src/gtk/sslcertwindow.c

   1 /*
   2  * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
   3  * Copyright (C) 1999-2007 Colin Leroy <colin@colino.net>
   4  * and the Claws Mail team
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 #ifdef HAVE_CONFIG_H
  22 #  include "config.h"
  23 #endif
  24
  25 #if USE_OPENSSL
  26
  27 #include <openssl/ssl.h>
  28 #include <glib.h>
  29 #include <glib/gi18n.h>
  30 #include <gtk/gtk.h>
  31
  32 #include "prefs_common.h"
  33 #include "ssl_certificate.h"
  34 #include "utils.h"
  35 #include "alertpanel.h"
  36 #include "hooks.h"
  37
  38 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert);
  39 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert);
  40 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert);
  41
  42 static GtkWidget *cert_presenter(SSLCertificate *cert)
  43 {
  44         GtkWidget *vbox = NULL;
  45         GtkWidget *hbox = NULL;
  46         GtkWidget *frame_owner = NULL;
  47         GtkWidget *frame_signer = NULL;
  48         GtkWidget *frame_status = NULL;
  49         GtkTable *owner_table = NULL;
  50         GtkTable *signer_table = NULL;
  51         GtkTable *status_table = NULL;
  52         GtkWidget *label = NULL;
  53
  54         char buf[100];
  55         char *issuer_commonname, *issuer_location, *issuer_organization;
  56         char *subject_commonname, *subject_location, *subject_organization;
  57         char *fingerprint, *sig_status, *exp_date;
  58         unsigned int n;
  59         unsigned char md[EVP_MAX_MD_SIZE];
  60         ASN1_TIME *validity;
  61         time_t exp_time_t;
  62         struct tm lt;
  63
  64         /* issuer */
  65         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
  66                                        NID_commonName, buf, 100) >= 0)
  67                 issuer_commonname = g_strdup(buf);
  68         else
  69                 issuer_commonname = g_strdup(_("<not in certificate>"));
  70         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
  71                                        NID_localityName, buf, 100) >= 0) {
  72                 issuer_location = g_strdup(buf);
  73                 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
  74                                        NID_countryName, buf, 100) >= 0)
  75                         issuer_location = g_strconcat(issuer_location,", ",buf, NULL);
  76         } else if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
  77                                        NID_countryName, buf, 100) >= 0)
  78                 issuer_location = g_strdup(buf);
  79         else
  80                 issuer_location = g_strdup(_("<not in certificate>"));
  81
  82         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
  83                                        NID_organizationName, buf, 100) >= 0)
  84                 issuer_organization = g_strdup(buf);
  85         else
  86                 issuer_organization = g_strdup(_("<not in certificate>"));
  87
  88         /* subject */
  89         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
  90                                        NID_commonName, buf, 100) >= 0)
  91                 subject_commonname = g_strdup(buf);
  92         else
  93                 subject_commonname = g_strdup(_("<not in certificate>"));
  94         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
  95                                        NID_localityName, buf, 100) >= 0) {
  96                 subject_location = g_strdup(buf);
  97                 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
  98                                        NID_countryName, buf, 100) >= 0)
  99                         subject_location = g_strconcat(subject_location,", ",buf, NULL);
 100         } else if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
 101                                        NID_countryName, buf, 100) >= 0)
 102                 subject_location = g_strdup(buf);
 103         else
 104                 subject_location = g_strdup(_("<not in certificate>"));
 105
 106         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
 107                                        NID_organizationName, buf, 100) >= 0)
 108                 subject_organization = g_strdup(buf);
 109         else
 110                 subject_organization = g_strdup(_("<not in certificate>"));
 111
 112         if ((validity = X509_get_notAfter(cert->x509_cert)) != NULL) {
 113                 exp_time_t = asn1toTime(validity);
 114         } else {
 115                 exp_time_t = (time_t)0;
 116         }
 117
 118         memset(buf, 0, sizeof(buf));
 119         strftime(buf, sizeof(buf)-1, prefs_common.date_format, localtime_r(&exp_time_t, &lt));
 120         exp_date = buf? g_strdup(buf):g_strdup("?");
 121
 122         /* fingerprint */
 123         X509_digest(cert->x509_cert, EVP_md5(), md, &n);
 124         fingerprint = readable_fingerprint(md, (int)n);
 125
 126         /* signature */
 127         sig_status = ssl_certificate_check_signer(cert->x509_cert);
 128
 129         if (sig_status==NULL)
 130                 sig_status = g_strdup(_("correct"));
 131
 132         vbox = gtk_vbox_new(FALSE, 5);
 133         hbox = gtk_hbox_new(FALSE, 5);
 134
 135         frame_owner  = gtk_frame_new(_("Owner"));
 136         frame_signer = gtk_frame_new(_("Signer"));
 137         frame_status = gtk_frame_new(_("Status"));
 138
 139         owner_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
 140         signer_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
 141         status_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
 142
 143         label = gtk_label_new(_("Name: "));
 144         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
 145         gtk_table_attach(owner_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 146         label = gtk_label_new(subject_commonname);
 147         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 148         gtk_table_attach(owner_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 149
 150         label = gtk_label_new(_("Organization: "));
 151         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
 152         gtk_table_attach(owner_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 153         label = gtk_label_new(subject_organization);
 154         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 155         gtk_table_attach(owner_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 156
 157         label = gtk_label_new(_("Location: "));
 158         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
 159         gtk_table_attach(owner_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 160         label = gtk_label_new(subject_location);
 161         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 162         gtk_table_attach(owner_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 163
 164         label = gtk_label_new(_("Name: "));
 165         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
 166         gtk_table_attach(signer_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 167         label = gtk_label_new(issuer_commonname);
 168         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 169         gtk_table_attach(signer_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 170
 171         label = gtk_label_new(_("Organization: "));
 172         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
 173         gtk_table_attach(signer_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 174         label = gtk_label_new(issuer_organization);
 175         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 176         gtk_table_attach(signer_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 177
 178         label = gtk_label_new(_("Location: "));
 179         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
 180         gtk_table_attach(signer_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 181         label = gtk_label_new(issuer_location);
 182         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 183         gtk_table_attach(signer_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 184
 185         label = gtk_label_new(_("Fingerprint: "));
 186         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
 187         gtk_table_attach(status_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 188         label = gtk_label_new(fingerprint);
 189         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 190         gtk_table_attach(status_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 191         label = gtk_label_new(_("Signature status: "));
 192         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
 193         gtk_table_attach(status_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 194         label = gtk_label_new(sig_status);
 195         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 196         gtk_table_attach(status_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 197         label = gtk_label_new(_("Expires on: "));
 198         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
 199         gtk_table_attach(status_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 200         label = gtk_label_new(exp_date);
 201         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 202         gtk_table_attach(status_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
 203
 204         gtk_container_add(GTK_CONTAINER(frame_owner), GTK_WIDGET(owner_table));
 205         gtk_container_add(GTK_CONTAINER(frame_signer), GTK_WIDGET(signer_table));
 206         gtk_container_add(GTK_CONTAINER(frame_status), GTK_WIDGET(status_table));
 207
 208         gtk_box_pack_end(GTK_BOX(hbox), frame_signer, TRUE, TRUE, 0);
 209         gtk_box_pack_end(GTK_BOX(hbox), frame_owner, TRUE, TRUE, 0);
 210         gtk_box_pack_end(GTK_BOX(vbox), frame_status, TRUE, TRUE, 0);
 211         gtk_box_pack_end(GTK_BOX(vbox), hbox, TRUE, TRUE, 0);
 212
 213         gtk_widget_show_all(vbox);
 214
 215         g_free(issuer_commonname);
 216         g_free(issuer_location);
 217         g_free(issuer_organization);
 218         g_free(subject_commonname);
 219         g_free(subject_location);
 220         g_free(subject_organization);
 221         g_free(fingerprint);
 222         g_free(sig_status);
 223         g_free(exp_date);
 224         return vbox;
 225 }
 226
 227 static gboolean sslcert_ask_hook(gpointer source, gpointer data)
 228 {
 229         SSLCertHookData *hookdata = (SSLCertHookData *)source;
 230
 231         if (prefs_common.skip_ssl_cert_check)
 232                 return TRUE;
 233
 234         if (hookdata == NULL) {
 235                 return FALSE;
 236         }
 237         if (hookdata->old_cert == NULL) {
 238                 if (hookdata->expired)
 239                         hookdata->accept = sslcertwindow_ask_expired_cert(hookdata->cert);
 240                 else
 241                         hookdata->accept = sslcertwindow_ask_new_cert(hookdata->cert);
 242         } else {
 243                 hookdata->accept = sslcertwindow_ask_changed_cert(hookdata->old_cert, hookdata->cert);
 244         }
 245         return TRUE;
 246 }
 247
 248 void sslcertwindow_register_hook(void)
 249 {
 250         hooks_register_hook(SSLCERT_ASK_HOOKLIST, sslcert_ask_hook, NULL);
 251 }
 252
 253 void sslcertwindow_show_cert(SSLCertificate *cert)
 254 {
 255         GtkWidget *cert_widget = cert_presenter(cert);
 256         gchar *buf;
 257
 258         buf = g_strdup_printf(_("SSL certificate for %s"), cert->host);
 259         alertpanel_full(buf, NULL, GTK_STOCK_CLOSE, NULL, NULL,
 260                         FALSE, cert_widget, ALERT_NOTICE, G_ALERTDEFAULT);
 261         g_free(buf);
 262 }
 263
 264 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert)
 265 {
 266         gchar *buf, *sig_status;
 267         AlertValue val;
 268         GtkWidget *vbox;
 269         GtkWidget *label;
 270         GtkWidget *button;
 271         GtkWidget *cert_widget;
 272
 273         vbox = gtk_vbox_new(FALSE, 5);
 274         buf = g_strdup_printf(_("Certificate for %s is unknown.\nDo you want to accept it?"), cert->host);
 275         label = gtk_label_new(buf);
 276         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 277         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
 278         g_free(buf);
 279
 280         sig_status = ssl_certificate_check_signer(cert->x509_cert);
 281
 282         if (sig_status==NULL)
 283                 sig_status = g_strdup(_("correct"));
 284
 285         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
 286         label = gtk_label_new(buf);
 287         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 288         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
 289         g_free(buf);
 290         g_free(sig_status);
 291
 292         button = gtk_expander_new_with_mnemonic(_("_View certificate"));
 293         gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
 294         cert_widget = cert_presenter(cert);
 295         gtk_container_add(GTK_CONTAINER(button), cert_widget);
 296
 297         val = alertpanel_full(_("Unknown SSL Certificate"), NULL,
 298                               _("_Cancel connection"), _("_Accept and save"), NULL,
 299                               FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
 300
 301         return (val == G_ALERTALTERNATE);
 302 }
 303
 304 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert)
 305 {
 306         gchar *buf, *sig_status;
 307         AlertValue val;
 308         GtkWidget *vbox;
 309         GtkWidget *label;
 310         GtkWidget *button;
 311         GtkWidget *cert_widget;
 312
 313         vbox = gtk_vbox_new(FALSE, 5);
 314         buf = g_strdup_printf(_("Certificate for %s is expired.\nDo you want to continue?"), cert->host);
 315         label = gtk_label_new(buf);
 316         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 317         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
 318         g_free(buf);
 319
 320         sig_status = ssl_certificate_check_signer(cert->x509_cert);
 321
 322         if (sig_status==NULL)
 323                 sig_status = g_strdup(_("correct"));
 324
 325         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
 326         label = gtk_label_new(buf);
 327         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 328         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
 329         g_free(buf);
 330         g_free(sig_status);
 331
 332         button = gtk_expander_new_with_mnemonic(_("_View certificate"));
 333         gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
 334         cert_widget = cert_presenter(cert);
 335         gtk_container_add(GTK_CONTAINER(button), cert_widget);
 336
 337         val = alertpanel_full(_("Expired SSL Certificate"), NULL,
 338                               _("_Cancel connection"), _("_Accept"), NULL,
 339                               FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
 340
 341         return (val == G_ALERTALTERNATE);
 342 }
 343
 344 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert)
 345 {
 346         GtkWidget *old_cert_widget = cert_presenter(old_cert);
 347         GtkWidget *new_cert_widget = cert_presenter(new_cert);
 348         GtkWidget *vbox;
 349         gchar *buf, *sig_status;
 350         GtkWidget *vbox2;
 351         GtkWidget *label;
 352         GtkWidget *button;
 353         AlertValue val;
 354
 355         vbox = gtk_vbox_new(FALSE, 5);
 356         label = gtk_label_new(_("New certificate:"));
 357         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 358         gtk_box_pack_end(GTK_BOX(vbox), new_cert_widget, TRUE, TRUE, 0);
 359         gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
 360         gtk_box_pack_end(GTK_BOX(vbox), gtk_hseparator_new(), TRUE, TRUE, 0);
 361         label = gtk_label_new(_("Known certificate:"));
 362         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 363         gtk_box_pack_end(GTK_BOX(vbox), old_cert_widget, TRUE, TRUE, 0);
 364         gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
 365         gtk_widget_show_all(vbox);
 366
 367         vbox2 = gtk_vbox_new(FALSE, 5);
 368         buf = g_strdup_printf(_("Certificate for %s has changed. Do you want to accept it?"), new_cert->host);
 369         label = gtk_label_new(buf);
 370         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 371         gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
 372         g_free(buf);
 373
 374         sig_status = ssl_certificate_check_signer(new_cert->x509_cert);
 375
 376         if (sig_status==NULL)
 377                 sig_status = g_strdup(_("correct"));
 378
 379         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
 380         label = gtk_label_new(buf);
 381         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
 382         gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
 383         g_free(buf);
 384         g_free(sig_status);
 385
 386         button = gtk_expander_new_with_mnemonic(_("_View certificates"));
 387         gtk_box_pack_start(GTK_BOX(vbox2), button, FALSE, FALSE, 0);
 388         gtk_container_add(GTK_CONTAINER(button), vbox);
 389
 390         val = alertpanel_full(_("Changed SSL Certificate"), NULL,
 391                               _("_Cancel connection"), _("_Accept and save"), NULL,
 392                               FALSE, vbox2, ALERT_WARNING, G_ALERTDEFAULT);
 393
 394         return (val == G_ALERTALTERNATE);
 395 }
 396 #endif