From 49305319496965ecf18963a81bf8a5a69df0d97e Mon Sep 17 00:00:00 2001
From: allexzander <blackslayer4@gmail.com>
Date: Fri, 7 Oct 2022 18:09:10 +0300
Subject: [PATCH] Command-line client. Do not trust SSL certificates by
 default, unlss '--trust' option is set.

Signed-off-by: allexzander <blackslayer4@gmail.com>
---
 src/cmd/cmd.cpp                   |  1 +
 src/cmd/simplesslerrorhandler.cpp | 20 +++++++++++++++-----
 src/libsync/account.cpp           | 10 ++++++++++
 src/libsync/account.h             |  5 +++++
 4 files changed, 31 insertions(+), 5 deletions(-)

--- a/src/cmd/cmd.cpp
+++ b/src/cmd/cmd.cpp
@@ -447,6 +447,7 @@ int main(int argc, char **argv)
     account->setUrl(url);
     account->setCredentials(cred);
     account->setSslErrorHandler(sslErrorHandler);
+    account->setTrustCertificates(options.trustSSL);
 
     // Perform a call to get the capabilities.
     if (!options.nonShib) {
--- a/src/cmd/simplesslerrorhandler.cpp
+++ b/src/cmd/simplesslerrorhandler.cpp
@@ -19,17 +19,27 @@ namespace OCC {
 
 bool SimpleSslErrorHandler::handleErrors(QList<QSslError> errors, const QSslConfiguration &conf, QList<QSslCertificate> *certs, OCC::AccountPtr account)
 {
-    (void)account;
-    (void)conf;
+    Q_UNUSED(conf);
 
-    if (!certs) {
-        qDebug() << "Certs parameter required but is NULL!";
+    if (!account || !certs) {
+        qDebug() << "account and certs parameters are required!";
         return false;
     }
 
+    if (account->trustCertificates()) {
+        for (const auto &error : qAsConst(errors)) {
+            certs->append(error.certificate());
+        }
+        return true;
+    }
+
     for (const auto &error : qAsConst(errors)) {
-        certs->append(error.certificate());
+        if (!account->approvedCerts().contains(error.certificate())) {
+            certs->append(error.certificate());
+            return false;
+        }
     }
+
     return true;
 }
 }
--- a/src/libsync/account.cpp
+++ b/src/libsync/account.cpp
@@ -658,4 +658,14 @@ void Account::slotDirectEditingRecieved(
     }
 }
 
+void Account::setTrustCertificates(bool trustCertificates)
+{
+    _trustCertificates = trustCertificates;
+}
+
+bool Account::trustCertificates() const
+{
+    return _trustCertificates;
+}
+
 } // namespace OCC
--- a/src/libsync/account.h
+++ b/src/libsync/account.h
@@ -249,6 +249,9 @@ public:
     // Check for the directEditing capability
     void fetchDirectEditors(const QUrl &directEditingURL, const QString &directEditingETag);
 
+    void setTrustCertificates(bool trustCertificates);
+    [[nodiscard]] bool trustCertificates() const;
+
 public slots:
     /// Used when forgetting credentials
     void clearQNAMCache();
@@ -287,6 +290,8 @@ private:
     Account(QObject *parent = nullptr);
     void setSharedThis(AccountPtr sharedThis);
 
+    bool _trustCertificates = false;
+
     QWeakPointer<Account> _sharedThis;
     QString _id;
     QString _davUser;