From fe46dadeee715743e939d26f73ca54afe38b8a46 Mon Sep 17 00:00:00 2001 From: Paul Beckingham Date: Sun, 28 Sep 2014 17:39:45 -0400 Subject: [PATCH] TLS - When an invalid value for 'taskd.trust' is noticed, the 'sync' command will error out, and the 'diag' command will refer the user to the man page. This is because the allowed values were 'yes'/'no', and now are 'strict'/'ignore hostname'/'allow all'. --- src/commands/CmdDiagnostics.cpp | 11 ++++++----- src/commands/CmdSync.cpp | 11 +++++++++-- src/l10n/eng-USA.h | 1 + src/l10n/epo-RUS.h | 1 + src/l10n/esp-ESP.h | 1 + src/l10n/fra-FRA.h | 1 + src/l10n/ita-ITA.h | 1 + src/l10n/pol-POL.h | 1 + src/l10n/por-PRT.h | 1 + 9 files changed, 22 insertions(+), 7 deletions(-) diff --git a/src/commands/CmdDiagnostics.cpp b/src/commands/CmdDiagnostics.cpp index e8e219cc7..72477c1a2 100644 --- a/src/commands/CmdDiagnostics.cpp +++ b/src/commands/CmdDiagnostics.cpp @@ -272,12 +272,13 @@ int CmdDiagnostics::execute (std::string& output) ? " (readable)" : " (not readable)") << "\n"; - if (context.config.get ("taskd.trust") == "allow all") - out << " Trust: allow all\n"; - else if (context.config.get ("taskd.trust") == "ignore hostname") - out << " Trust: ignore hostanme\n"; + std::string trust_value = context.config.get ("taskd.trust"); + if (trust_value == "strict" || + trust_value == "ignore hostname" || + trust_value == "allow all") + out << " Trust: " << trust_value << "\n"; else - out << " Trust: strict\n"; + out << " Trust: Bad value - see 'man taskrc'\n"; out << "Certificate: " << context.config.get ("taskd.certificate") diff --git a/src/commands/CmdSync.cpp b/src/commands/CmdSync.cpp index 308218993..744eca53d 100644 --- a/src/commands/CmdSync.cpp +++ b/src/commands/CmdSync.cpp @@ -86,10 +86,17 @@ int CmdSync::execute (std::string& output) if (credentials.size () != 3) throw std::string (STRING_CMD_SYNC_BAD_CRED); + // This was a Boolean value in 2.3.0, and is a tri-state since 2.4.0. + std::string trust_value = context.config.get ("taskd.trust"); + if (trust_value != "strict" && + trust_value != "ignore hostname" && + trust_value != "allow all") + throw std::string (STRING_CMD_SYNC_TRUST_OBS); + enum TLSClient::trust_level trust = TLSClient::strict; - if (context.config.get ("taskd.trust") == "allow all") + if (trust_value == "allow all") trust = TLSClient::allow_all; - else if (context.config.get ("taskd.trust") == "ignore hostname") + else if (trust_value == "ignore hostname") trust = TLSClient::ignore_hostname; // CA must exist, if provided. diff --git a/src/l10n/eng-USA.h b/src/l10n/eng-USA.h index 8091d2f02..3dd41e6cb 100644 --- a/src/l10n/eng-USA.h +++ b/src/l10n/eng-USA.h @@ -488,6 +488,7 @@ #define STRING_CMD_SYNC_CONNECT "Could not connect to {1} {2}" #define STRING_CMD_SYNC_HANDSHAKE "Handshake failed. {1}" #define STRING_CMD_SYNC_TRUST_CA "You should either provide a CA certificate or override verification, but not both." +#define STRING_CMD_SYNC_TRUST_OBS "The 'taskd.trust' settings may now only contain a value of 'strict', 'ignore hostname' or 'allow all'." #define STRING_CMD_DIAG_USAGE "Platform, build and environment details" #define STRING_CMD_DIAG_PLATFORM "Platform" #define STRING_CMD_DIAG_UNKNOWN "" diff --git a/src/l10n/epo-RUS.h b/src/l10n/epo-RUS.h index c7657d6e0..6bac1bb66 100644 --- a/src/l10n/epo-RUS.h +++ b/src/l10n/epo-RUS.h @@ -488,6 +488,7 @@ #define STRING_CMD_SYNC_CONNECT "Ne povis konekti al {1} {2}" #define STRING_CMD_SYNC_HANDSHAKE "Handshake failed. {1}" #define STRING_CMD_SYNC_TRUST_CA "You should either provide a CA certificate or override verification, but not both." +#define STRING_CMD_SYNC_TRUST_OBS "The 'taskd.trust' settings may now only contain a value of 'strict', 'ignore hostname' or 'allow all'." #define STRING_CMD_DIAG_USAGE "Operaciuma, kompila, kaj media detaloj" #define STRING_CMD_DIAG_PLATFORM "Operaciumo" #define STRING_CMD_DIAG_UNKNOWN "" diff --git a/src/l10n/esp-ESP.h b/src/l10n/esp-ESP.h index 45ff07ad0..af3eb69c8 100644 --- a/src/l10n/esp-ESP.h +++ b/src/l10n/esp-ESP.h @@ -497,6 +497,7 @@ #define STRING_CMD_SYNC_CONNECT "No se pudo conectar a {1} {2}" #define STRING_CMD_SYNC_HANDSHAKE "Handshake fallido. {1}" #define STRING_CMD_SYNC_TRUST_CA "Debe proveer un certificado CA o la verificación de sobrescritura, pero no ambos." +#define STRING_CMD_SYNC_TRUST_OBS "The 'taskd.trust' settings may now only contain a value of 'strict', 'ignore hostname' or 'allow all'." #define STRING_CMD_DIAG_USAGE "Detalles de plataforma, construcción y entorno" #define STRING_CMD_DIAG_PLATFORM "Plataforma" #define STRING_CMD_DIAG_UNKNOWN "" diff --git a/src/l10n/fra-FRA.h b/src/l10n/fra-FRA.h index b96561dab..958fd8ed7 100644 --- a/src/l10n/fra-FRA.h +++ b/src/l10n/fra-FRA.h @@ -487,6 +487,7 @@ #define STRING_CMD_SYNC_CONNECT "Could not connect to {1} {2}" #define STRING_CMD_SYNC_HANDSHAKE "Handshake failed. {1}" #define STRING_CMD_SYNC_TRUST_CA "You should either provide a CA certificate or override verification, but not both." +#define STRING_CMD_SYNC_TRUST_OBS "The 'taskd.trust' settings may now only contain a value of 'strict', 'ignore hostname' or 'allow all'." #define STRING_CMD_DIAG_USAGE "Platform, build and environment details" #define STRING_CMD_DIAG_PLATFORM "Platform" #define STRING_CMD_DIAG_UNKNOWN "" diff --git a/src/l10n/ita-ITA.h b/src/l10n/ita-ITA.h index 4d0e2f2d3..ae1c40e71 100644 --- a/src/l10n/ita-ITA.h +++ b/src/l10n/ita-ITA.h @@ -488,6 +488,7 @@ #define STRING_CMD_SYNC_CONNECT "Could not connect to {1} {2}" #define STRING_CMD_SYNC_HANDSHAKE "Handshake failed. {1}" #define STRING_CMD_SYNC_TRUST_CA "You should either provide a CA certificate or override verification, but not both." +#define STRING_CMD_SYNC_TRUST_OBS "The 'taskd.trust' settings may now only contain a value of 'strict', 'ignore hostname' or 'allow all'." #define STRING_CMD_DIAG_USAGE "Dettagli su piattaforma, build e ambiente" #define STRING_CMD_DIAG_PLATFORM "Piattaforma" #define STRING_CMD_DIAG_UNKNOWN "" diff --git a/src/l10n/pol-POL.h b/src/l10n/pol-POL.h index cbf532430..aa36d4aff 100644 --- a/src/l10n/pol-POL.h +++ b/src/l10n/pol-POL.h @@ -488,6 +488,7 @@ #define STRING_CMD_SYNC_CONNECT "Nie mogę połączyć się z {1} {2}" #define STRING_CMD_SYNC_HANDSHAKE "Nieudany handshake. {1}" #define STRING_CMD_SYNC_TRUST_CA "Powinieneś udostępnić certyfikat CA lub nadpisać weryfikację. Wybierz jedną z opcji." +#define STRING_CMD_SYNC_TRUST_OBS "The 'taskd.trust' settings may now only contain a value of 'strict', 'ignore hostname' or 'allow all'." #define STRING_CMD_DIAG_USAGE "Szczegóły platformy i środowiska budowania" #define STRING_CMD_DIAG_PLATFORM "Platforma" #define STRING_CMD_DIAG_UNKNOWN "" diff --git a/src/l10n/por-PRT.h b/src/l10n/por-PRT.h index 1b5b449ce..37daad0b4 100644 --- a/src/l10n/por-PRT.h +++ b/src/l10n/por-PRT.h @@ -488,6 +488,7 @@ #define STRING_CMD_SYNC_CONNECT "Não foi possível connectar a {1} {2}" #define STRING_CMD_SYNC_HANDSHAKE "'Handshake' falhou. {1}" #define STRING_CMD_SYNC_TRUST_CA "Deve fornecer um certificado CA ou desactivar a verificação, mas não ambos." +#define STRING_CMD_SYNC_TRUST_OBS "The 'taskd.trust' settings may now only contain a value of 'strict', 'ignore hostname' or 'allow all'." #define STRING_CMD_DIAG_USAGE "Plataforma, versão e detalhes de ambiente" #define STRING_CMD_DIAG_PLATFORM "Plataforma" #define STRING_CMD_DIAG_UNKNOWN ""