2012-09-19 [colin] 3.8.1cvs64

[claws.git] / src / common / ssl.c

diff --git a/src/common/ssl.c b/src/common/ssl.c
index 08e636b9be80ac168200702ed5c23c84a46633c9..e64be3b3889f6f14d10afc4a0fcb744ce953727b 100644 (file)
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -1,6 +1,6 @@
 /*
  * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
- * Copyright (C) 1999-2011 Hiroyuki Yamamoto and the Claws Mail team
+ * Copyright (C) 1999-2012 Hiroyuki Yamamoto and the Claws Mail team
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -19,6 +19,7 @@
 
 #ifdef HAVE_CONFIG_H
 #  include "config.h"
+#include "claws-features.h"
 #endif
 
 #ifdef USE_GNUTLS
@@ -104,6 +105,7 @@ const gchar *claws_ssl_get_cert_file(void)
        const char *cert_files[]={
                "/etc/pki/tls/certs/ca-bundle.crt",
                "/etc/certs/ca-bundle.crt",
+               "/etc/ssl/ca-bundle.pem",
                "/usr/share/ssl/certs/ca-bundle.crt",
                "/etc/ssl/certs/ca-certificates.crt",
                "/usr/local/ssl/certs/ca-bundle.crt",
@@ -150,7 +152,7 @@ const gchar *claws_ssl_get_cert_dir(void)
        }
        return NULL;
 #else
-       return "put_what_s_needed_here";
+       return NULL;
 #endif
 }
 
@@ -263,11 +265,11 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
        r = gnutls_init(&session, GNUTLS_CLIENT);
        if (session == NULL || r != 0)
                return FALSE;
-  
-       gnutls_transport_set_lowat (session, 0); 
-       gnutls_set_default_priority(session);
 
-       gnutls_priority_set_direct(session, "EXPORT", NULL);
+       if (method == 0)
+               gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2", NULL);
+       else
+               gnutls_priority_set_direct(session, "NORMAL", NULL);
        gnutls_record_disable_padding(session);
 
        gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -283,7 +285,7 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
        }
        gnutls_certificate_set_verify_flags (xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
 
-       gnutls_transport_set_ptr(session, (gnutls_transport_ptr) sockinfo->sock);
+       gnutls_transport_set_ptr(session, (gnutls_transport_ptr) GINT_TO_POINTER(sockinfo->sock));
        gnutls_session_set_ptr(session, sockinfo);
        gnutls_certificate_client_set_retrieve_function(xcred, gnutls_client_cert_cb);
 
@@ -311,7 +313,7 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
 
        r = gnutls_certificate_verify_peers2(session, &status);
 
-       if (!ssl_certificate_check(cert, status, sockinfo->hostname, sockinfo->port)) {
+       if (r < 0 || !ssl_certificate_check(cert, status, sockinfo->hostname, sockinfo->port)) {
                gnutls_x509_crt_deinit(cert);
                gnutls_certificate_free_credentials(xcred);
                gnutls_deinit(session);