2 * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3 * Copyright (C) 1999-2012 Colin Leroy <colin@colino.net>
4 * and the Claws Mail team
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #include <gnutls/gnutls.h>
28 #include <gnutls/x509.h>
29 #include <sys/types.h>
36 #include <glib/gi18n.h>
39 #include "prefs_common.h"
41 #include "ssl_certificate.h"
43 #include "alertpanel.h"
46 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert);
47 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert);
48 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert);
50 static GtkWidget *cert_presenter(SSLCertificate *cert)
52 GtkWidget *vbox = NULL;
53 GtkWidget *hbox = NULL;
54 GtkWidget *frame_owner = NULL;
55 GtkWidget *frame_signer = NULL;
56 GtkWidget *frame_status = NULL;
57 GtkTable *owner_table = NULL;
58 GtkTable *signer_table = NULL;
59 GtkTable *status_table = NULL;
60 GtkWidget *label = NULL;
62 char *issuer_commonname, *issuer_location, *issuer_organization;
63 char *subject_commonname, *subject_location, *subject_organization;
64 char *sig_status, *exp_date;
65 char *md5_fingerprint, *sha1_fingerprint, *fingerprint;
68 unsigned char md[128];
74 issuer_commonname = g_malloc(BUFFSIZE);
75 issuer_location = g_malloc(BUFFSIZE);
76 issuer_organization = g_malloc(BUFFSIZE);
77 subject_commonname = g_malloc(BUFFSIZE);
78 subject_location = g_malloc(BUFFSIZE);
79 subject_organization = g_malloc(BUFFSIZE);
82 if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert,
83 GNUTLS_OID_X520_COMMON_NAME, 0, 0, issuer_commonname, &n))
84 strncpy(issuer_commonname, _("<not in certificate>"), BUFFSIZE);
87 if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert,
88 GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, issuer_location, &n)) {
89 if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert,
90 GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, issuer_location, &n)) {
91 strncpy(issuer_location, _("<not in certificate>"), BUFFSIZE);
94 tmp = g_malloc(BUFFSIZE);
95 if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert,
96 GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, tmp, &n) == 0) {
97 strncat(issuer_location, ", ", BUFFSIZE-strlen(issuer_location)-1);
98 strncat(issuer_location, tmp, BUFFSIZE-strlen(issuer_location)-1);
104 if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert,
105 GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, issuer_organization, &n))
106 strncpy(issuer_organization, _("<not in certificate>"), BUFFSIZE);
109 if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert,
110 GNUTLS_OID_X520_COMMON_NAME, 0, 0, subject_commonname, &n))
111 strncpy(subject_commonname, _("<not in certificate>"), BUFFSIZE);
114 if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert,
115 GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, subject_location, &n)) {
116 if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert,
117 GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, subject_location, &n)) {
118 strncpy(subject_location, _("<not in certificate>"), BUFFSIZE);
121 tmp = g_malloc(BUFFSIZE);
122 if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert,
123 GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, tmp, &n) == 0) {
124 strncat(subject_location, ", ", BUFFSIZE-strlen(subject_location)-1);
125 strncat(subject_location, tmp, BUFFSIZE-strlen(subject_location)-1);
131 if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert,
132 GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, subject_organization, &n))
133 strncpy(subject_organization, _("<not in certificate>"), BUFFSIZE);
135 exp_time_t = gnutls_x509_crt_get_expiration_time(cert->x509_cert);
137 memset(buf, 0, sizeof(buf));
138 if (exp_time_t > 0) {
139 fast_strftime(buf, sizeof(buf)-1, prefs_common.date_format, localtime_r(&exp_time_t, <));
140 exp_date = (*buf) ? g_strdup(buf):g_strdup("?");
142 exp_date = g_strdup("");
146 gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_MD5, md, &n);
147 md5_fingerprint = readable_fingerprint(md, (int)n);
149 gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA1, md, &n);
150 sha1_fingerprint = readable_fingerprint(md, (int)n);
153 sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
155 if (sig_status==NULL)
156 sig_status = g_strdup(_("Correct"));
158 vbox = gtk_vbox_new(FALSE, 5);
159 hbox = gtk_hbox_new(FALSE, 5);
161 frame_owner = gtk_frame_new(_("Owner"));
162 frame_signer = gtk_frame_new(_("Signer"));
163 frame_status = gtk_frame_new(_("Status"));
165 owner_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
166 signer_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
167 status_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
169 label = gtk_label_new(_("Name: "));
170 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
171 gtk_table_attach(owner_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
172 label = gtk_label_new(subject_commonname);
173 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
174 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
175 gtk_table_attach(owner_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
177 label = gtk_label_new(_("Organization: "));
178 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
179 gtk_table_attach(owner_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
180 label = gtk_label_new(subject_organization);
181 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
182 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
183 gtk_table_attach(owner_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
185 label = gtk_label_new(_("Location: "));
186 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
187 gtk_table_attach(owner_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
188 label = gtk_label_new(subject_location);
189 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
190 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
191 gtk_table_attach(owner_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
193 label = gtk_label_new(_("Name: "));
194 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
195 gtk_table_attach(signer_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
196 label = gtk_label_new(issuer_commonname);
197 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
198 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
199 gtk_table_attach(signer_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
201 label = gtk_label_new(_("Organization: "));
202 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
203 gtk_table_attach(signer_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
204 label = gtk_label_new(issuer_organization);
205 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
206 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
207 gtk_table_attach(signer_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
209 label = gtk_label_new(_("Location: "));
210 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
211 gtk_table_attach(signer_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
212 label = gtk_label_new(issuer_location);
213 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
214 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
215 gtk_table_attach(signer_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
217 label = gtk_label_new(_("Fingerprint: \n"));
218 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
219 gtk_table_attach(status_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
220 fingerprint = g_strdup_printf("MD5: %s\nSHA1: %s",
221 md5_fingerprint, sha1_fingerprint);
222 label = gtk_label_new(fingerprint);
224 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
225 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
226 gtk_table_attach(status_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
227 label = gtk_label_new(_("Signature status: "));
228 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
229 gtk_table_attach(status_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
230 label = gtk_label_new(sig_status);
231 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
232 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
233 gtk_table_attach(status_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
234 label = gtk_label_new(_("Expires on: "));
235 gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
236 gtk_table_attach(status_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
237 label = gtk_label_new(exp_date);
238 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
239 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
240 gtk_table_attach(status_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
242 gtk_container_add(GTK_CONTAINER(frame_owner), GTK_WIDGET(owner_table));
243 gtk_container_add(GTK_CONTAINER(frame_signer), GTK_WIDGET(signer_table));
244 gtk_container_add(GTK_CONTAINER(frame_status), GTK_WIDGET(status_table));
246 gtk_box_pack_end(GTK_BOX(hbox), frame_signer, TRUE, TRUE, 0);
247 gtk_box_pack_end(GTK_BOX(hbox), frame_owner, TRUE, TRUE, 0);
248 gtk_box_pack_end(GTK_BOX(vbox), frame_status, TRUE, TRUE, 0);
249 gtk_box_pack_end(GTK_BOX(vbox), hbox, TRUE, TRUE, 0);
251 gtk_widget_show_all(vbox);
253 g_free(issuer_commonname);
254 g_free(issuer_location);
255 g_free(issuer_organization);
256 g_free(subject_commonname);
257 g_free(subject_location);
258 g_free(subject_organization);
259 g_free(md5_fingerprint);
260 g_free(sha1_fingerprint);
266 static gboolean sslcert_ask_hook(gpointer source, gpointer data)
268 SSLCertHookData *hookdata = (SSLCertHookData *)source;
270 if (hookdata == NULL) {
274 if (prefs_common.skip_ssl_cert_check) {
275 hookdata->accept = TRUE;
279 if (hookdata->old_cert == NULL) {
280 if (hookdata->expired)
281 hookdata->accept = sslcertwindow_ask_expired_cert(hookdata->cert);
283 hookdata->accept = sslcertwindow_ask_new_cert(hookdata->cert);
285 hookdata->accept = sslcertwindow_ask_changed_cert(hookdata->old_cert, hookdata->cert);
290 void sslcertwindow_register_hook(void)
292 hooks_register_hook(SSLCERT_ASK_HOOKLIST, sslcert_ask_hook, NULL);
295 void sslcertwindow_show_cert(SSLCertificate *cert)
297 GtkWidget *cert_widget = cert_presenter(cert);
300 buf = g_strdup_printf(_("SSL certificate for %s"), cert->host);
301 alertpanel_full(buf, NULL, GTK_STOCK_CLOSE, NULL, NULL,
302 FALSE, cert_widget, ALERT_NOTICE, G_ALERTDEFAULT);
306 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert)
308 gchar *buf, *sig_status;
313 GtkWidget *cert_widget;
315 vbox = gtk_vbox_new(FALSE, 5);
316 buf = g_strdup_printf(_("Certificate for %s is unknown.\nDo you want to accept it?"), cert->host);
317 label = gtk_label_new(buf);
318 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
319 gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
322 sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
323 if (sig_status==NULL)
324 sig_status = g_strdup(_("Correct"));
326 buf = g_strdup_printf(_("Signature status: %s"), sig_status);
327 label = gtk_label_new(buf);
328 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
329 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
330 gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
334 button = gtk_expander_new_with_mnemonic(_("_View certificate"));
335 gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
336 cert_widget = cert_presenter(cert);
337 gtk_container_add(GTK_CONTAINER(button), cert_widget);
339 val = alertpanel_full(_("Unknown SSL Certificate"), NULL,
340 _("_Cancel connection"), _("_Accept and save"), NULL,
341 FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
343 return (val == G_ALERTALTERNATE);
346 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert)
348 gchar *buf, *sig_status;
353 GtkWidget *cert_widget;
355 vbox = gtk_vbox_new(FALSE, 5);
356 buf = g_strdup_printf(_("Certificate for %s is expired.\nDo you want to continue?"), cert->host);
357 label = gtk_label_new(buf);
358 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
359 gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
362 sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
364 if (sig_status==NULL)
365 sig_status = g_strdup(_("Correct"));
367 buf = g_strdup_printf(_("Signature status: %s"), sig_status);
368 label = gtk_label_new(buf);
369 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
370 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
371 gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
375 button = gtk_expander_new_with_mnemonic(_("_View certificate"));
376 gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
377 cert_widget = cert_presenter(cert);
378 gtk_container_add(GTK_CONTAINER(button), cert_widget);
380 val = alertpanel_full(_("Expired SSL Certificate"), NULL,
381 _("_Cancel connection"), _("_Accept"), NULL,
382 FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
384 return (val == G_ALERTALTERNATE);
387 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert)
389 GtkWidget *old_cert_widget = cert_presenter(old_cert);
390 GtkWidget *new_cert_widget = cert_presenter(new_cert);
392 gchar *buf, *sig_status;
398 vbox = gtk_vbox_new(FALSE, 5);
399 label = gtk_label_new(_("New certificate:"));
400 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
401 gtk_box_pack_end(GTK_BOX(vbox), new_cert_widget, TRUE, TRUE, 0);
402 gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
403 gtk_box_pack_end(GTK_BOX(vbox), gtk_hseparator_new(), TRUE, TRUE, 0);
404 label = gtk_label_new(_("Known certificate:"));
405 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
406 gtk_box_pack_end(GTK_BOX(vbox), old_cert_widget, TRUE, TRUE, 0);
407 gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
408 gtk_widget_show_all(vbox);
410 vbox2 = gtk_vbox_new(FALSE, 5);
411 buf = g_strdup_printf(_("Certificate for %s has changed. Do you want to accept it?"), new_cert->host);
412 label = gtk_label_new(buf);
413 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
414 gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
417 sig_status = ssl_certificate_check_signer(new_cert->x509_cert, new_cert->status);
419 if (sig_status==NULL)
420 sig_status = g_strdup(_("Correct"));
422 buf = g_strdup_printf(_("Signature status: %s"), sig_status);
423 label = gtk_label_new(buf);
424 gtk_label_set_selectable(GTK_LABEL(label), TRUE);
425 gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
426 gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
430 button = gtk_expander_new_with_mnemonic(_("_View certificates"));
431 gtk_box_pack_start(GTK_BOX(vbox2), button, FALSE, FALSE, 0);
432 gtk_container_add(GTK_CONTAINER(button), vbox);
434 val = alertpanel_full(_("Changed SSL Certificate"), NULL,
435 _("_Cancel connection"), _("_Accept and save"), NULL,
436 FALSE, vbox2, ALERT_WARNING, G_ALERTDEFAULT);
438 return (val == G_ALERTALTERNATE);
projects / claws.git / blob