From fe7effa97f20a8c09c65617d8346b1c75d1f7a8e Mon Sep 17 00:00:00 2001
From: "Felix (xq) Queißner" <git@mq32.de>
Date: Thu, 18 Jun 2020 19:10:39 +0200
Subject: Makes client certificate usage a bit more secure.

---
 src/browsertab.cpp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'src/browsertab.cpp')

diff --git a/src/browsertab.cpp b/src/browsertab.cpp
index 359fd7c..456af37 100644
--- a/src/browsertab.cpp
+++ b/src/browsertab.cpp
@@ -663,9 +663,25 @@ bool BrowserTab::startRequest(const QUrl &url)
             if(answer != QMessageBox::Yes)
                 return false;
             this->current_handler->disableClientCertificate();
+            this->ui->enable_client_cert_button->setChecked(false);
         }
     } else {
         this->current_handler->disableClientCertificate();
+        this->ui->enable_client_cert_button->setChecked(false);
+    }
+
+    if(this->current_identitiy.isValid() and (url.host() != this->current_location.host())) {
+        auto answer = QMessageBox::question(
+            this,
+            "Kristall",
+            "You want to visit a new host, but have a client certificate enabled. This may be a risk to expose your identity to another host.\r\nDo you want to keep the certificate enabled?",
+            QMessageBox::Yes | QMessageBox::No,
+            QMessageBox::No
+        );
+        if(answer != QMessageBox::Yes) {
+            this->current_handler->disableClientCertificate();
+            this->ui->enable_client_cert_button->setChecked(false);
+        }
     }
 
     this->current_location = url;
-- 
cgit v1.2.3