Add initial support for choosing to still connect when the server uses a self-signed cert and verify_vertificates is turned on

This commit is contained in:
Ken-Håvard Lieng 2017-07-04 11:28:56 +02:00
parent 3f70567d56
commit c005fc7cae
7 changed files with 81 additions and 22 deletions

File diff suppressed because one or more lines are too long

View File

@ -1,6 +1,7 @@
import { socketAction } from 'state/actions';
import { setConnected } from 'state/app';
import { broadcast, inform, print, addMessage, addMessages } from 'state/messages';
import { reconnect } from 'state/servers';
import { select } from 'state/tab';
import { normalizeChannel } from 'util';
@ -98,6 +99,15 @@ export default function handleSocket({ socket, store: { dispatch, getState } })
dispatch(addMessage(message, tab.server, tab.name));
},
connection_update({ server, errorType }) {
if (errorType === 'verify' &&
confirm('The server is using a self-signed certificate, continue anyway?')) {
dispatch(reconnect(server, {
skipVerify: true
}));
}
},
_connected(connected) {
dispatch(setConnected(connected));
}

View File

@ -28,6 +28,7 @@ export const TOGGLE_SEARCH = 'TOGGLE_SEARCH';
export const AWAY = 'AWAY';
export const CONNECT = 'CONNECT';
export const DISCONNECT = 'DISCONNECT';
export const RECONNECT = 'RECONNECT';
export const SET_NICK = 'SET_NICK';
export const SET_SERVER_NAME = 'SET_SERVER_NAME';
export const WHOIS = 'WHOIS';

View File

@ -150,6 +150,21 @@ export function disconnect(server) {
};
}
export function reconnect(server, settings) {
return {
type: actions.RECONNECT,
server,
settings,
socket: {
type: 'reconnect',
data: {
...settings,
server
}
}
};
}
export function whois(user, server) {
return {
type: actions.WHOIS,

View File

@ -3,6 +3,7 @@ package irc
import (
"bufio"
"crypto/tls"
"crypto/x509"
"errors"
"fmt"
"net"
@ -33,6 +34,10 @@ func (c *Client) Connect(address string) {
go c.run()
}
func (c *Client) Reconnect() {
close(c.reconnect)
}
func (c *Client) Write(data string) {
c.out <- data + "\r\n"
}
@ -64,8 +69,9 @@ func (c *Client) run() {
return
case <-c.reconnect:
if c.Connected() {
c.disconnect()
c.connChange(false, nil)
}
c.sendRecv.Wait()
c.reconnect = make(chan struct{})
@ -107,6 +113,9 @@ func (c *Client) tryConnect() {
err := c.connect()
if err != nil {
c.connChange(false, err)
if _, ok := err.(x509.UnknownAuthorityError); ok {
return
}
} else {
c.backoff.Reset()
@ -181,7 +190,8 @@ func (c *Client) recv() {
return
default:
close(c.reconnect)
c.connChange(false, nil)
c.Reconnect()
return
}
}

View File

@ -1,6 +1,7 @@
package server
import (
"crypto/x509"
"encoding/json"
"github.com/khlieng/dispatch/irc"
@ -27,10 +28,16 @@ type ServerName struct {
Name string `json:"name"`
}
type ReconnectSettings struct {
Server string `json:"server"`
SkipVerify bool `json:"skipVerify"`
}
type ConnectionUpdate struct {
Server string `json:"server"`
Connected bool `json:"connected"`
Error string `json:"error,omitempty"`
ErrorType string `json:"errorType,omitempty"`
}
func newConnectionUpdate(server string, state irc.ConnectionState) ConnectionUpdate {
@ -40,6 +47,9 @@ func newConnectionUpdate(server string, state irc.ConnectionState) ConnectionUpd
}
if state.Error != nil {
status.Error = state.Error.Error()
if _, ok := state.Error.(x509.UnknownAuthorityError); ok {
status.ErrorType = "verify"
}
}
return status
}

View File

@ -95,6 +95,18 @@ func (h *wsHandler) connect(b []byte) {
}
}
func (h *wsHandler) reconnect(b []byte) {
var data ReconnectSettings
json.Unmarshal(b, &data)
if i, ok := h.session.getIRC(data.Server); ok && !i.Connected() {
if i.TLS {
i.TLSConfig.InsecureSkipVerify = data.SkipVerify
}
i.Reconnect()
}
}
func (h *wsHandler) join(b []byte) {
var data Join
json.Unmarshal(b, &data)
@ -252,6 +264,7 @@ func (h *wsHandler) setServerName(b []byte) {
func (h *wsHandler) initHandlers() {
h.handlers = map[string]func([]byte){
"connect": h.connect,
"reconnect": h.reconnect,
"join": h.join,
"part": h.part,
"quit": h.quit,