169acb13dbce7ec2f2c69c677dcee96ab816d009
[claws.git] / src / gtk / sslcertwindow.c
1 /*
2  * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 1999-2007 Colin Leroy <colin@colino.net> 
4  * and the Claws Mail team
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  * 
19  */
20
21 #ifdef HAVE_CONFIG_H
22 #  include "config.h"
23 #endif
24
25 #if (defined(USE_OPENSSL) || defined (USE_GNUTLS))
26
27 #if USE_OPENSSL
28 #include <openssl/ssl.h>
29 #else
30 #include <gnutls/gnutls.h>
31 #include <gnutls/x509.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <stdio.h>
35 #include <unistd.h>
36 #include <string.h>
37 #endif
38 #include <glib.h>
39 #include <glib/gi18n.h>
40 #include <gtk/gtk.h>
41
42 #include "prefs_common.h"
43 #include "defs.h"
44 #include "ssl_certificate.h"
45 #include "utils.h"
46 #include "alertpanel.h"
47 #include "hooks.h"
48
49 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert);
50 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert);
51 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert);
52
53 static GtkWidget *cert_presenter(SSLCertificate *cert)
54 {
55         GtkWidget *vbox = NULL;
56         GtkWidget *hbox = NULL;
57         GtkWidget *frame_owner = NULL;
58         GtkWidget *frame_signer = NULL;
59         GtkWidget *frame_status = NULL;
60         GtkTable *owner_table = NULL;
61         GtkTable *signer_table = NULL;
62         GtkTable *status_table = NULL;
63         GtkWidget *label = NULL;
64         
65         char *issuer_commonname, *issuer_location, *issuer_organization;
66         char *subject_commonname, *subject_location, *subject_organization;
67         char *fingerprint, *sig_status, *exp_date;
68         unsigned int n;
69         char buf[100];
70         unsigned char md[128];  
71 #if USE_OPENSSL
72         ASN1_TIME *validity;
73 #else
74         char *tmp;
75 #endif
76         time_t exp_time_t;
77         struct tm lt;
78
79         /* issuer */    
80 #if USE_OPENSSL
81         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
82                                        NID_commonName, buf, 100) >= 0)
83                 issuer_commonname = g_strdup(buf);
84         else
85                 issuer_commonname = g_strdup(_("<not in certificate>"));
86         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
87                                        NID_localityName, buf, 100) >= 0) {
88                 issuer_location = g_strdup(buf);
89                 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
90                                        NID_countryName, buf, 100) >= 0)
91                         issuer_location = g_strconcat(issuer_location,", ",buf, NULL);
92         } else if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
93                                        NID_countryName, buf, 100) >= 0)
94                 issuer_location = g_strdup(buf);
95         else
96                 issuer_location = g_strdup(_("<not in certificate>"));
97
98         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
99                                        NID_organizationName, buf, 100) >= 0)
100                 issuer_organization = g_strdup(buf);
101         else 
102                 issuer_organization = g_strdup(_("<not in certificate>"));
103          
104         /* subject */   
105         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
106                                        NID_commonName, buf, 100) >= 0)
107                 subject_commonname = g_strdup(buf);
108         else
109                 subject_commonname = g_strdup(_("<not in certificate>"));
110         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
111                                        NID_localityName, buf, 100) >= 0) {
112                 subject_location = g_strdup(buf);
113                 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
114                                        NID_countryName, buf, 100) >= 0)
115                         subject_location = g_strconcat(subject_location,", ",buf, NULL);
116         } else if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
117                                        NID_countryName, buf, 100) >= 0)
118                 subject_location = g_strdup(buf);
119         else
120                 subject_location = g_strdup(_("<not in certificate>"));
121
122         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
123                                        NID_organizationName, buf, 100) >= 0)
124                 subject_organization = g_strdup(buf);
125         else 
126                 subject_organization = g_strdup(_("<not in certificate>"));
127          
128         if ((validity = X509_get_notAfter(cert->x509_cert)) != NULL) {
129                 exp_time_t = asn1toTime(validity);
130         } else {
131                 exp_time_t = (time_t)0;
132         }
133 #else
134         issuer_commonname = g_malloc(BUFFSIZE);
135         issuer_location = g_malloc(BUFFSIZE);
136         issuer_organization = g_malloc(BUFFSIZE);
137         subject_commonname = g_malloc(BUFFSIZE);
138         subject_location = g_malloc(BUFFSIZE);
139         subject_organization = g_malloc(BUFFSIZE);
140
141         n = BUFFSIZE;
142         if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
143                 GNUTLS_OID_X520_COMMON_NAME, 0, 0, issuer_commonname, &n))
144                 strncpy(issuer_commonname, _("<not in certificate>"), BUFFSIZE);
145         n = BUFFSIZE;
146
147         if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
148                 GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, issuer_location, &n)) {
149                 if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
150                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, issuer_location, &n)) {
151                         strncpy(issuer_location, _("<not in certificate>"), BUFFSIZE);
152                 }
153         } else {
154                 tmp = g_malloc(BUFFSIZE);
155                 if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
156                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, tmp, &n) == 0) {
157                         strncat(issuer_location, ", ", BUFFSIZE-strlen(issuer_location));
158                         strncat(issuer_location, tmp, BUFFSIZE-strlen(issuer_location));
159                 }
160                 g_free(tmp);
161         }
162
163         n = BUFFSIZE;
164         if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
165                 GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, issuer_organization, &n))
166                 strncpy(issuer_organization, _("<not in certificate>"), BUFFSIZE);
167
168         n = BUFFSIZE;
169         if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
170                 GNUTLS_OID_X520_COMMON_NAME, 0, 0, subject_commonname, &n))
171                 strncpy(subject_commonname, _("<not in certificate>"), BUFFSIZE);
172         n = BUFFSIZE;
173
174         if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
175                 GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, subject_location, &n)) {
176                 if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
177                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, subject_location, &n)) {
178                         strncpy(subject_location, _("<not in certificate>"), BUFFSIZE);
179                 }
180         } else {
181                 tmp = g_malloc(BUFFSIZE);
182                 if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
183                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, tmp, &n) == 0) {
184                         strncat(subject_location, ", ", BUFFSIZE-strlen(subject_location));
185                         strncat(subject_location, tmp, BUFFSIZE-strlen(subject_location));
186                 }
187                 g_free(tmp);
188         }
189
190         n = BUFFSIZE;
191         if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
192                 GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, subject_organization, &n))
193                 strncpy(subject_organization, _("<not in certificate>"), BUFFSIZE);
194                 
195         exp_time_t = gnutls_x509_crt_get_expiration_time(cert->x509_cert);
196 #endif  
197
198         memset(buf, 0, sizeof(buf));
199         strftime(buf, sizeof(buf)-1, prefs_common.date_format, localtime_r(&exp_time_t, &lt));
200         exp_date = (*buf) ? g_strdup(buf):g_strdup("?");
201
202         /* fingerprint */
203 #if USE_OPENSSL
204         X509_digest(cert->x509_cert, EVP_md5(), md, &n);
205         fingerprint = readable_fingerprint(md, (int)n);
206
207         /* signature */
208         sig_status = ssl_certificate_check_signer(cert->x509_cert);
209 #else
210         n = 128;
211         gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_MD5, md, &n);
212         fingerprint = readable_fingerprint(md, (int)n);
213
214         /* signature */
215         sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
216 #endif
217
218         if (sig_status==NULL)
219                 sig_status = g_strdup(_("correct"));
220
221         vbox = gtk_vbox_new(FALSE, 5);
222         hbox = gtk_hbox_new(FALSE, 5);
223         
224         frame_owner  = gtk_frame_new(_("Owner"));
225         frame_signer = gtk_frame_new(_("Signer"));
226         frame_status = gtk_frame_new(_("Status"));
227         
228         owner_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
229         signer_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
230         status_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
231         
232         label = gtk_label_new(_("Name: "));
233         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
234         gtk_table_attach(owner_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
235         label = gtk_label_new(subject_commonname);
236         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
237         gtk_table_attach(owner_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
238         
239         label = gtk_label_new(_("Organization: "));
240         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
241         gtk_table_attach(owner_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
242         label = gtk_label_new(subject_organization);
243         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
244         gtk_table_attach(owner_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
245         
246         label = gtk_label_new(_("Location: "));
247         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
248         gtk_table_attach(owner_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
249         label = gtk_label_new(subject_location);
250         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
251         gtk_table_attach(owner_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
252
253         label = gtk_label_new(_("Name: "));
254         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
255         gtk_table_attach(signer_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
256         label = gtk_label_new(issuer_commonname);
257         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
258         gtk_table_attach(signer_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
259         
260         label = gtk_label_new(_("Organization: "));
261         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
262         gtk_table_attach(signer_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
263         label = gtk_label_new(issuer_organization);
264         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
265         gtk_table_attach(signer_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
266         
267         label = gtk_label_new(_("Location: "));
268         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
269         gtk_table_attach(signer_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
270         label = gtk_label_new(issuer_location);
271         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
272         gtk_table_attach(signer_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
273
274         label = gtk_label_new(_("Fingerprint: "));
275         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
276         gtk_table_attach(status_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
277         label = gtk_label_new(fingerprint);
278         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
279         gtk_table_attach(status_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
280         label = gtk_label_new(_("Signature status: "));
281         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
282         gtk_table_attach(status_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
283         label = gtk_label_new(sig_status);
284         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
285         gtk_table_attach(status_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
286         label = gtk_label_new(_("Expires on: "));
287         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
288         gtk_table_attach(status_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
289         label = gtk_label_new(exp_date);
290         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
291         gtk_table_attach(status_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
292         
293         gtk_container_add(GTK_CONTAINER(frame_owner), GTK_WIDGET(owner_table));
294         gtk_container_add(GTK_CONTAINER(frame_signer), GTK_WIDGET(signer_table));
295         gtk_container_add(GTK_CONTAINER(frame_status), GTK_WIDGET(status_table));
296         
297         gtk_box_pack_end(GTK_BOX(hbox), frame_signer, TRUE, TRUE, 0);
298         gtk_box_pack_end(GTK_BOX(hbox), frame_owner, TRUE, TRUE, 0);
299         gtk_box_pack_end(GTK_BOX(vbox), frame_status, TRUE, TRUE, 0);
300         gtk_box_pack_end(GTK_BOX(vbox), hbox, TRUE, TRUE, 0);
301         
302         gtk_widget_show_all(vbox);
303         
304         g_free(issuer_commonname);
305         g_free(issuer_location);
306         g_free(issuer_organization);
307         g_free(subject_commonname);
308         g_free(subject_location);
309         g_free(subject_organization);
310         g_free(fingerprint);
311         g_free(sig_status);
312         g_free(exp_date);
313         return vbox;
314 }
315
316 static gboolean sslcert_ask_hook(gpointer source, gpointer data)
317 {
318         SSLCertHookData *hookdata = (SSLCertHookData *)source;
319
320         if (prefs_common.skip_ssl_cert_check)
321                 return TRUE;
322
323         if (hookdata == NULL) {
324                 return FALSE;
325         }
326         if (hookdata->old_cert == NULL) {
327                 if (hookdata->expired)
328                         hookdata->accept = sslcertwindow_ask_expired_cert(hookdata->cert);
329                 else
330                         hookdata->accept = sslcertwindow_ask_new_cert(hookdata->cert);
331         } else {
332                 hookdata->accept = sslcertwindow_ask_changed_cert(hookdata->old_cert, hookdata->cert);
333         }
334         return TRUE;
335 }
336
337 void sslcertwindow_register_hook(void)
338 {
339         hooks_register_hook(SSLCERT_ASK_HOOKLIST, sslcert_ask_hook, NULL);
340 }
341
342 void sslcertwindow_show_cert(SSLCertificate *cert)
343 {
344         GtkWidget *cert_widget = cert_presenter(cert);
345         gchar *buf;
346         
347         buf = g_strdup_printf(_("SSL certificate for %s"), cert->host);
348         alertpanel_full(buf, NULL, GTK_STOCK_CLOSE, NULL, NULL,
349                         FALSE, cert_widget, ALERT_NOTICE, G_ALERTDEFAULT);
350         g_free(buf);
351 }
352
353 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert)
354 {
355         gchar *buf, *sig_status;
356         AlertValue val;
357         GtkWidget *vbox;
358         GtkWidget *label;
359         GtkWidget *button;
360         GtkWidget *cert_widget;
361         
362         vbox = gtk_vbox_new(FALSE, 5);
363         buf = g_strdup_printf(_("Certificate for %s is unknown.\nDo you want to accept it?"), cert->host);
364         label = gtk_label_new(buf);
365         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
366         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
367         g_free(buf);
368         
369 #if USE_OPENSSL
370         sig_status = ssl_certificate_check_signer(cert->x509_cert);
371 #else
372         sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
373 #endif
374         if (sig_status==NULL)
375                 sig_status = g_strdup(_("correct"));
376
377         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
378         label = gtk_label_new(buf);
379         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
380         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
381         g_free(buf);
382         g_free(sig_status);
383         
384         button = gtk_expander_new_with_mnemonic(_("_View certificate"));
385         gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
386         cert_widget = cert_presenter(cert);
387         gtk_container_add(GTK_CONTAINER(button), cert_widget);
388
389         val = alertpanel_full(_("Unknown SSL Certificate"), NULL,
390                               _("_Cancel connection"), _("_Accept and save"), NULL,
391                               FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
392         
393         return (val == G_ALERTALTERNATE);
394 }
395
396 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert)
397 {
398         gchar *buf, *sig_status;
399         AlertValue val;
400         GtkWidget *vbox;
401         GtkWidget *label;
402         GtkWidget *button;
403         GtkWidget *cert_widget;
404         
405         vbox = gtk_vbox_new(FALSE, 5);
406         buf = g_strdup_printf(_("Certificate for %s is expired.\nDo you want to continue?"), cert->host);
407         label = gtk_label_new(buf);
408         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
409         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
410         g_free(buf);
411         
412 #if USE_OPENSSL
413         sig_status = ssl_certificate_check_signer(cert->x509_cert);
414 #else
415         sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
416 #endif
417
418         if (sig_status==NULL)
419                 sig_status = g_strdup(_("correct"));
420
421         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
422         label = gtk_label_new(buf);
423         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
424         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
425         g_free(buf);
426         g_free(sig_status);
427         
428         button = gtk_expander_new_with_mnemonic(_("_View certificate"));
429         gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
430         cert_widget = cert_presenter(cert);
431         gtk_container_add(GTK_CONTAINER(button), cert_widget);
432
433         val = alertpanel_full(_("Expired SSL Certificate"), NULL,
434                               _("_Cancel connection"), _("_Accept"), NULL,
435                               FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
436         
437         return (val == G_ALERTALTERNATE);
438 }
439
440 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert)
441 {
442         GtkWidget *old_cert_widget = cert_presenter(old_cert);
443         GtkWidget *new_cert_widget = cert_presenter(new_cert);
444         GtkWidget *vbox;
445         gchar *buf, *sig_status;
446         GtkWidget *vbox2;
447         GtkWidget *label;
448         GtkWidget *button;
449         AlertValue val;
450         
451         vbox = gtk_vbox_new(FALSE, 5);
452         label = gtk_label_new(_("New certificate:"));
453         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
454         gtk_box_pack_end(GTK_BOX(vbox), new_cert_widget, TRUE, TRUE, 0);
455         gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
456         gtk_box_pack_end(GTK_BOX(vbox), gtk_hseparator_new(), TRUE, TRUE, 0);
457         label = gtk_label_new(_("Known certificate:"));
458         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
459         gtk_box_pack_end(GTK_BOX(vbox), old_cert_widget, TRUE, TRUE, 0);
460         gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
461         gtk_widget_show_all(vbox);
462         
463         vbox2 = gtk_vbox_new(FALSE, 5);
464         buf = g_strdup_printf(_("Certificate for %s has changed. Do you want to accept it?"), new_cert->host);
465         label = gtk_label_new(buf);
466         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
467         gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
468         g_free(buf);
469         
470 #if USE_OPENSSL
471         sig_status = ssl_certificate_check_signer(new_cert->x509_cert);
472 #else
473         sig_status = ssl_certificate_check_signer(new_cert->x509_cert, new_cert->status);
474 #endif
475
476         if (sig_status==NULL)
477                 sig_status = g_strdup(_("correct"));
478
479         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
480         label = gtk_label_new(buf);
481         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
482         gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
483         g_free(buf);
484         g_free(sig_status);
485         
486         button = gtk_expander_new_with_mnemonic(_("_View certificates"));
487         gtk_box_pack_start(GTK_BOX(vbox2), button, FALSE, FALSE, 0);
488         gtk_container_add(GTK_CONTAINER(button), vbox);
489
490         val = alertpanel_full(_("Changed SSL Certificate"), NULL,
491                               _("_Cancel connection"), _("_Accept and save"), NULL,
492                               FALSE, vbox2, ALERT_WARNING, G_ALERTDEFAULT);
493         
494         return (val == G_ALERTALTERNATE);
495 }
496 #endif