Makes client certificate usage a bit more secure.

2 files changed, 17 insertions, 0 deletions

diff --git a/src/about/updates.gemini b/src/about/updates.gemini
index 7f4bae5..56d5452 100644
--- a/src/about/updates.gemini
+++ b/src/about/updates.gemini
@@ -9,6 +9,7 @@
 * Adds support for server certificate handling for gemini://
 * Reworked internal network structure. Makes room for future improvements
 * Pressing escape now resets search bar to current location
+* Client certificates are disabled when doing a host switch
 
 ## 0.2
 * Implement Ctrl+D/*Add to favourites* menu item
diff --git a/src/browsertab.cpp b/src/browsertab.cpp
index 359fd7c..456af37 100644
--- a/src/browsertab.cpp
+++ b/src/browsertab.cpp
@@ -663,9 +663,25 @@ bool BrowserTab::startRequest(const QUrl &url)
             if(answer != QMessageBox::Yes)
                 return false;
             this->current_handler->disableClientCertificate();
+            this->ui->enable_client_cert_button->setChecked(false);
         }
     } else {
         this->current_handler->disableClientCertificate();
+        this->ui->enable_client_cert_button->setChecked(false);
+    }
+
+    if(this->current_identitiy.isValid() and (url.host() != this->current_location.host())) {
+        auto answer = QMessageBox::question(
+            this,
+            "Kristall",
+            "You want to visit a new host, but have a client certificate enabled. This may be a risk to expose your identity to another host.\r\nDo you want to keep the certificate enabled?",
+            QMessageBox::Yes | QMessageBox::No,
+            QMessageBox::No
+        );
+        if(answer != QMessageBox::Yes) {
+            this->current_handler->disableClientCertificate();
+            this->ui->enable_client_cert_button->setChecked(false);
+        }
     }
 
     this->current_location = url;