This patch reverts commit b9d17352 that removed possibility to ignore TLS errors other than "certificate expired" and "UNKNOWN_CA". Updated for compatibility with Gajim 1.3.2.
Relevant issues:
This patch reverts commit b9d17352 that removed possibility to ignore TLS errors other than "certificate expired" and "UNKNOWN_CA". Updated for compatibility with Gajim 1.3.2.
Relevant issues:
--- - 2021-04-27 00:49:57.000000000 +0300 | |
+++ gajim/common/client.py 2021-08-01 17:53:40.940283175 +0300 | |
@@ -32,6 +32,7 @@ | |
from gajim.common.helpers import get_user_proxy | |
from gajim.common.helpers import warn_about_plain_connection | |
from gajim.common.helpers import get_resource | |
+from gajim.common.helpers import get_ignored_tls_errors | |
from gajim.common.helpers import get_idle_status_message | |
from gajim.common.idle import Monitor | |
from gajim.common.i18n import _ | |
@@ -76,6 +77,8 @@ | |
self._destroy_client = False | |
self._remove_account = False | |
+ self._tls_errors = set() | |
+ | |
self._destroyed = False | |
self.available_transports = {} | |
@@ -179,6 +182,16 @@ | |
for handler in modules.get_handlers(self): | |
self._client.register_handler(handler) | |
+ def process_tls_errors(self, cert): | |
+ if not self._tls_errors: | |
+ return True | |
+ | |
+ open_window('SSLErrorDialog', | |
+ account=self._account, | |
+ client=self, | |
+ cert=cert, | |
+ error=self._tls_errors.pop()) | |
+ | |
def _on_resume_failed(self, _client, _signal_name): | |
log.info('Resume failed') | |
app.nec.push_incoming_event(NetworkEvent( | |
@@ -233,12 +246,8 @@ | |
self._destroy_client = True | |
cert, errors = self._client.peer_certificate | |
- | |
- open_window('SSLErrorDialog', | |
- account=self._account, | |
- client=self, | |
- cert=cert, | |
- error=errors.pop()) | |
+ self._tls_errors = errors | |
+ self.process_tls_errors(cert) | |
elif domain in (StreamError.STREAM, StreamError.BIND): | |
if error == 'conflict': | |
@@ -523,7 +532,7 @@ | |
if proxy is not None: | |
self._client.set_proxy(proxy) | |
- self.connect() | |
+ self.connect(get_ignored_tls_errors(self._account)) | |
def connect(self, ignored_tls_errors=None): | |
if self._state not in (ClientState.DISCONNECTED, | |
--- - 2021-04-27 00:49:57.000000000 +0300 | |
+++ gajim/common/config.py 2021-08-01 17:53:40.939283160 +0300 | |
@@ -270,6 +270,7 @@ | |
'keyname': [opt_str, '', '', True], | |
'use_plain_connection': [opt_bool, False, _('Use an unencrypted connection to the server')], | |
'confirm_unencrypted_connection': [opt_bool, True], | |
+ 'ignore_ssl_errors': [opt_str, '', _('List of SSL errors to ignore (space separated).')], | |
'use_custom_host': [opt_bool, False, '', True], | |
'custom_port': [opt_int, 5222, '', True], | |
'custom_host': [opt_str, '', '', True], | |
--- - 2021-04-27 00:49:57.000000000 +0300 | |
+++ gajim/common/helpers.py 2021-08-01 17:53:40.939283160 +0300 | |
@@ -1376,6 +1376,9 @@ | |
return True | |
return False | |
+def get_ignored_tls_errors(account): | |
+ ignore_ssl_errors = app.settings.get_account_setting(account, 'ignore_ssl_errors').split() | |
+ return {Gio.TlsCertificateFlags(int(err)) for err in ignore_ssl_errors} | |
def get_idle_status_message(state, status_message): | |
message = app.settings.get(f'auto{state}_message') | |
--- - 2021-04-27 00:49:57.000000000 +0300 | |
+++ gajim/common/setting_values.py 2021-08-01 17:53:40.939283160 +0300 | |
@@ -215,6 +215,7 @@ | |
'keyname': '', | |
'use_plain_connection': False, | |
'confirm_unencrypted_connection': True, | |
+ 'ignore_ssl_errors': '', | |
'use_custom_host': False, | |
'custom_port': 5222, | |
'custom_host': '', | |
--- - 2021-04-27 00:49:57.000000000 +0300 | |
+++ gajim/data/gui/ssl_error_dialog.ui 2021-08-01 17:53:40.944283235 +0300 | |
@@ -89,7 +89,23 @@ | |
</packing> | |
</child> | |
<child> | |
- <placeholder/> | |
+ <object class="GtkCheckButton" id="ignore_error_checkbutton"> | |
+ <property name="label" translatable="yes">_Ignore this error for this certificate</property> | |
+ <property name="visible">True</property> | |
+ <property name="can_focus">True</property> | |
+ <property name="receives_default">False</property> | |
+ <property name="halign">start</property> | |
+ <property name="margin_left">15</property> | |
+ <property name="margin_right">15</property> | |
+ <property name="use_underline">True</property> | |
+ <property name="draw_indicator">True</property> | |
+ <signal name="toggled" handler="_on_add_ignore_error_toggled" swapped="no"/> | |
+ </object> | |
+ <packing> | |
+ <property name="expand">False</property> | |
+ <property name="fill">True</property> | |
+ <property name="position">5</property> | |
+ </packing> | |
</child> | |
<child> | |
<object class="GtkBox"> | |
--- - 2021-04-27 00:49:57.000000000 +0300 | |
+++ gajim/gtk/ssl_error_dialog.py 2021-08-01 17:53:40.962283505 +0300 | |
@@ -20,6 +20,7 @@ | |
from gajim.common.const import GIO_TLS_ERRORS | |
from gajim.common.i18n import _ | |
+from gajim.common.helpers import get_ignored_tls_errors | |
from .util import get_builder | |
from .util import open_window | |
@@ -65,10 +66,6 @@ | |
elif self._error == Gio.TlsCertificateFlags.EXPIRED: | |
self._ui.connect_button.set_sensitive(True) | |
- else: | |
- self._ui.connect_button.set_no_show_all(True) | |
- self._ui.connect_button.hide() | |
- | |
def _on_view_cert_clicked(self, _button): | |
open_window('CertificateDialog', | |
account=self.account, | |
@@ -78,13 +75,20 @@ | |
def _on_add_certificate_toggled(self, checkbutton): | |
self._ui.connect_button.set_sensitive(checkbutton.get_active()) | |
+ def _on_add_ignore_error_toggled(self, checkbutton): | |
+ self._ui.connect_button.set_sensitive(checkbutton.get_active()) | |
+ | |
def _on_connect_clicked(self, _button): | |
+ ignored_tls_errors = get_ignored_tls_errors(self.account) | |
if self._ui.add_certificate_checkbutton.get_active(): | |
app.cert_store.add_certificate(self._cert) | |
- ignored_tls_errors = None | |
- if self._error == Gio.TlsCertificateFlags.EXPIRED: | |
- ignored_tls_errors = set([Gio.TlsCertificateFlags.EXPIRED]) | |
+ # Ignore this error | |
+ if self._ui.ignore_error_checkbutton.get_active(): | |
+ ignored_tls_errors.add(self._error) | |
+ ignored_tls_errors_str = ' '.join(str(int(e)) for e in ignored_tls_errors) | |
+ app.settings.set_account_setting(self.account, 'ignore_ssl_errors', ignored_tls_errors_str) | |
self.destroy() | |
- self._client.connect(ignored_tls_errors=ignored_tls_errors) | |
+ if self._client.process_tls_errors(self._cert): | |
+ self._client.connect(ignored_tls_errors=ignored_tls_errors) |