A simple fix for I2P and Lokinet. #1445
Conversation
I know nothing about Vala, I just treated Vala as C when I was writing that code and was afraid of breaking anything. Maybe some others could get it into an array instead. |
|
Would be great to add snode aswell if that's possible |
| @@ -382,9 +382,11 @@ public class ConnectionManager : Object { | |||
| } | |||
|
|
|||
| public static bool on_invalid_certificate(string domain, TlsCertificate peer_cert, TlsCertificateFlags errors) { | |||
| if (domain.has_suffix(".onion") && errors == TlsCertificateFlags.UNKNOWN_CA) { | |||
| if ((domain.has_suffix(".onion") || domain.has_suffix(".i2p") || domain.has_suffix(".loki")) && errors == TlsCertificateFlags.UNKNOWN_CA) { | |||
There was a problem hiding this comment.
as @Quix0r pointed, you could do something like
string[] domain_exceptions = {".onion", ".i2p", ".loki", ".etc"};
foreach (string domain_exception in domain_exceptions) {
if ( domain.has_suffix(domain_exception) && errors == TlsCertificateFlags.UNKNOWN_CA) {
//do stuff
return true;
}
}There was a problem hiding this comment.
@PoneyClairDeLune Nice, and I wanted to add too that the domain_exceptions variable should have a more apt name like tld_exceptions, I think it's more readable
There was a problem hiding this comment.
@eerielili Done in e4da09f
PS: Not sure if I should have that string array placed outside of that validation function though... I know nothing about Vala.
There was a problem hiding this comment.
@PoneyClairDeLune Nice. Yeah, you should place inside the function, it looks cleaner and it'll work the same since they'll be in the same scope.
I'm not too big on OOP but I suggest declaring it as a private const string[] at the top of the class if needed in other functions, then you could call it with this.tld_exceptions.
@XutaxKamay What's an "snode"? Edit: Is it something related to the "Snet" in Cuba? |
https://git.lokinet.io/lokinet/lokinet/src/branch/dev/docs/dns-overview.md |
A simple fix for I2P and Lokinet.
The job of maintaining TLDs for mixnet TLDs can become overwhelming, just saying. Better to just offer a togglable option to allow untrusted certificates.