/*
* Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
- * Copyright (C) 1999-2011 Hiroyuki Yamamoto and the Claws Mail team
+ * Copyright (C) 1999-2012 Hiroyuki Yamamoto and the Claws Mail team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#ifdef HAVE_CONFIG_H
# include "config.h"
+#include "claws-features.h"
#endif
#ifdef USE_GNUTLS
const char *cert_files[]={
"/etc/pki/tls/certs/ca-bundle.crt",
"/etc/certs/ca-bundle.crt",
+ "/etc/ssl/ca-bundle.pem",
"/usr/share/ssl/certs/ca-bundle.crt",
"/etc/ssl/certs/ca-certificates.crt",
"/usr/local/ssl/certs/ca-bundle.crt",
}
return NULL;
#else
- return "put_what_s_needed_here";
+ return NULL;
#endif
}
r = gnutls_init(&session, GNUTLS_CLIENT);
if (session == NULL || r != 0)
return FALSE;
-
- gnutls_transport_set_lowat (session, 0);
- gnutls_set_default_priority(session);
- gnutls_priority_set_direct(session, "EXPORT", NULL);
+ if (method == 0)
+ gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2", NULL);
+ else
+ gnutls_priority_set_direct(session, "NORMAL", NULL);
gnutls_record_disable_padding(session);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
}
gnutls_certificate_set_verify_flags (xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
- gnutls_transport_set_ptr(session, (gnutls_transport_ptr) sockinfo->sock);
+ gnutls_transport_set_ptr(session, (gnutls_transport_ptr) GINT_TO_POINTER(sockinfo->sock));
gnutls_session_set_ptr(session, sockinfo);
gnutls_certificate_client_set_retrieve_function(xcred, gnutls_client_cert_cb);
r = gnutls_certificate_verify_peers2(session, &status);
- if (!ssl_certificate_check(cert, status, sockinfo->hostname, sockinfo->port)) {
+ if (r < 0 || !ssl_certificate_check(cert, status, sockinfo->hostname, sockinfo->port)) {
gnutls_x509_crt_deinit(cert);
gnutls_certificate_free_credentials(xcred);
gnutls_deinit(session);