/*
* Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
- * Copyright (C) 1999-2001 Hiroyuki Yamamoto
+ * Copyright (C) 1999-2006 Hiroyuki Yamamoto
+ * This file Copyright (C) 2002-2005 Colin Leroy <colin@colino.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifdef HAVE_CONFIG_H
#include <openssl/ssl.h>
#include <glib.h>
+#include <glib/gi18n.h>
+
#include "ssl_certificate.h"
#include "utils.h"
-#include "intl.h"
#include "log.h"
#include "socket.h"
#include "hooks.h"
cert->host, ".", port, ".cert", NULL);
g_free(port);
- fp = fopen(file, "wb");
+ fp = g_fopen(file, "wb");
if (fp == NULL) {
g_free(file);
debug_print("Can't save certificate !\n");
fingerprint,
(sig_status==NULL ? "correct":sig_status));
- if (issuer_commonname)
- g_free(issuer_commonname);
- if (issuer_location)
- g_free(issuer_location);
- if (issuer_organization)
- g_free(issuer_organization);
- if (subject_commonname)
- g_free(subject_commonname);
- if (subject_location)
- g_free(subject_location);
- if (subject_organization)
- g_free(subject_organization);
- if (fingerprint)
- g_free(fingerprint);
- if (sig_status)
- g_free(sig_status);
+ g_free(issuer_commonname);
+ g_free(issuer_location);
+ g_free(issuer_organization);
+ g_free(subject_commonname);
+ g_free(subject_location);
+ g_free(subject_organization);
+ g_free(fingerprint);
+ g_free(sig_status);
return ret;
}
if (cert->x509_cert)
X509_free(cert->x509_cert);
- if (cert->host)
- g_free(cert->host);
+ g_free(cert->host);
g_free(cert);
cert = NULL;
}
file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
"certs", G_DIR_SEPARATOR_S,
cert->host, ".", buf, ".cert", NULL);
- unlink (file);
+ g_unlink (file);
g_free(buf);
g_free(file);
}
fqdn_host, ".", buf, ".cert", NULL);
g_free(buf);
- fp = fopen(file, "rb");
+ fp = g_fopen(file, "rb");
if (fp == NULL) {
g_free(file);
g_free(fqdn_host);
{
X509_STORE_CTX store_ctx;
X509_STORE *store;
- int ok = 0;
- char *cert_file = NULL;
char *err_msg = NULL;
store = X509_STORE_new();
printf("Can't create X509_STORE\n");
return NULL;
}
- if (X509_STORE_set_default_paths(store))
- ok++;
- if (X509_STORE_load_locations(store, cert_file, NULL))
- ok++;
-
- if (ok == 0) {
+ if (!X509_STORE_set_default_paths(store)) {
X509_STORE_free (store);
return g_strdup(_("Can't load X509 default paths"));
}
X509_STORE_CTX_init (&store_ctx, store, cert, NULL);
- ok = X509_verify_cert (&store_ctx);
-
- if (ok == 0) {
+
+ if(!X509_verify_cert (&store_ctx)) {
err_msg = g_strdup(X509_verify_cert_error_string(
X509_STORE_CTX_get_error(&store_ctx)));
debug_print("Can't check signer: %s\n", err_msg);
known_cert = ssl_certificate_find (host, port);
if (known_cert == NULL) {
- gboolean val;
gchar *err_msg, *cur_cert_str, *sig_status;
sig_status = ssl_certificate_check_signer(x509_cert);
-#if 0 /* disabled pref for now */
- if (sig_status == NULL && !prefs_common.ssl_ask_unknown_valid) {
- /* trust and accept silently if hostnames match */
- char *buf; /* don't free buf ! */
- if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509_cert),
- NID_commonName, buf, 100) >= 0)
- if (!strcmp(buf, current_cert->host)) {
- g_free(sig_status);
- ssl_certificate_save(current_cert);
- ssl_certificate_destroy(current_cert);
- return TRUE;
- }
- }
-#endif
g_free(sig_status);
cur_cert_str = ssl_certificate_to_string(current_cert);
cur_cert_str);
g_free (cur_cert_str);
-#if 0 /* disabled for now */
- if (prefs_common.no_recv_err_panel) {
- log_error(_("%s\n\nMail won't be retrieved on this account until you save the certificate.\n(Uncheck the \"%s\" preference).\n"),
- err_msg,
- _("Don't popup error dialog on receive error"));
- g_free(err_msg);
- return FALSE;
- }
-#endif
cert_hook_data.cert = current_cert;
cert_hook_data.old_cert = NULL;
cert_hook_data.accept = FALSE;
}
}
else if (!ssl_certificate_compare (current_cert, known_cert)) {
- gboolean val;
gchar *err_msg, *known_cert_str, *cur_cert_str;
known_cert_str = ssl_certificate_to_string(known_cert);
g_free (cur_cert_str);
g_free (known_cert_str);
-#if 0
- if (prefs_common.no_recv_err_panel) {
- log_error(_("%s\n\nMail won't be retrieved on this account until you save the certificate.\n(Uncheck the \"%s\" preference).\n"),
- err_msg,
- _("Don't popup error dialog on receive error"));
- g_free(err_msg);
- return FALSE;
- }
-#endif
cert_hook_data.cert = current_cert;
cert_hook_data.old_cert = known_cert;
cert_hook_data.accept = FALSE;