diff options
| author | Felix (xq) Queißner <git@mq32.de> | 2020-06-18 19:10:39 +0200 |
|---|---|---|
| committer | Felix (xq) Queißner <git@mq32.de> | 2020-06-18 19:10:39 +0200 |
| commit | fe7effa97f20a8c09c65617d8346b1c75d1f7a8e (patch) | |
| tree | ee63f96e8e92c5c153d64e447d40c24161424d29 | |
| parent | 34fe83beefddb46ef22adaf5f0bcd56195d48f17 (diff) | |
| download | kristall-fe7effa97f20a8c09c65617d8346b1c75d1f7a8e.tar.gz | |
Makes client certificate usage a bit more secure.
| -rw-r--r-- | README.md | 1 | ||||
| -rw-r--r-- | src/about/updates.gemini | 1 | ||||
| -rw-r--r-- | src/browsertab.cpp | 16 |
3 files changed, 17 insertions, 1 deletions
@@ -155,7 +155,6 @@ ln -s /path/to/kristall . - [x] Rename/delete certificates - [ ] Rename/delete/merge groups - [ ] Import/export PEM certificates and keys - - [ ] Ask if the client certificate should be disabled when switching host and/or protocol - [ ] Improve redirect handling - [ ] Option how to handle redirects: "automatic, ask when cross-host, ask always" - [ ] Option to set maximum number of redirects diff --git a/src/about/updates.gemini b/src/about/updates.gemini index 7f4bae5..56d5452 100644 --- a/src/about/updates.gemini +++ b/src/about/updates.gemini @@ -9,6 +9,7 @@ * Adds support for server certificate handling for gemini:// * Reworked internal network structure. Makes room for future improvements * Pressing escape now resets search bar to current location +* Client certificates are disabled when doing a host switch ## 0.2 * Implement Ctrl+D/*Add to favourites* menu item diff --git a/src/browsertab.cpp b/src/browsertab.cpp index 359fd7c..456af37 100644 --- a/src/browsertab.cpp +++ b/src/browsertab.cpp @@ -663,9 +663,25 @@ bool BrowserTab::startRequest(const QUrl &url) if(answer != QMessageBox::Yes) return false; this->current_handler->disableClientCertificate(); + this->ui->enable_client_cert_button->setChecked(false); } } else { this->current_handler->disableClientCertificate(); + this->ui->enable_client_cert_button->setChecked(false); + } + + if(this->current_identitiy.isValid() and (url.host() != this->current_location.host())) { + auto answer = QMessageBox::question( + this, + "Kristall", + "You want to visit a new host, but have a client certificate enabled. This may be a risk to expose your identity to another host.\r\nDo you want to keep the certificate enabled?", + QMessageBox::Yes | QMessageBox::No, + QMessageBox::No + ); + if(answer != QMessageBox::Yes) { + this->current_handler->disableClientCertificate(); + this->ui->enable_client_cert_button->setChecked(false); + } } this->current_location = url; |