TLS

- If a CA is provided, it is used.

src/commands/CmdSync.cpp

@@ -96,11 +96,14 @@ int CmdSync::execute (std::string& output)
     throw std::string (STRING_CMD_SYNC_BAD_CRED);
 
   bool trust = context.config.getBoolean ("taskd.trust");
-/*
+
+  // CA must exist, if provided.
   File ca (context.config.get ("taskd.ca"));
   if (ca._data != "" && ! ca.exists ())
     throw std::string (STRING_CMD_SYNC_BAD_CA);
-*/
+
+  if (trust && ca._data != "")
+    throw std::string (STRING_CMD_SYNC_TRUST_CA);
 
   File certificate (context.config.get ("taskd.certificate"));
   if (! certificate.exists ())
@@ -164,7 +167,7 @@ int CmdSync::execute (std::string& output)
   signal (SIGUSR2,   SIG_IGN);
 
   Msg response;
-  if (send (connection, certificate._data, key._data, trust, request, response))
+  if (send (connection, ca._data, certificate._data, key._data, trust, request, response))
   {
     std::string code = response.get ("code");
     if (code == "200")
@@ -321,6 +324,7 @@ int CmdSync::execute (std::string& output)
 ////////////////////////////////////////////////////////////////////////////////
 bool CmdSync::send (
   const std::string& to,
+  const std::string& ca,
   const std::string& certificate,
   const std::string& key,
   bool trust,
@@ -339,10 +343,13 @@ bool CmdSync::send (
   {
     TLSClient client;
     client.debug (context.config.getInteger ("debug.tls"));
+
+    // TODO Either use 'ca' or 'trust', but not both.
+    if (trust && ca == "")
       client.trust (trust);
+
     client.init (certificate, key);
     client.connect (server, port);
-
     client.send (request.serialize () + "\n");
 
     std::string incoming;

src/commands/CmdSync.h

@@ -39,7 +39,7 @@ public:
   int execute (std::string&);
 
 private:
-  bool send (const std::string&, const std::string&, const std::string&, bool, const Msg&, Msg&);
+  bool send (const std::string&, const std::string&, const std::string&, const std::string&, bool, const Msg&, Msg&);
 };
 
 #endif

src/en-US.h

@@ -425,10 +425,11 @@
 #define STRING_CMD_SYNC_NO_INIT      "Taskwarrior will not proceed with first-time sync initialization."
 #define STRING_CMD_SYNC_RELOCATE0    "The server account has been relocated.  Please update your configuration using:"
 #define STRING_CMD_SYNC_RELOCATE1    "task config taskd.server {1}"
-#define STRING_CMD_SYNC_NO_CA        "CA certificate not found."
+#define STRING_CMD_SYNC_BAD_CA       "CA certificate not found."
 #define STRING_CMD_SYNC_CONNECT      "Could not connect to {1} {2}"
 #define STRING_CMD_SYNC_HANDSHAKE    "Handshake failed.  {1}"
 #define STRING_CMD_SYNC_NOMERGE      "Task push/pull/merge is configured, deprecated, and does not work with 'sync'."
+#define STRING_CMD_SYNC_TRUST_CA     "You should either provide a CA certificate or override verification, but not both."
 #define STRING_CMD_DIAG_USAGE        "Platform, build and environment details"
 #define STRING_CMD_DIAG_PLATFORM     "Platform"
 #define STRING_CMD_DIAG_UNKNOWN      "<unknown>"

src/es-ES.h

@@ -436,10 +436,11 @@
 #define STRING_CMD_SYNC_NO_INIT      "Taskwarrior will no procederá a la inicialización de la sincronización por primera vez."
 #define STRING_CMD_SYNC_RELOCATE0    "La cuenta del servidor ha sido reubicada. Por favor, actualice su configuración utilizando:"
 #define STRING_CMD_SYNC_RELOCATE1    "task config taskd.server {1}"
-#define STRING_CMD_SYNC_NO_CA        "Certificado CA no encontrado."
+#define STRING_CMD_SYNC_BAD_CA       "Certificado CA no encontrado."
 #define STRING_CMD_SYNC_CONNECT      "No se pudo conectar a {1} {2}"
 #define STRING_CMD_SYNC_HANDSHAKE    "Handshake fallido.  {1}"
 #define STRING_CMD_SYNC_NOMERGE      "Task push/pull/merge is configured, deprecated, and does not work with 'sync'."
+#define STRING_CMD_SYNC_TRUST_CA     "You should either provide a CA certificate or override verification, but not both."
 #define STRING_CMD_DIAG_USAGE        "Detalles de plataforma, construcción y entorno"
 #define STRING_CMD_DIAG_PLATFORM     "Plataforma"
 #define STRING_CMD_DIAG_UNKNOWN      "<desconocido>"

src/fr-FR.h

@@ -425,10 +425,11 @@
 #define STRING_CMD_SYNC_NO_INIT      "Taskwarrior will not proceed with first-time sync initialization."
 #define STRING_CMD_SYNC_RELOCATE0    "The server account has been relocated.  Please update your configuration using:"
 #define STRING_CMD_SYNC_RELOCATE1    "task config taskd.server {1}"
-#define STRING_CMD_SYNC_NO_CA        "CA certificate not found."
+#define STRING_CMD_SYNC_BAD_CA       "CA certificate not found."
 #define STRING_CMD_SYNC_CONNECT      "Could not connect to {1} {2}"
 #define STRING_CMD_SYNC_HANDSHAKE    "Handshake failed.  {1}"
 #define STRING_CMD_SYNC_NOMERGE      "Task push/pull/merge is configured, deprecated, and does not work with 'sync'."
+#define STRING_CMD_SYNC_TRUST_CA     "You should either provide a CA certificate or override verification, but not both."
 #define STRING_CMD_DIAG_USAGE        "Platform, build and environment details"
 #define STRING_CMD_DIAG_PLATFORM     "Platform"
 #define STRING_CMD_DIAG_UNKNOWN      "<unknown>"

src/it-IT.h

@@ -426,10 +426,11 @@
 #define STRING_CMD_SYNC_NO_INIT      "Taskwarrior will not proceed with first-time sync initialization."
 #define STRING_CMD_SYNC_RELOCATE0    "The server account has been relocated.  Please update your configuration using:"
 #define STRING_CMD_SYNC_RELOCATE1    "task config taskd.server {1}"
-#define STRING_CMD_SYNC_NO_CA        "CA certificate not found."
+#define STRING_CMD_SYNC_BAD_CA       "CA certificate not found."
 #define STRING_CMD_SYNC_CONNECT      "Could not connect to {1} {2}"
 #define STRING_CMD_SYNC_HANDSHAKE    "Handshake failed.  {1}"
 #define STRING_CMD_SYNC_NOMERGE      "Task push/pull/merge is configured, deprecated, and does not work with 'sync'."
+#define STRING_CMD_SYNC_TRUST_CA     "You should either provide a CA certificate or override verification, but not both."
 #define STRING_CMD_DIAG_USAGE        "Dettagli su piattaforma, build e ambiente"
 #define STRING_CMD_DIAG_PLATFORM     "Piattaforma"
 #define STRING_CMD_DIAG_UNKNOWN      "<sconoscito>"