2 * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
3 * Copyright (C) 1999-2006 Hiroyuki Yamamoto
4 * This file Copyright (C) 2002-2005 Colin Leroy <colin@colino.net>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
27 #include <openssl/ssl.h>
29 #include <glib/gi18n.h>
32 #include "ssl_certificate.h"
34 #include "alertpanel.h"
37 gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert);
38 gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert);
40 GtkWidget *cert_presenter(SSLCertificate *cert)
42 GtkWidget *vbox = NULL;
43 GtkWidget *hbox = NULL;
44 GtkWidget *frame_owner = NULL;
45 GtkWidget *frame_signer = NULL;
46 GtkWidget *frame_status = NULL;
47 GtkTable *owner_table = NULL;
48 GtkTable *signer_table = NULL;
49 GtkTable *status_table = NULL;
50 GtkWidget *label = NULL;
52 char *issuer_commonname, *issuer_location, *issuer_organization;
53 char *subject_commonname, *subject_location, *subject_organization;
54 char *fingerprint, *sig_status;
56 unsigned char md[EVP_MAX_MD_SIZE];
59 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
60 NID_commonName, buf, 100) >= 0)
61 issuer_commonname = g_strdup(buf);
63 issuer_commonname = g_strdup(_("<not in certificate>"));
64 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
65 NID_localityName, buf, 100) >= 0) {
66 issuer_location = g_strdup(buf);
67 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
68 NID_countryName, buf, 100) >= 0)
69 issuer_location = g_strconcat(issuer_location,", ",buf, NULL);
70 } else if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
71 NID_countryName, buf, 100) >= 0)
72 issuer_location = g_strdup(buf);
74 issuer_location = g_strdup(_("<not in certificate>"));
76 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
77 NID_organizationName, buf, 100) >= 0)
78 issuer_organization = g_strdup(buf);
80 issuer_organization = g_strdup(_("<not in certificate>"));
83 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
84 NID_commonName, buf, 100) >= 0)
85 subject_commonname = g_strdup(buf);
87 subject_commonname = g_strdup(_("<not in certificate>"));
88 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
89 NID_localityName, buf, 100) >= 0) {
90 subject_location = g_strdup(buf);
91 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
92 NID_countryName, buf, 100) >= 0)
93 subject_location = g_strconcat(subject_location,", ",buf, NULL);
94 } else if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
95 NID_countryName, buf, 100) >= 0)
96 subject_location = g_strdup(buf);
98 subject_location = g_strdup(_("<not in certificate>"));
100 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
101 NID_organizationName, buf, 100) >= 0)
102 subject_organization = g_strdup(buf);
104 subject_organization = g_strdup(_("<not in certificate>"));
107 X509_digest(cert->x509_cert, EVP_md5(), md, &n);
108 fingerprint = readable_fingerprint(md, (int)n);
111 sig_status = ssl_certificate_check_signer(cert->x509_cert);
113 if (sig_status==NULL)
114 sig_status = g_strdup(_("correct"));
116 vbox = gtk_vbox_new(FALSE, 5);
117 hbox = gtk_hbox_new(FALSE, 5);
119 frame_owner = gtk_frame_new(_("Owner"));
120 frame_signer = gtk_frame_new(_("Signer"));
121 frame_status = gtk_frame_new(_("Status"));
123 owner_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
124 signer_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
125 status_table = GTK_TABLE(gtk_table_new(2, 2, FALSE));
127 label = gtk_label_new(_("Name: "));
128 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
129 gtk_table_attach(owner_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
130 label = gtk_label_new(subject_commonname);
131 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
132 gtk_table_attach(owner_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
134 label = gtk_label_new(_("Organization: "));
135 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
136 gtk_table_attach(owner_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
137 label = gtk_label_new(subject_organization);
138 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
139 gtk_table_attach(owner_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
141 label = gtk_label_new(_("Location: "));
142 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
143 gtk_table_attach(owner_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
144 label = gtk_label_new(subject_location);
145 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
146 gtk_table_attach(owner_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
148 label = gtk_label_new(_("Name: "));
149 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
150 gtk_table_attach(signer_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
151 label = gtk_label_new(issuer_commonname);
152 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
153 gtk_table_attach(signer_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
155 label = gtk_label_new(_("Organization: "));
156 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
157 gtk_table_attach(signer_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
158 label = gtk_label_new(issuer_organization);
159 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
160 gtk_table_attach(signer_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
162 label = gtk_label_new(_("Location: "));
163 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
164 gtk_table_attach(signer_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
165 label = gtk_label_new(issuer_location);
166 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
167 gtk_table_attach(signer_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
169 label = gtk_label_new(_("Fingerprint: "));
170 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
171 gtk_table_attach(status_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
172 label = gtk_label_new(fingerprint);
173 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
174 gtk_table_attach(status_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
175 label = gtk_label_new(_("Signature status: "));
176 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
177 gtk_table_attach(status_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
178 label = gtk_label_new(sig_status);
179 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
180 gtk_table_attach(status_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
182 gtk_container_add(GTK_CONTAINER(frame_owner), GTK_WIDGET(owner_table));
183 gtk_container_add(GTK_CONTAINER(frame_signer), GTK_WIDGET(signer_table));
184 gtk_container_add(GTK_CONTAINER(frame_status), GTK_WIDGET(status_table));
186 gtk_box_pack_end(GTK_BOX(hbox), frame_signer, TRUE, TRUE, 0);
187 gtk_box_pack_end(GTK_BOX(hbox), frame_owner, TRUE, TRUE, 0);
188 gtk_box_pack_end(GTK_BOX(vbox), frame_status, TRUE, TRUE, 0);
189 gtk_box_pack_end(GTK_BOX(vbox), hbox, TRUE, TRUE, 0);
191 gtk_widget_show_all(vbox);
193 g_free(issuer_commonname);
194 g_free(issuer_location);
195 g_free(issuer_organization);
196 g_free(subject_commonname);
197 g_free(subject_location);
198 g_free(subject_organization);
205 static gboolean sslcert_ask_hook(gpointer source, gpointer data)
207 SSLCertHookData *hookdata = (SSLCertHookData *)source;
208 if (hookdata == NULL) {
211 if (hookdata->old_cert == NULL)
212 hookdata->accept = sslcertwindow_ask_new_cert(hookdata->cert);
214 hookdata->accept = sslcertwindow_ask_changed_cert(hookdata->old_cert, hookdata->cert);
219 void sslcertwindow_register_hook(void)
221 hooks_register_hook(SSLCERT_ASK_HOOKLIST, sslcert_ask_hook, NULL);
224 void sslcertwindow_show_cert(SSLCertificate *cert)
226 GtkWidget *cert_widget = cert_presenter(cert);
229 buf = g_strdup_printf(_("SSL certificate for %s"), cert->host);
230 alertpanel_full(buf, NULL, GTK_STOCK_CLOSE, NULL, NULL,
231 FALSE, cert_widget, ALERT_NOTICE, G_ALERTDEFAULT);
235 gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert)
237 gchar *buf, *sig_status;
242 GtkWidget *cert_widget;
244 vbox = gtk_vbox_new(FALSE, 5);
245 buf = g_strdup_printf(_("Certificate for %s is unknown.\nDo you want to accept it?"), cert->host);
246 label = gtk_label_new(buf);
247 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
248 gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
251 sig_status = ssl_certificate_check_signer(cert->x509_cert);
253 if (sig_status==NULL)
254 sig_status = g_strdup(_("correct"));
256 buf = g_strdup_printf(_("Signature status: %s"), sig_status);
257 label = gtk_label_new(buf);
258 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
259 gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
263 button = gtk_expander_new_with_mnemonic(_("_View certificate"));
264 gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
265 cert_widget = cert_presenter(cert);
266 gtk_container_add(GTK_CONTAINER(button), cert_widget);
268 val = alertpanel_full(_("Unknown SSL Certificate"), NULL,
269 _("_Accept and save"), _("_Cancel connection"), NULL,
270 FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
272 return (val == G_ALERTDEFAULT);
275 gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert)
277 GtkWidget *old_cert_widget = cert_presenter(old_cert);
278 GtkWidget *new_cert_widget = cert_presenter(new_cert);
280 gchar *buf, *sig_status;
286 vbox = gtk_vbox_new(FALSE, 5);
287 label = gtk_label_new(_("New certificate:"));
288 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
289 gtk_box_pack_end(GTK_BOX(vbox), new_cert_widget, TRUE, TRUE, 0);
290 gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
291 gtk_box_pack_end(GTK_BOX(vbox), gtk_hseparator_new(), TRUE, TRUE, 0);
292 label = gtk_label_new(_("Known certificate:"));
293 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
294 gtk_box_pack_end(GTK_BOX(vbox), old_cert_widget, TRUE, TRUE, 0);
295 gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
296 gtk_widget_show_all(vbox);
298 vbox2 = gtk_vbox_new(FALSE, 5);
299 buf = g_strdup_printf(_("Certificate for %s has changed. Do you want to accept it?"), new_cert->host);
300 label = gtk_label_new(buf);
301 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
302 gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
305 sig_status = ssl_certificate_check_signer(new_cert->x509_cert);
307 if (sig_status==NULL)
308 sig_status = g_strdup(_("correct"));
310 buf = g_strdup_printf(_("Signature status: %s"), sig_status);
311 label = gtk_label_new(buf);
312 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
313 gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
317 button = gtk_expander_new_with_mnemonic(_("_View certificates"));
318 gtk_box_pack_start(GTK_BOX(vbox2), button, FALSE, FALSE, 0);
319 gtk_container_add(GTK_CONTAINER(button), vbox);
321 val = alertpanel_full(_("Changed SSL Certificate"), NULL,
322 _("_Accept and save"), _("_Cancel connection"), NULL,
323 FALSE, vbox2, ALERT_WARNING, G_ALERTDEFAULT);
325 return (val == G_ALERTDEFAULT);