/*
* Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
- * Copyright (C) 1999-2015 Colin Leroy <colin@colino.net>
- * and the Claws Mail team
+ * Copyright (C) 1999-2016 Colin Leroy and the Claws Mail team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
*/
#ifdef HAVE_CONFIG_H
#include "socket.h"
#include "hooks.h"
#include "defs.h"
+#include "file-utils.h"
static GHashTable *warned_expired = NULL;
static gchar *get_certificate_path(const gchar *host, const gchar *port, const gchar *fp)
{
- if (fp != NULL && prefs_common_unsafe_ssl_certs())
- return g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
- "certs", G_DIR_SEPARATOR_S,
- host, ".", port, ".", fp, ".cert", NULL);
- else
- return g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
- "certs", G_DIR_SEPARATOR_S,
- host, ".", port, ".cert", NULL);
+ gchar *ret;
+ gchar *filename;
+
+ if (fp != NULL && prefs_common_unsafe_ssl_certs()) {
+ filename = g_strconcat(host, ".", port, ".", fp, ".cert", NULL);
+ } else {
+ filename = g_strconcat(host, ".", port, ".cert", NULL);
+ }
+ subst_for_filename(filename);
+
+ ret = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
+ "certs", G_DIR_SEPARATOR_S,
+ filename, NULL);
+
+ g_free(filename);
+ return ret;
}
static gchar *get_certificate_chain_path(const gchar *host, const gchar *port, const gchar *fp)
size = 0;
if (gnutls_x509_crt_init(&dest) != 0) {
- g_warning("couldn't gnutls_x509_crt_init\n");
+ g_warning("couldn't gnutls_x509_crt_init");
return NULL;
}
if (gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, NULL, &size)
!= GNUTLS_E_SHORT_MEMORY_BUFFER) {
- g_warning("couldn't gnutls_x509_crt_export to get size\n");
+ g_warning("couldn't gnutls_x509_crt_export to get size");
gnutls_x509_crt_deinit(dest);
return NULL;
}
tmp.size = size;
ret = gnutls_x509_crt_import(dest, &tmp, GNUTLS_X509_FMT_DER);
if (ret) {
- g_warning("couldn't gnutls_x509_crt_import for real (%d %s)\n", ret, gnutls_strerror(ret));
+ g_warning("couldn't gnutls_x509_crt_import for real (%d %s)", ret, gnutls_strerror(ret));
gnutls_x509_crt_deinit(dest);
dest = NULL;
}
} else {
- g_warning("couldn't gnutls_x509_crt_export for real (%d %s)\n", ret, gnutls_strerror(ret));
+ g_warning("couldn't gnutls_x509_crt_export for real (%d %s)", ret, gnutls_strerror(ret));
gnutls_x509_crt_deinit(dest);
dest = NULL;
}
int r;
if ((r = gnutls_x509_crt_export(x509_cert, format, output, &cert_size)) < 0) {
- g_warning("couldn't export cert %s (%zd)\n", gnutls_strerror(r), cert_size);
+ g_warning("couldn't export cert %s (%"G_GSIZE_FORMAT")", gnutls_strerror(r), cert_size);
return;
}
-
+#ifdef G_OS_WIN32
+ debug_print("writing %Iu bytes\n",cert_size);
+#else
debug_print("writing %zd bytes\n",cert_size);
- if (fwrite(&output, 1, cert_size, fp) < cert_size) {
- g_warning("failed to write cert: %d %s\n", errno, g_strerror(errno));
+#endif
+ if (claws_fwrite(&output, 1, cert_size, fp) < cert_size) {
+ g_warning("failed to write cert: %d %s", errno, g_strerror(errno));
}
}
*output = malloc(cert_size);
if ((r = gnutls_x509_crt_export(x509_cert, GNUTLS_X509_FMT_DER, *output, &cert_size)) < 0) {
- g_warning("couldn't export cert %s (%zd)\n", gnutls_strerror(r), cert_size);
+ g_warning("couldn't export cert %s (%"G_GSIZE_FORMAT")", gnutls_strerror(r), cert_size);
free(*output);
*output = NULL;
return 0;
*output = malloc(key_size);
if ((r = gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER, *output, &key_size)) < 0) {
- g_warning("couldn't export key %s (%zd)\n", gnutls_strerror(r), key_size);
+ g_warning("couldn't export key %s (%"G_GSIZE_FORMAT")", gnutls_strerror(r), key_size);
free(*output);
*output = NULL;
return 0;
tmp.data = malloc(s.st_size);
memset(tmp.data, 0, s.st_size);
tmp.size = s.st_size;
- if (fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
- perror("fread");
+ if (claws_fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
+ perror("claws_fread");
free(tmp.data);
free(crt_list);
return -EIO;
tmp.data = malloc(s.st_size);
memset(tmp.data, 0, s.st_size);
tmp.size = s.st_size;
- if (fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
- perror("fread");
+ if (claws_fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
+ perror("claws_fread");
free(tmp.data);
return NULL;
}
tmp.data = malloc(s.st_size);
memset(tmp.data, 0, s.st_size);
tmp.size = s.st_size;
- if (fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
+ if (claws_fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
log_error(LOG_PROTOCOL, _("Cannot read P12 certificate file (%s)\n"),
g_strerror(errno));
free(tmp.data);
file = get_certificate_path(cert->host, port, cert->fingerprint);
g_free(port);
- fp = g_fopen(file, "wb");
+ fp = claws_fopen(file, "wb");
if (fp == NULL) {
g_free(file);
debug_print("Can't save certificate !\n");
gnutls_export_X509_fp(fp, cert->x509_cert, GNUTLS_X509_FMT_DER);
g_free(file);
- fclose(fp);
+ claws_safe_fclose(fp);
}
if (fingerprint != NULL) {
file = get_certificate_path(host, buf, fingerprint);
- fp = g_fopen(file, "rb");
+ fp = claws_fopen(file, "rb");
}
if (fp == NULL) {
/* see if we have the old one */
debug_print("didn't get %s\n", file);
g_free(file);
file = get_certificate_path(host, buf, NULL);
- fp = g_fopen(file, "rb");
+ fp = claws_fopen(file, "rb");
if (fp) {
debug_print("got %s\n", file);
gnutls_x509_crt_deinit(tmp_x509);
}
- fclose(fp);
+ claws_fclose(fp);
g_free(file);
if (must_rename) {
if ((r = gnutls_x509_crt_export(cert_a->x509_cert, GNUTLS_X509_FMT_DER, NULL, &cert_size_a))
!= GNUTLS_E_SHORT_MEMORY_BUFFER) {
- g_warning("couldn't gnutls_x509_crt_export to get size a %s\n", gnutls_strerror(r));
+ g_warning("couldn't gnutls_x509_crt_export to get size a %s", gnutls_strerror(r));
return FALSE;
}
if ((r = gnutls_x509_crt_export(cert_b->x509_cert, GNUTLS_X509_FMT_DER, NULL, &cert_size_b))
!= GNUTLS_E_SHORT_MEMORY_BUFFER) {
- g_warning("couldn't gnutls_x509_crt_export to get size b %s\n", gnutls_strerror(r));
+ g_warning("couldn't gnutls_x509_crt_export to get size b %s", gnutls_strerror(r));
return FALSE;
}
output_a = g_malloc(cert_size_a);
output_b = g_malloc(cert_size_b);
if ((r = gnutls_x509_crt_export(cert_a->x509_cert, GNUTLS_X509_FMT_DER, output_a, &cert_size_a)) < 0) {
- g_warning("couldn't gnutls_x509_crt_export a %s\n", gnutls_strerror(r));
+ g_warning("couldn't gnutls_x509_crt_export a %s", gnutls_strerror(r));
g_free(output_a);
g_free(output_b);
return FALSE;
}
if ((r = gnutls_x509_crt_export(cert_b->x509_cert, GNUTLS_X509_FMT_DER, output_b, &cert_size_b)) < 0) {
- g_warning("couldn't gnutls_x509_crt_export b %s\n", gnutls_strerror(r));
+ g_warning("couldn't gnutls_x509_crt_export b %s", gnutls_strerror(r));
g_free(output_a);
g_free(output_b);
return FALSE;
}
if (cert_size_a != cert_size_b) {
- g_warning("size differ %zd %zd\n", cert_size_a, cert_size_b);
+ g_warning("size differ %"G_GSIZE_FORMAT" %"G_GSIZE_FORMAT, cert_size_a, cert_size_b);
g_free(output_a);
g_free(output_b);
return FALSE;
}
if (memcmp(output_a, output_b, cert_size_a)) {
- g_warning("contents differ\n");
+ g_warning("contents differ");
g_free(output_a);
g_free(output_b);
return FALSE;
FILE *fp;
if (claws_ssl_get_cert_file())
- fp = g_fopen(claws_ssl_get_cert_file(), "r");
+ fp = claws_fopen(claws_ssl_get_cert_file(), "r");
else
return (guint)-1;
if ((r = gnutls_import_X509_list_fp(fp, GNUTLS_X509_FMT_PEM, &ca_list, &max_ca)) < 0) {
debug_print("CA import failed: %s\n", gnutls_strerror(r));
- fclose(fp);
+ claws_fclose(fp);
return (guint)-1;
}
- fclose(fp);
+ claws_fclose(fp);
fp = NULL;
buf = g_strdup_printf("%d", cert->port);
g_free(buf);
if (is_file_exist(chain_file)) {
unsigned char md[128];
- size_t n;
+ size_t n = 128;
char *fingerprint;
- fp = g_fopen(chain_file, "r");
+ fp = claws_fopen(chain_file, "r");
if (fp == NULL) {
- debug_print("fopen %s failed: %s\n", chain_file, g_strerror(errno));
+ debug_print("claws_fopen %s failed: %s\n", chain_file, g_strerror(errno));
g_free(chain_file);
return (guint)-1;
}
if ((r = gnutls_import_X509_list_fp(fp, GNUTLS_X509_FMT_PEM, &chain, &max_certs)) < 0) {
debug_print("chain import failed: %s\n", gnutls_strerror(r));
- fclose(fp);
+ claws_fclose(fp);
g_free(chain_file);
return (guint)-1;
}
g_free(chain_file);
- fclose(fp);
+ claws_fclose(fp);
fp = NULL;
gnutls_x509_crt_get_fingerprint(chain[0], GNUTLS_DIG_MD5, md, &n);
fingerprint = readable_fingerprint(md, n);
if (!fingerprint || strcmp(fingerprint, cert->fingerprint)) {
- debug_print("Saved chain fingerprint does not match current : %s / %s",
+ debug_print("saved chain fingerprint does not match current : %s / %s\n",
cert->fingerprint, fingerprint);
return (guint)-1;
size_t n;
unsigned char md[128];
gnutls_x509_crt_t cert = certs[i];
- gchar *fingerprint;
if (i == 0) {
n = sizeof(md);
gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_MD5, md, &n);
- fingerprint = readable_fingerprint(md, n);
+ gchar *fingerprint = readable_fingerprint(md, n);
gchar *buf = g_strdup_printf("%d", port);
file = get_certificate_chain_path(host, buf, fingerprint);
+ g_free(fingerprint);
g_free(buf);
- fp = g_fopen(file, "wb");
+ fp = claws_fopen(file, "wb");
if (fp == NULL) {
g_free(file);
debug_print("Can't save certificate !\n");
}
if (fp)
- fclose(fp);
+ claws_safe_fclose(fp);
}
gboolean ssl_certificate_check (gnutls_x509_crt_t x509_cert, guint status,
gint status;
if (claws_ssl_get_cert_file()) {
- FILE *fp = g_fopen(claws_ssl_get_cert_file(), "rb");
+ FILE *fp = claws_fopen(claws_ssl_get_cert_file(), "rb");
int r = -errno;
if (fp) {
r = gnutls_import_X509_list_fp(fp, GNUTLS_X509_FMT_PEM, &cas, &ncas);
- fclose(fp);
+ claws_fclose(fp);
}
if (r < 0)
- g_warning("Can't read SSL_CERT_FILE %s: %s\n",
+ g_warning("Can't read SSL_CERT_FILE '%s': %s",
claws_ssl_get_cert_file(),
gnutls_strerror(r));
} else {
return NULL;
if (is_file_exist(file)) {
- FILE *fp = g_fopen(file, "r");
+ FILE *fp = claws_fopen(file, "r");
if (fp) {
x509 = gnutls_import_X509_fp(fp, GNUTLS_X509_FMT_PEM);
- fclose(fp);
+ claws_fclose(fp);
return x509;
} else {
log_error(LOG_PROTOCOL, _("Cannot open certificate file %s: %s\n"),
return NULL;
if (is_file_exist(file)) {
- FILE *fp = g_fopen(file, "r");
+ FILE *fp = claws_fopen(file, "r");
if (fp) {
key = gnutls_import_key_fp(fp, GNUTLS_X509_FMT_PEM);
- fclose(fp);
+ claws_fclose(fp);
return key;
} else {
log_error(LOG_PROTOCOL, _("Cannot open key file %s (%s)\n"),
return;
if (is_file_exist(file)) {
- FILE *fp = g_fopen(file, "r");
+ FILE *fp = claws_fopen(file, "r");
if (fp) {
p12 = gnutls_import_PKCS12_fp(fp, GNUTLS_X509_FMT_DER);
- fclose(fp);
+ claws_fclose(fp);
if (!p12) {
log_error(LOG_PROTOCOL, _("Failed to read P12 certificate file %s\n"), file);
}