From f1f93aa5d55a32304fd5cdb966e229c0fc47739e Mon Sep 17 00:00:00 2001
From: Paul Beckingham <paul@beckingham.net>
Date: Sun, 3 Nov 2013 12:49:56 -0500
Subject: [PATCH] TLS

- If a CA is provided, it is used.
---
 src/commands/CmdSync.cpp | 17 ++++++++++++-----
 src/commands/CmdSync.h   |  2 +-
 src/en-US.h              |  3 ++-
 src/es-ES.h              |  3 ++-
 src/fr-FR.h              |  3 ++-
 src/it-IT.h              |  3 ++-
 6 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/src/commands/CmdSync.cpp b/src/commands/CmdSync.cpp
index 715abf645..c7f003cfd 100644
--- a/src/commands/CmdSync.cpp
+++ b/src/commands/CmdSync.cpp
@@ -96,11 +96,14 @@ int CmdSync::execute (std::string& output)
     throw std::string (STRING_CMD_SYNC_BAD_CRED);
 
   bool trust = context.config.getBoolean ("taskd.trust");
-/*
+
+  // CA must exist, if provided.
   File ca (context.config.get ("taskd.ca"));
   if (ca._data != "" && ! ca.exists ())
     throw std::string (STRING_CMD_SYNC_BAD_CA);
-*/
+
+  if (trust && ca._data != "")
+    throw std::string (STRING_CMD_SYNC_TRUST_CA);
 
   File certificate (context.config.get ("taskd.certificate"));
   if (! certificate.exists ())
@@ -164,7 +167,7 @@ int CmdSync::execute (std::string& output)
   signal (SIGUSR2,   SIG_IGN);
 
   Msg response;
-  if (send (connection, certificate._data, key._data, trust, request, response))
+  if (send (connection, ca._data, certificate._data, key._data, trust, request, response))
   {
     std::string code = response.get ("code");
     if (code == "200")
@@ -321,6 +324,7 @@ int CmdSync::execute (std::string& output)
 ////////////////////////////////////////////////////////////////////////////////
 bool CmdSync::send (
   const std::string& to,
+  const std::string& ca,
   const std::string& certificate,
   const std::string& key,
   bool trust,
@@ -339,10 +343,13 @@ bool CmdSync::send (
   {
     TLSClient client;
     client.debug (context.config.getInteger ("debug.tls"));
-    client.trust (trust);
+
+    // TODO Either use 'ca' or 'trust', but not both.
+    if (trust && ca == "")
+      client.trust (trust);
+
     client.init (certificate, key);
     client.connect (server, port);
-
     client.send (request.serialize () + "\n");
 
     std::string incoming;
diff --git a/src/commands/CmdSync.h b/src/commands/CmdSync.h
index d4cee496a..d7124739c 100644
--- a/src/commands/CmdSync.h
+++ b/src/commands/CmdSync.h
@@ -39,7 +39,7 @@ public:
   int execute (std::string&);
 
 private:
-  bool send (const std::string&, const std::string&, const std::string&, bool, const Msg&, Msg&);
+  bool send (const std::string&, const std::string&, const std::string&, const std::string&, bool, const Msg&, Msg&);
 };
 
 #endif
diff --git a/src/en-US.h b/src/en-US.h
index ab8e7acb8..7ab91dff8 100644
--- a/src/en-US.h
+++ b/src/en-US.h
@@ -425,10 +425,11 @@
 #define STRING_CMD_SYNC_NO_INIT      "Taskwarrior will not proceed with first-time sync initialization."
 #define STRING_CMD_SYNC_RELOCATE0    "The server account has been relocated.  Please update your configuration using:"
 #define STRING_CMD_SYNC_RELOCATE1    "task config taskd.server {1}"
-#define STRING_CMD_SYNC_NO_CA        "CA certificate not found."
+#define STRING_CMD_SYNC_BAD_CA       "CA certificate not found."
 #define STRING_CMD_SYNC_CONNECT      "Could not connect to {1} {2}"
 #define STRING_CMD_SYNC_HANDSHAKE    "Handshake failed.  {1}"
 #define STRING_CMD_SYNC_NOMERGE      "Task push/pull/merge is configured, deprecated, and does not work with 'sync'."
+#define STRING_CMD_SYNC_TRUST_CA     "You should either provide a CA certificate or override verification, but not both."
 #define STRING_CMD_DIAG_USAGE        "Platform, build and environment details"
 #define STRING_CMD_DIAG_PLATFORM     "Platform"
 #define STRING_CMD_DIAG_UNKNOWN      "<unknown>"
diff --git a/src/es-ES.h b/src/es-ES.h
index 7c2e4ff59..6650273dd 100644
--- a/src/es-ES.h
+++ b/src/es-ES.h
@@ -436,10 +436,11 @@
 #define STRING_CMD_SYNC_NO_INIT      "Taskwarrior will no procederá a la inicialización de la sincronización por primera vez."
 #define STRING_CMD_SYNC_RELOCATE0    "La cuenta del servidor ha sido reubicada. Por favor, actualice su configuración utilizando:"
 #define STRING_CMD_SYNC_RELOCATE1    "task config taskd.server {1}"
-#define STRING_CMD_SYNC_NO_CA        "Certificado CA no encontrado."
+#define STRING_CMD_SYNC_BAD_CA       "Certificado CA no encontrado."
 #define STRING_CMD_SYNC_CONNECT      "No se pudo conectar a {1} {2}"
 #define STRING_CMD_SYNC_HANDSHAKE    "Handshake fallido.  {1}"
 #define STRING_CMD_SYNC_NOMERGE      "Task push/pull/merge is configured, deprecated, and does not work with 'sync'."
+#define STRING_CMD_SYNC_TRUST_CA     "You should either provide a CA certificate or override verification, but not both."
 #define STRING_CMD_DIAG_USAGE        "Detalles de plataforma, construcción y entorno"
 #define STRING_CMD_DIAG_PLATFORM     "Plataforma"
 #define STRING_CMD_DIAG_UNKNOWN      "<desconocido>"
diff --git a/src/fr-FR.h b/src/fr-FR.h
index 0be2a7960..a9d0cd085 100644
--- a/src/fr-FR.h
+++ b/src/fr-FR.h
@@ -425,10 +425,11 @@
 #define STRING_CMD_SYNC_NO_INIT      "Taskwarrior will not proceed with first-time sync initialization."
 #define STRING_CMD_SYNC_RELOCATE0    "The server account has been relocated.  Please update your configuration using:"
 #define STRING_CMD_SYNC_RELOCATE1    "task config taskd.server {1}"
-#define STRING_CMD_SYNC_NO_CA        "CA certificate not found."
+#define STRING_CMD_SYNC_BAD_CA       "CA certificate not found."
 #define STRING_CMD_SYNC_CONNECT      "Could not connect to {1} {2}"
 #define STRING_CMD_SYNC_HANDSHAKE    "Handshake failed.  {1}"
 #define STRING_CMD_SYNC_NOMERGE      "Task push/pull/merge is configured, deprecated, and does not work with 'sync'."
+#define STRING_CMD_SYNC_TRUST_CA     "You should either provide a CA certificate or override verification, but not both."
 #define STRING_CMD_DIAG_USAGE        "Platform, build and environment details"
 #define STRING_CMD_DIAG_PLATFORM     "Platform"
 #define STRING_CMD_DIAG_UNKNOWN      "<unknown>"
diff --git a/src/it-IT.h b/src/it-IT.h
index 0653e1dcf..c38b56154 100644
--- a/src/it-IT.h
+++ b/src/it-IT.h
@@ -426,10 +426,11 @@
 #define STRING_CMD_SYNC_NO_INIT      "Taskwarrior will not proceed with first-time sync initialization."
 #define STRING_CMD_SYNC_RELOCATE0    "The server account has been relocated.  Please update your configuration using:"
 #define STRING_CMD_SYNC_RELOCATE1    "task config taskd.server {1}"
-#define STRING_CMD_SYNC_NO_CA        "CA certificate not found."
+#define STRING_CMD_SYNC_BAD_CA       "CA certificate not found."
 #define STRING_CMD_SYNC_CONNECT      "Could not connect to {1} {2}"
 #define STRING_CMD_SYNC_HANDSHAKE    "Handshake failed.  {1}"
 #define STRING_CMD_SYNC_NOMERGE      "Task push/pull/merge is configured, deprecated, and does not work with 'sync'."
+#define STRING_CMD_SYNC_TRUST_CA     "You should either provide a CA certificate or override verification, but not both."
 #define STRING_CMD_DIAG_USAGE        "Dettagli su piattaforma, build e ambiente"
 #define STRING_CMD_DIAG_PLATFORM     "Piattaforma"
 #define STRING_CMD_DIAG_UNKNOWN      "<sconoscito>"