2 * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
3 * Copyright (C) 1999-2006 Hiroyuki Yamamoto
4 * This file Copyright (C) 2002-2005 Colin Leroy <colin@colino.net>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
27 #include <openssl/ssl.h>
29 #include <glib/gi18n.h>
32 #include "prefs_common.h"
33 #include "ssl_certificate.h"
35 #include "alertpanel.h"
38 gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert);
39 gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert);
40 gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert);
42 GtkWidget *cert_presenter(SSLCertificate *cert)
44 GtkWidget *vbox = NULL;
45 GtkWidget *hbox = NULL;
46 GtkWidget *frame_owner = NULL;
47 GtkWidget *frame_signer = NULL;
48 GtkWidget *frame_status = NULL;
49 GtkTable *owner_table = NULL;
50 GtkTable *signer_table = NULL;
51 GtkTable *status_table = NULL;
52 GtkWidget *label = NULL;
55 char *issuer_commonname, *issuer_location, *issuer_organization;
56 char *subject_commonname, *subject_location, *subject_organization;
57 char *fingerprint, *sig_status, *exp_date;
59 unsigned char md[EVP_MAX_MD_SIZE];
64 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
65 NID_commonName, buf, 100) >= 0)
66 issuer_commonname = g_strdup(buf);
68 issuer_commonname = g_strdup(_("<not in certificate>"));
69 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
70 NID_localityName, buf, 100) >= 0) {
71 issuer_location = g_strdup(buf);
72 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
73 NID_countryName, buf, 100) >= 0)
74 issuer_location = g_strconcat(issuer_location,", ",buf, NULL);
75 } else if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
76 NID_countryName, buf, 100) >= 0)
77 issuer_location = g_strdup(buf);
79 issuer_location = g_strdup(_("<not in certificate>"));
81 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
82 NID_organizationName, buf, 100) >= 0)
83 issuer_organization = g_strdup(buf);
85 issuer_organization = g_strdup(_("<not in certificate>"));
88 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
89 NID_commonName, buf, 100) >= 0)
90 subject_commonname = g_strdup(buf);
92 subject_commonname = g_strdup(_("<not in certificate>"));
93 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
94 NID_localityName, buf, 100) >= 0) {
95 subject_location = g_strdup(buf);
96 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
97 NID_countryName, buf, 100) >= 0)
98 subject_location = g_strconcat(subject_location,", ",buf, NULL);
99 } else if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
100 NID_countryName, buf, 100) >= 0)
101 subject_location = g_strdup(buf);
103 subject_location = g_strdup(_("<not in certificate>"));
105 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
106 NID_organizationName, buf, 100) >= 0)
107 subject_organization = g_strdup(buf);
109 subject_organization = g_strdup(_("<not in certificate>"));
111 if ((validity = X509_get_notAfter(cert->x509_cert)) != NULL) {
112 exp_time_t = asn1toTime(validity);
114 exp_time_t = (time_t)0;
117 memset(buf, 0, sizeof(buf));
118 strftime(buf, sizeof(buf)-1, prefs_common.date_format, localtime(&exp_time_t));
119 exp_date = buf? g_strdup(buf):g_strdup("?");
122 X509_digest(cert->x509_cert, EVP_md5(), md, &n);
123 fingerprint = readable_fingerprint(md, (int)n);
126 sig_status = ssl_certificate_check_signer(cert->x509_cert);
128 if (sig_status==NULL)
129 sig_status = g_strdup(_("correct"));
131 vbox = gtk_vbox_new(FALSE, 5);
132 hbox = gtk_hbox_new(FALSE, 5);
134 frame_owner = gtk_frame_new(_("Owner"));
135 frame_signer = gtk_frame_new(_("Signer"));
136 frame_status = gtk_frame_new(_("Status"));
138 owner_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
139 signer_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
140 status_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
142 label = gtk_label_new(_("Name: "));
143 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
144 gtk_table_attach(owner_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
145 label = gtk_label_new(subject_commonname);
146 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
147 gtk_table_attach(owner_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
149 label = gtk_label_new(_("Organization: "));
150 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
151 gtk_table_attach(owner_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
152 label = gtk_label_new(subject_organization);
153 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
154 gtk_table_attach(owner_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
156 label = gtk_label_new(_("Location: "));
157 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
158 gtk_table_attach(owner_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
159 label = gtk_label_new(subject_location);
160 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
161 gtk_table_attach(owner_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
163 label = gtk_label_new(_("Name: "));
164 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
165 gtk_table_attach(signer_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
166 label = gtk_label_new(issuer_commonname);
167 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
168 gtk_table_attach(signer_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
170 label = gtk_label_new(_("Organization: "));
171 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
172 gtk_table_attach(signer_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
173 label = gtk_label_new(issuer_organization);
174 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
175 gtk_table_attach(signer_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
177 label = gtk_label_new(_("Location: "));
178 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
179 gtk_table_attach(signer_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
180 label = gtk_label_new(issuer_location);
181 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
182 gtk_table_attach(signer_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
184 label = gtk_label_new(_("Fingerprint: "));
185 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
186 gtk_table_attach(status_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
187 label = gtk_label_new(fingerprint);
188 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
189 gtk_table_attach(status_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
190 label = gtk_label_new(_("Signature status: "));
191 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
192 gtk_table_attach(status_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
193 label = gtk_label_new(sig_status);
194 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
195 gtk_table_attach(status_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
196 label = gtk_label_new(_("Expires on: "));
197 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
198 gtk_table_attach(status_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
199 label = gtk_label_new(exp_date);
200 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
201 gtk_table_attach(status_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
203 gtk_container_add(GTK_CONTAINER(frame_owner), GTK_WIDGET(owner_table));
204 gtk_container_add(GTK_CONTAINER(frame_signer), GTK_WIDGET(signer_table));
205 gtk_container_add(GTK_CONTAINER(frame_status), GTK_WIDGET(status_table));
207 gtk_box_pack_end(GTK_BOX(hbox), frame_signer, TRUE, TRUE, 0);
208 gtk_box_pack_end(GTK_BOX(hbox), frame_owner, TRUE, TRUE, 0);
209 gtk_box_pack_end(GTK_BOX(vbox), frame_status, TRUE, TRUE, 0);
210 gtk_box_pack_end(GTK_BOX(vbox), hbox, TRUE, TRUE, 0);
212 gtk_widget_show_all(vbox);
214 g_free(issuer_commonname);
215 g_free(issuer_location);
216 g_free(issuer_organization);
217 g_free(subject_commonname);
218 g_free(subject_location);
219 g_free(subject_organization);
226 static gboolean sslcert_ask_hook(gpointer source, gpointer data)
228 SSLCertHookData *hookdata = (SSLCertHookData *)source;
230 if (prefs_common.skip_ssl_cert_check)
233 if (hookdata == NULL) {
236 if (hookdata->old_cert == NULL) {
237 if (hookdata->expired)
238 hookdata->accept = sslcertwindow_ask_expired_cert(hookdata->cert);
240 hookdata->accept = sslcertwindow_ask_new_cert(hookdata->cert);
242 hookdata->accept = sslcertwindow_ask_changed_cert(hookdata->old_cert, hookdata->cert);
247 void sslcertwindow_register_hook(void)
249 hooks_register_hook(SSLCERT_ASK_HOOKLIST, sslcert_ask_hook, NULL);
252 void sslcertwindow_show_cert(SSLCertificate *cert)
254 GtkWidget *cert_widget = cert_presenter(cert);
257 buf = g_strdup_printf(_("SSL certificate for %s"), cert->host);
258 alertpanel_full(buf, NULL, GTK_STOCK_CLOSE, NULL, NULL,
259 FALSE, cert_widget, ALERT_NOTICE, G_ALERTDEFAULT);
263 gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert)
265 gchar *buf, *sig_status;
270 GtkWidget *cert_widget;
272 vbox = gtk_vbox_new(FALSE, 5);
273 buf = g_strdup_printf(_("Certificate for %s is unknown.\nDo you want to accept it?"), cert->host);
274 label = gtk_label_new(buf);
275 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
276 gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
279 sig_status = ssl_certificate_check_signer(cert->x509_cert);
281 if (sig_status==NULL)
282 sig_status = g_strdup(_("correct"));
284 buf = g_strdup_printf(_("Signature status: %s"), sig_status);
285 label = gtk_label_new(buf);
286 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
287 gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
291 button = gtk_expander_new_with_mnemonic(_("_View certificate"));
292 gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
293 cert_widget = cert_presenter(cert);
294 gtk_container_add(GTK_CONTAINER(button), cert_widget);
296 val = alertpanel_full(_("Unknown SSL Certificate"), NULL,
297 _("_Cancel connection"), _("_Accept and save"), NULL,
298 FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
300 return (val == G_ALERTALTERNATE);
303 gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert)
305 gchar *buf, *sig_status;
310 GtkWidget *cert_widget;
312 vbox = gtk_vbox_new(FALSE, 5);
313 buf = g_strdup_printf(_("Certificate for %s is expired.\nDo you want to continue?"), cert->host);
314 label = gtk_label_new(buf);
315 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
316 gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
319 sig_status = ssl_certificate_check_signer(cert->x509_cert);
321 if (sig_status==NULL)
322 sig_status = g_strdup(_("correct"));
324 buf = g_strdup_printf(_("Signature status: %s"), sig_status);
325 label = gtk_label_new(buf);
326 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
327 gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
331 button = gtk_expander_new_with_mnemonic(_("_View certificate"));
332 gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
333 cert_widget = cert_presenter(cert);
334 gtk_container_add(GTK_CONTAINER(button), cert_widget);
336 val = alertpanel_full(_("Expired SSL Certificate"), NULL,
337 _("_Cancel connection"), _("_Accept"), NULL,
338 FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
340 return (val == G_ALERTALTERNATE);
343 gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert)
345 GtkWidget *old_cert_widget = cert_presenter(old_cert);
346 GtkWidget *new_cert_widget = cert_presenter(new_cert);
348 gchar *buf, *sig_status;
354 vbox = gtk_vbox_new(FALSE, 5);
355 label = gtk_label_new(_("New certificate:"));
356 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
357 gtk_box_pack_end(GTK_BOX(vbox), new_cert_widget, TRUE, TRUE, 0);
358 gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
359 gtk_box_pack_end(GTK_BOX(vbox), gtk_hseparator_new(), TRUE, TRUE, 0);
360 label = gtk_label_new(_("Known certificate:"));
361 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
362 gtk_box_pack_end(GTK_BOX(vbox), old_cert_widget, TRUE, TRUE, 0);
363 gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
364 gtk_widget_show_all(vbox);
366 vbox2 = gtk_vbox_new(FALSE, 5);
367 buf = g_strdup_printf(_("Certificate for %s has changed. Do you want to accept it?"), new_cert->host);
368 label = gtk_label_new(buf);
369 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
370 gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
373 sig_status = ssl_certificate_check_signer(new_cert->x509_cert);
375 if (sig_status==NULL)
376 sig_status = g_strdup(_("correct"));
378 buf = g_strdup_printf(_("Signature status: %s"), sig_status);
379 label = gtk_label_new(buf);
380 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
381 gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
385 button = gtk_expander_new_with_mnemonic(_("_View certificates"));
386 gtk_box_pack_start(GTK_BOX(vbox2), button, FALSE, FALSE, 0);
387 gtk_container_add(GTK_CONTAINER(button), vbox);
389 val = alertpanel_full(_("Changed SSL Certificate"), NULL,
390 _("_Cancel connection"), _("_Accept and save"), NULL,
391 FALSE, vbox2, ALERT_WARNING, G_ALERTDEFAULT);
393 return (val == G_ALERTALTERNATE);
projects / claws.git / blob