From d551d64b4b78c412b6f408bc113e9a699bafff10 Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Sat, 3 Apr 2021 18:30:48 -0400
Subject: Add -t option to trust self-signed certificates

Not adding a corresponding -o option like in pounce and catgirl,
since litterbox is likely connecting to pounce anyway.
---
 litterbox.1 | 12 +++++++++++-
 litterbox.c | 13 +++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/litterbox.1 b/litterbox.1
index 11ee676..f535f9f 100644
--- a/litterbox.1
+++ b/litterbox.1
@@ -1,4 +1,4 @@
-.Dd August 22, 2020
+.Dd April  3, 2021
 .Dt LITTERBOX 1
 .Os
 .
@@ -19,6 +19,7 @@
 .Op Fl l Ar limit
 .Op Fl n Ar nick
 .Op Fl p Ar port
+.Op Fl t Ar trust
 .Op Fl u Ar user
 .Op Fl w Ar pass
 .Op Ar config ...
@@ -213,6 +214,15 @@ The searchable columns are
 For search query syntax, see
 .Aq Lk https://www.sqlite.org/fts5.html#full_text_query_syntax .
 .
+.It Fl t Ar path , Cm trust = Ar path
+Trust the self-signed certificate loaded from
+.Ar path
+and disable server name verification.
+The
+.Ar path
+is searched for in the same manner
+as configuration files.
+.
 .It Fl u Ar user , Cm user = Ar user
 Set the username to
 .Ar user .
diff --git a/litterbox.c b/litterbox.c
index cd7227b..19bdca6 100644
--- a/litterbox.c
+++ b/litterbox.c
@@ -757,6 +757,7 @@ int main(int argc, char *argv[]) {
 	bool insecure = false;
 	const char *cert = NULL;
 	const char *priv = NULL;
+	const char *trust = NULL;
 	const char *defaultNetwork = NULL;
 
 	const char *nick = "litterbox";
@@ -780,6 +781,7 @@ int main(int argc, char *argv[]) {
 		{ .val = 'n', .name = "nick", required_argument },
 		{ .val = 'p', .name = "port", required_argument },
 		{ .val = 'q', .name = "private-query", no_argument },
+		{ .val = 't', .name = "trust", required_argument },
 		{ .val = 'u', .name = "user", required_argument },
 		{ .val = 'v', .name = "verbose", no_argument },
 		{ .val = 'w', .name = "pass", required_argument },
@@ -809,6 +811,7 @@ int main(int argc, char *argv[]) {
 			break; case 'n': nick = optarg;
 			break; case 'p': port = optarg;
 			break; case 'q': searchQuery = Private;
+			break; case 't': trust = optarg;
 			break; case 'u': user = optarg;
 			break; case 'v': verbose = true;
 			break; case 'w': pass = optarg;
@@ -858,10 +861,20 @@ int main(int argc, char *argv[]) {
 	if (error) {
 		errx(EX_SOFTWARE, "tls_config_set_ciphers: %s", tls_config_error(config));
 	}
+
 	if (insecure) {
 		tls_config_insecure_noverifycert(config);
 		tls_config_insecure_noverifyname(config);
 	}
+	if (trust) {
+		tls_config_insecure_noverifyname(config);
+		const char *dirs = NULL;
+		while (NULL != (path = configPath(&dirs, trust))) {
+			error = tls_config_set_ca_file(config, path);
+			if (!error) break;
+		}
+		if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config));
+	}
 
 	if (cert) {
 		const char *dirs = NULL;
-- 
cgit 1.4.1