2 * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3 * Copyright (C) 1999-2012 Colin Leroy <colin@colino.net>
4 * and the Claws Mail team
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "claws-features.h"
28 #include <libetpan/libetpan.h>
29 #include <gnutls/gnutls.h>
30 #include <gnutls/x509.h>
33 #include <glib/gi18n.h>
36 #include "ssl_certificate.h"
39 #include "prefs_account.h"
41 gboolean etpan_certificate_check(mailstream *stream, const char *host, gint port)
43 unsigned char *cert_der = NULL;
45 gnutls_x509_crt_t cert = NULL;
51 len = (int)mailstream_ssl_get_certificate(stream, &cert_der);
53 if (cert_der == NULL || len < 0) {
54 g_warning("no cert presented.\n");
58 tmp.data = malloc(len);
59 memcpy(tmp.data, cert_der, len);
61 gnutls_x509_crt_init(&cert);
65 if (gnutls_x509_crt_import(cert, &tmp, GNUTLS_X509_FMT_DER) < 0) {
67 g_warning("IMAP: can't get cert\n");
69 } else if (ssl_certificate_check(cert, (guint)-1, host, port) == TRUE) {
71 gnutls_x509_crt_deinit(cert);
75 gnutls_x509_crt_deinit(cert);
80 void etpan_connect_ssl_context_cb(struct mailstream_ssl_context * ssl_context, void * data)
82 PrefsAccount *account = (PrefsAccount *)data;
83 const gchar *cert_path = NULL;
84 const gchar *password = NULL;
85 gnutls_x509_crt_t x509 = NULL;
86 gnutls_x509_privkey_t pkey = NULL;
88 if (account->in_ssl_client_cert_file && *account->in_ssl_client_cert_file)
89 cert_path = account->in_ssl_client_cert_file;
90 if (account->in_ssl_client_cert_pass && *account->in_ssl_client_cert_pass)
91 password = account->in_ssl_client_cert_pass;
93 if (mailstream_ssl_set_client_certificate_data(ssl_context, NULL, 0) < 0 ||
94 mailstream_ssl_set_client_private_key_data(ssl_context, NULL, 0) < 0)
95 debug_print("Impossible to set the client certificate.\n");
96 x509 = ssl_certificate_get_x509_from_pem_file(cert_path);
97 pkey = ssl_certificate_get_pkey_from_pem_file(cert_path);
98 if (!(x509 && pkey)) {
99 /* try pkcs12 format */
100 ssl_certificate_get_x509_and_pkey_from_p12_file(cert_path, password, &x509, &pkey);
103 unsigned char *x509_der = NULL, *pkey_der = NULL;
104 size_t x509_len, pkey_len;
106 x509_len = (size_t)gnutls_i2d_X509(x509, &x509_der);
107 pkey_len = (size_t)gnutls_i2d_PrivateKey(pkey, &pkey_der);
108 if (x509_len > 0 && pkey_len > 0) {
109 if (mailstream_ssl_set_client_certificate_data(ssl_context, x509_der, x509_len) < 0 ||
110 mailstream_ssl_set_client_private_key_data(ssl_context, pkey_der, pkey_len) < 0)
111 log_error(LOG_PROTOCOL, _("Impossible to set the client certificate.\n"));
115 gnutls_x509_crt_deinit(x509);
116 gnutls_x509_privkey_deinit(pkey);
120 #endif /* USE_GNUTLS */
121 #endif /* HAVE_LIBETPAN */