From 3c74b2a12a4a9e10fd768dad5ecb1f66f2be9afa Mon Sep 17 00:00:00 2001
From: Andreas Kotes <count@flatline.de>
Date: Wed, 16 Apr 2014 21:37:48 +0200
Subject: reintroduce ignssl, safeguard pinning

---
 vchat-config.h |  1 +
 vchat-ssl.c    | 11 ++++++++++-
 vchat.h        |  9 +++++----
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/vchat-config.h b/vchat-config.h
index 0291100..9e10999 100755
--- a/vchat-config.h
+++ b/vchat-config.h
@@ -41,6 +41,7 @@ static volatile configoption configoptions[] = {
   {CF_FINGERPRINT, CO_STR, "fingerprint","~/.vchat/fingerprint", NULL,       { NULL }  },
   {CF_ENCODING,    CO_STR, "encoding",   NULL,                   NULL,       { .pstr = &encoding }},
   {CF_USESSL,      CO_INT, "usessl",     (char *) 1,             (char *)-1, { NULL }  },
+  {CF_IGNSSL,      CO_INT, "ignssl",     (char *) 0,             (char *)-1, { NULL }  },
   {CF_VERIFYSSL,   CO_INT, "verifyssl",  (char *) 2,             (char *)-1, { NULL }  },
   {CF_USECERT,     CO_INT, "usecert",    (char *) 1,             (char *)-1, { NULL }  },
   {CF_USETIME,     CO_INT, "usetime",    (char *) 1,             (char *)-1, { .pint = &usetime } },
diff --git a/vchat-ssl.c b/vchat-ssl.c
index d240cbd..9495877 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -164,6 +164,14 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
       if (sslp) {
         long result = SSL_get_verify_result(sslp);
         
+#if 1 == 1
+        if (result == X509_V_OK) {
+          return 0;
+        } else if (getintoption(CF_IGNSSL)) {
+          writecf(FS_ERR, "[SSL VERIFY ERROR ] FAILURE IGNORED!!!");
+          return 0;
+        }
+#else
         /* show & verify fingerprint */
         if (result == X509_V_OK) {
           X509 *peercert = SSL_get_peer_certificate(sslp);
@@ -227,6 +235,7 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
             }
           }
         }
+#endif
       }
     }
   }
@@ -305,7 +314,7 @@ int vc_verify_callback(int ok, X509_STORE_CTX *store)
                X509_verify_cert_error_string(store->error));
       writecf(FS_ERR, tmpstr);
    }
-   return ok;
+   return (ok | getintoption(CF_IGNSSL));
 }
 
 void vc_x509store_setflags(vc_x509store_t *store, int flags)
diff --git a/vchat.h b/vchat.h
index 16ee181..654dc6d 100755
--- a/vchat.h
+++ b/vchat.h
@@ -30,10 +30,11 @@ typedef struct servermessage servermessage;
 /* configuration types and variable numbers */
 typedef enum { CO_NIL, CO_STR, CO_INT } conftype;
 typedef enum { CF_NIL, CF_NICK, CF_FROM, CF_SERVERHOST, CF_SERVERPORT,
-CF_CIPHERSUITE, CF_CONFIGFILE, CF_CERTFILE, CF_KEYFILE, CF_FORMFILE, CF_LOGINSCRIPT, CF_FINGERPRINT,
-CF_USESSL, CF_VERIFYSSL, CF_USECERT, CF_PRIVHEIGHT, CF_PRIVCOLLAPS, CF_HSCROLL, CF_CHANNEL, CF_USETIME,
-CF_USETOPIC, CF_SCROLLBPRIV, CF_SCROLLBACK, CF_SCROLLBPRIVT, CF_SCROLLBACKT,
-CF_ENCODING, CF_BELLPRIV, CF_CASEFIRST, CF_AUTORECONN, CF_KEEPALIVE } confopt;
+CF_CIPHERSUITE, CF_CONFIGFILE, CF_CERTFILE, CF_KEYFILE, CF_FORMFILE,
+CF_LOGINSCRIPT, CF_FINGERPRINT, CF_USESSL, CF_IGNSSL, CF_VERIFYSSL, CF_USECERT,
+CF_PRIVHEIGHT, CF_PRIVCOLLAPS, CF_HSCROLL, CF_CHANNEL, CF_USETIME, CF_USETOPIC,
+CF_SCROLLBPRIV, CF_SCROLLBACK, CF_SCROLLBPRIVT, CF_SCROLLBACKT, CF_ENCODING,
+CF_BELLPRIV, CF_CASEFIRST, CF_AUTORECONN, CF_KEEPALIVE } confopt;
 
 /* format strings */
 typedef enum { FS_PLAIN, FS_CHAN, FS_PRIV, FS_SERV, FS_GLOB, FS_DBG, FS_ERR,
-- 
cgit v1.2.3