From 74c086156f6892253576c2e96bb061be222c6acc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Fiala?= Date: Thu, 15 Dec 2022 21:55:16 +0100 Subject: [PATCH] gmnlm: treat invalid cert and cert mismatch similarly gmnlm already allows overriding invalid cert error, so it makes little sense not to allow the same for cert mismatch one. I have also reversed the offered options for both to reflect the suggested course of action and added a warning for invalid cert as the possibility of MitM is quite similar to cert mismatch. --- src/gmnlm.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/gmnlm.c b/src/gmnlm.c index b773b37..a0cdd2d 100644 --- a/src/gmnlm.c +++ b/src/gmnlm.c @@ -1185,9 +1185,11 @@ tofu_callback(enum tofu_error error, const char *fingerprint, assert(0); // Invariant case TOFU_INVALID_CERT: snprintf(prompt, sizeof(prompt), - "The server presented an invalid certificate. If you choose to proceed, " - "you should not disclose personal information or trust the contents of the page.\n" - "trust [o]nce; [a]bort\n" + "The certificate offered by this server IS INVALID.\n" + "/!\\ Someone may be eavesdropping on or manipulating this connection. /!\\\n" + "If you choose to proceed, you should not disclose personal information or trust " + "the contents of the page.\n" + "[a]bort; trust [o]nce\n" "=> "); break; case TOFU_UNTRUSTED_CERT:; @@ -1208,17 +1210,18 @@ tofu_callback(enum tofu_error error, const char *fingerprint, free(host); break; case TOFU_FINGERPRINT_MISMATCH: - fprintf(browser->tty, + snprintf(prompt, sizeof(prompt), "The certificate offered by this server DOES NOT MATCH the one we have on file.\n" "/!\\ Someone may be eavesdropping on or manipulating this connection. /!\\\n" "The unknown certificate's fingerprint is:\n" "%s\n\n" "The expected fingerprint is:\n" "%s\n\n" - "If you're certain that this is correct, edit %s:%d\n", - fingerprint, khost->fingerprint, - browser->tofu.known_hosts_path, khost->lineno); - return TOFU_FAIL; + "If you choose to proceed, you should not disclose personal information or trust " + "the contents of the page.\n" + "[a]bort; trust [o]nce; [t]rust anyway\n" + "=> ", fingerprint, khost->fingerprint); + break; } bool prompting = true; -- 2.45.2