skipping all verifications. # This is not affected by ignore_certificate -ca_cert_path = +# Poezio attempts to guess this value automatically. Set to override this +# behaviour, to the empty string for example, or to another path. +#ca_cert_path = # Auto-reconnects you when you get disconnected from the server #auto_reconnect = true diff --git a/poezio/config.py b/poezio/config.py index 9c2201e7..7bbc9268 100644 --- a/poezio/config.py +++ b/poezio/config.py @@ -30,6 +30,17 @@ ConfigDict = Dict[str, Dict[str, ConfigValue]] DEFSECTION = "Poezio" + +CA_CERT_DEFAULT_PATHS = { + '/etc/ssl/cert.pem', + '/etc/ssl/certs/ca-certificates.crt', + '/etc/ssl/certs/ca-bundle.crt', + '/etc/pki/tls/certs/ca-bundle.crt', + '/etc/ssl/certs/ca-certificates.crt', + '/etc/ca-certificates/extracted/tls-ca-bundle.pem', + '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt', +} + DEFAULT_CONFIG: ConfigDict = { 'Poezio': { 'ack_message_receipts': True, @@ -40,7 +51,7 @@ DEFAULT_CONFIG: ConfigDict = { 'autorejoin_delay': '5', 'autorejoin': False, 'beep_on': 'highlight private invite disconnect', - 'ca_cert_path': '', + 'ca_cert_path': ':'.join(CA_CERT_DEFAULT_PATHS), 'certificate': '', 'certfile': '', 'ciphers': 'HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL', diff --git a/poezio/connection.py b/poezio/connection.py index c24dd913..55cf76e3 100644 --- a/poezio/connection.py +++ b/poezio/connection.py @@ -16,6 +16,7 @@ import subprocess import sys import base64 import random +from pathlib import Path import slixmpp from slixmpp import JID, InvalidJID @@ -117,7 +118,10 @@ class Connection(slixmpp.ClientXMPP): self.ciphers = config.getstr( 'ciphers', 'HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK' ':!SRP:!3DES:!aNULL') - self.ca_certs = config.getstr('ca_cert_path') or None + self.ca_certs = None + ca_certs = config.getlist('ca_cert_path') + if ca_certs and ca_certs != ['']: + self.ca_certs = list(map(Path, config.getlist('ca_cert_path'))) interval = config.getint('whitespace_interval') if int(interval) > 0: self.whitespace_keepalive_interval = int(interval) |