cl0ne/README.md

## README.md

      
    Raw
  

              README.md
            
          
    This patch reverts commit b9d17352 that removed possibility to ignore TLS errors other than "certificate expired" and "UNKNOWN_CA". Updated for compatibility with Gajim 1.3.2.
Relevant issues:

10237
10319


## gajim.patch
--- -      2021-04-27 00:49:57.000000000 +0300
+++ gajim/common/client.py 2021-08-01 17:53:40.940283175 +0300
@@ -32,6 +32,7 @@
 from gajim.common.helpers import get_user_proxy
 from gajim.common.helpers import warn_about_plain_connection
 from gajim.common.helpers import get_resource
+from gajim.common.helpers import get_ignored_tls_errors
 from gajim.common.helpers import get_idle_status_message
 from gajim.common.idle import Monitor
 from gajim.common.i18n import _
@@ -76,6 +77,8 @@
         self._destroy_client = False
         self._remove_account = False

+        self._tls_errors = set()
+
         self._destroyed = False

         self.available_transports = {}
@@ -179,6 +182,16 @@
         for handler in modules.get_handlers(self):
             self._client.register_handler(handler)

+    def process_tls_errors(self, cert):
+        if not self._tls_errors:
+            return True
+
+        open_window('SSLErrorDialog',
+                    account=self._account,
+                    client=self,
+                    cert=cert,
+                    error=self._tls_errors.pop())
+
     def _on_resume_failed(self, _client, _signal_name):
         log.info('Resume failed')
         app.nec.push_incoming_event(NetworkEvent(
@@ -233,12 +246,8 @@
             self._destroy_client = True

             cert, errors = self._client.peer_certificate
-
-            open_window('SSLErrorDialog',
-                        account=self._account,
-                        client=self,
-                        cert=cert,
-                        error=errors.pop())
+            self._tls_errors = errors
+            self.process_tls_errors(cert)

         elif domain in (StreamError.STREAM, StreamError.BIND):
             if error == 'conflict':
@@ -523,7 +532,7 @@
         if proxy is not None:
             self._client.set_proxy(proxy)

-        self.connect()
+        self.connect(get_ignored_tls_errors(self._account))

     def connect(self, ignored_tls_errors=None):
         if self._state not in (ClientState.DISCONNECTED,
--- -      2021-04-27 00:49:57.000000000 +0300
+++ gajim/common/config.py 2021-08-01 17:53:40.939283160 +0300
@@ -270,6 +270,7 @@
             'keyname': [opt_str, '', '', True],
             'use_plain_connection': [opt_bool, False, _('Use an unencrypted connection to the server')],
             'confirm_unencrypted_connection': [opt_bool, True],
+            'ignore_ssl_errors': [opt_str, '', _('List of SSL errors to ignore (space separated).')],
             'use_custom_host': [opt_bool, False, '', True],
             'custom_port': [opt_int, 5222, '', True],
             'custom_host': [opt_str, '', '', True],
--- -     2021-04-27 00:49:57.000000000 +0300
+++ gajim/common/helpers.py        2021-08-01 17:53:40.939283160 +0300
@@ -1376,6 +1376,9 @@
             return True
     return False

+def get_ignored_tls_errors(account):
+    ignore_ssl_errors = app.settings.get_account_setting(account, 'ignore_ssl_errors').split()
+    return {Gio.TlsCertificateFlags(int(err)) for err in ignore_ssl_errors}

 def get_idle_status_message(state, status_message):
     message = app.settings.get(f'auto{state}_message')
--- -      2021-04-27 00:49:57.000000000 +0300
+++ gajim/common/setting_values.py 2021-08-01 17:53:40.939283160 +0300
@@ -215,6 +215,7 @@
         'keyname': '',
         'use_plain_connection': False,
         'confirm_unencrypted_connection': True,
+        'ignore_ssl_errors': '',
         'use_custom_host': False,
         'custom_port': 5222,
         'custom_host': '',
--- -  2021-04-27 00:49:57.000000000 +0300
+++ gajim/data/gui/ssl_error_dialog.ui     2021-08-01 17:53:40.944283235 +0300
@@ -89,7 +89,23 @@
       </packing>
     </child>
     <child>
-      <placeholder/>
+      <object class="GtkCheckButton" id="ignore_error_checkbutton">
+        <property name="label" translatable="yes">_Ignore this error for this certificate</property>
+        <property name="visible">True</property>
+        <property name="can_focus">True</property>
+        <property name="receives_default">False</property>
+        <property name="halign">start</property>
+        <property name="margin_left">15</property>
+        <property name="margin_right">15</property>
+        <property name="use_underline">True</property>
+        <property name="draw_indicator">True</property>
+        <signal name="toggled" handler="_on_add_ignore_error_toggled" swapped="no"/>
+      </object>
+      <packing>
+        <property name="expand">False</property>
+        <property name="fill">True</property>
+        <property name="position">5</property>
+      </packing>
     </child>
     <child>
       <object class="GtkBox">
--- -       2021-04-27 00:49:57.000000000 +0300
+++ gajim/gtk/ssl_error_dialog.py  2021-08-01 17:53:40.962283505 +0300
@@ -20,6 +20,7 @@

 from gajim.common.const import GIO_TLS_ERRORS
 from gajim.common.i18n import _
+from gajim.common.helpers import get_ignored_tls_errors

 from .util import get_builder
 from .util import open_window
@@ -65,10 +66,6 @@
         elif self._error == Gio.TlsCertificateFlags.EXPIRED:
             self._ui.connect_button.set_sensitive(True)

-        else:
-            self._ui.connect_button.set_no_show_all(True)
-            self._ui.connect_button.hide()
-
     def _on_view_cert_clicked(self, _button):
         open_window('CertificateDialog',
                     account=self.account,
@@ -78,13 +75,20 @@
     def _on_add_certificate_toggled(self, checkbutton):
         self._ui.connect_button.set_sensitive(checkbutton.get_active())

+    def _on_add_ignore_error_toggled(self, checkbutton):
+        self._ui.connect_button.set_sensitive(checkbutton.get_active())
+
     def _on_connect_clicked(self, _button):
+        ignored_tls_errors = get_ignored_tls_errors(self.account)
         if self._ui.add_certificate_checkbutton.get_active():
             app.cert_store.add_certificate(self._cert)

-        ignored_tls_errors = None
-        if self._error == Gio.TlsCertificateFlags.EXPIRED:
-            ignored_tls_errors = set([Gio.TlsCertificateFlags.EXPIRED])
+        # Ignore this error
+        if self._ui.ignore_error_checkbutton.get_active():
+            ignored_tls_errors.add(self._error)
+            ignored_tls_errors_str = ' '.join(str(int(e)) for e in ignored_tls_errors)
+            app.settings.set_account_setting(self.account, 'ignore_ssl_errors', ignored_tls_errors_str)

         self.destroy()
-        self._client.connect(ignored_tls_errors=ignored_tls_errors)
+        if self._client.process_tls_errors(self._cert):
+            self._client.connect(ignored_tls_errors=ignored_tls_errors)
	--- - 2021-04-27 00:49:57.000000000 +0300
	+++ gajim/common/client.py 2021-08-01 17:53:40.940283175 +0300
	@@ -32,6 +32,7 @@
	from gajim.common.helpers import get_user_proxy
	from gajim.common.helpers import warn_about_plain_connection
	from gajim.common.helpers import get_resource
	+from gajim.common.helpers import get_ignored_tls_errors
	from gajim.common.helpers import get_idle_status_message
	from gajim.common.idle import Monitor
	from gajim.common.i18n import _
	@@ -76,6 +77,8 @@
	self._destroy_client = False
	self._remove_account = False

	+ self._tls_errors = set()
	+
	self._destroyed = False

	self.available_transports = {}
	@@ -179,6 +182,16 @@
	for handler in modules.get_handlers(self):
	self._client.register_handler(handler)

	+ def process_tls_errors(self, cert):
	+ if not self._tls_errors:
	+ return True
	+
	+ open_window('SSLErrorDialog',
	+ account=self._account,
	+ client=self,
	+ cert=cert,
	+ error=self._tls_errors.pop())
	+
	def _on_resume_failed(self, _client, _signal_name):
	log.info('Resume failed')
	app.nec.push_incoming_event(NetworkEvent(
	@@ -233,12 +246,8 @@
	self._destroy_client = True

	cert, errors = self._client.peer_certificate
	-
	- open_window('SSLErrorDialog',
	- account=self._account,
	- client=self,
	- cert=cert,
	- error=errors.pop())
	+ self._tls_errors = errors
	+ self.process_tls_errors(cert)

	elif domain in (StreamError.STREAM, StreamError.BIND):
	if error == 'conflict':
	@@ -523,7 +532,7 @@
	if proxy is not None:
	self._client.set_proxy(proxy)

	- self.connect()
	+ self.connect(get_ignored_tls_errors(self._account))

	def connect(self, ignored_tls_errors=None):
	if self._state not in (ClientState.DISCONNECTED,
	--- - 2021-04-27 00:49:57.000000000 +0300
	+++ gajim/common/config.py 2021-08-01 17:53:40.939283160 +0300
	@@ -270,6 +270,7 @@
	'keyname': [opt_str, '', '', True],
	'use_plain_connection': [opt_bool, False, _('Use an unencrypted connection to the server')],
	'confirm_unencrypted_connection': [opt_bool, True],
	+ 'ignore_ssl_errors': [opt_str, '', _('List of SSL errors to ignore (space separated).')],
	'use_custom_host': [opt_bool, False, '', True],
	'custom_port': [opt_int, 5222, '', True],
	'custom_host': [opt_str, '', '', True],
	--- - 2021-04-27 00:49:57.000000000 +0300
	+++ gajim/common/helpers.py 2021-08-01 17:53:40.939283160 +0300
	@@ -1376,6 +1376,9 @@
	return True
	return False

	+def get_ignored_tls_errors(account):
	+ ignore_ssl_errors = app.settings.get_account_setting(account, 'ignore_ssl_errors').split()
	+ return {Gio.TlsCertificateFlags(int(err)) for err in ignore_ssl_errors}

	def get_idle_status_message(state, status_message):
	message = app.settings.get(f'auto{state}_message')
	--- - 2021-04-27 00:49:57.000000000 +0300
	+++ gajim/common/setting_values.py 2021-08-01 17:53:40.939283160 +0300
	@@ -215,6 +215,7 @@
	'keyname': '',
	'use_plain_connection': False,
	'confirm_unencrypted_connection': True,
	+ 'ignore_ssl_errors': '',
	'use_custom_host': False,
	'custom_port': 5222,
	'custom_host': '',
	--- - 2021-04-27 00:49:57.000000000 +0300
	+++ gajim/data/gui/ssl_error_dialog.ui 2021-08-01 17:53:40.944283235 +0300
	@@ -89,7 +89,23 @@
	</packing>
	</child>
	<child>
	- <placeholder/>
	+ <object class="GtkCheckButton" id="ignore_error_checkbutton">
	+ <property name="label" translatable="yes">_Ignore this error for this certificate</property>
	+ <property name="visible">True</property>
	+ <property name="can_focus">True</property>
	+ <property name="receives_default">False</property>
	+ <property name="halign">start</property>
	+ <property name="margin_left">15</property>
	+ <property name="margin_right">15</property>
	+ <property name="use_underline">True</property>
	+ <property name="draw_indicator">True</property>
	+ <signal name="toggled" handler="_on_add_ignore_error_toggled" swapped="no"/>
	+ </object>
	+ <packing>
	+ <property name="expand">False</property>
	+ <property name="fill">True</property>
	+ <property name="position">5</property>
	+ </packing>
	</child>
	<child>
	<object class="GtkBox">
	--- - 2021-04-27 00:49:57.000000000 +0300
	+++ gajim/gtk/ssl_error_dialog.py 2021-08-01 17:53:40.962283505 +0300
	@@ -20,6 +20,7 @@

	from gajim.common.const import GIO_TLS_ERRORS
	from gajim.common.i18n import _
	+from gajim.common.helpers import get_ignored_tls_errors

	from .util import get_builder
	from .util import open_window
	@@ -65,10 +66,6 @@
	elif self._error == Gio.TlsCertificateFlags.EXPIRED:
	self._ui.connect_button.set_sensitive(True)

	- else:
	- self._ui.connect_button.set_no_show_all(True)
	- self._ui.connect_button.hide()
	-
	def _on_view_cert_clicked(self, _button):
	open_window('CertificateDialog',
	account=self.account,
	@@ -78,13 +75,20 @@
	def _on_add_certificate_toggled(self, checkbutton):
	self._ui.connect_button.set_sensitive(checkbutton.get_active())

	+ def _on_add_ignore_error_toggled(self, checkbutton):
	+ self._ui.connect_button.set_sensitive(checkbutton.get_active())
	+
	def _on_connect_clicked(self, _button):
	+ ignored_tls_errors = get_ignored_tls_errors(self.account)
	if self._ui.add_certificate_checkbutton.get_active():
	app.cert_store.add_certificate(self._cert)

	- ignored_tls_errors = None
	- if self._error == Gio.TlsCertificateFlags.EXPIRED:
	- ignored_tls_errors = set([Gio.TlsCertificateFlags.EXPIRED])
	+ # Ignore this error
	+ if self._ui.ignore_error_checkbutton.get_active():
	+ ignored_tls_errors.add(self._error)
	+ ignored_tls_errors_str = ' '.join(str(int(e)) for e in ignored_tls_errors)
	+ app.settings.set_account_setting(self.account, 'ignore_ssl_errors', ignored_tls_errors_str)

	self.destroy()
	- self._client.connect(ignored_tls_errors=ignored_tls_errors)
	+ if self._client.process_tls_errors(self._cert):
	+ self._client.connect(ignored_tls_errors=ignored_tls_errors)