Factorize SSL things in etpan

[claws.git] / src / etpan / nntp-thread.c

diff --git a/src/etpan/nntp-thread.c b/src/etpan/nntp-thread.c
index b775c0c9a003f815a2f7f7b59e97af3a69d59759..84a2f83d761b4527174805cec6047526bb06caf0 100644 (file)
--- a/src/etpan/nntp-thread.c
+++ b/src/etpan/nntp-thread.c
@@ -41,11 +41,14 @@
 #include <gtk/gtk.h>
 #include <log.h>
 #include "etpan-thread-manager.h"
 #include <gtk/gtk.h>
 #include <log.h>
 #include "etpan-thread-manager.h"

+#include "etpan-ssl.h"

 #include "utils.h"
 #include "mainwindow.h"
 #include "ssl_certificate.h"
 #include "socket.h"
 #include "remotefolder.h"
 #include "utils.h"
 #include "mainwindow.h"
 #include "ssl_certificate.h"
 #include "socket.h"
 #include "remotefolder.h"

+#include "main.h"
+#include "account.h"

 
 #define DISABLE_LOG_DURING_LOGIN
 
 
 #define DISABLE_LOG_DURING_LOGIN
 


@@ -96,12 +99,9 @@ static void nntp_logger(int direction, const char * str, size_t size)
 static void delete_nntp(Folder *folder, newsnntp *nntp)
 {
        chashdatum key;
 static void delete_nntp(Folder *folder, newsnntp *nntp)
 {
        chashdatum key;

-       chashdatum value;

 
        key.data = &folder;
        key.len = sizeof(folder);
 
        key.data = &folder;
        key.len = sizeof(folder);

-       value.data = nntp;
-       value.len = 0;

        chash_delete(session_hash, &key, NULL);
        
        key.data = &nntp;
        chash_delete(session_hash, &key, NULL);
        
        key.data = &nntp;


@@ -161,6 +161,7 @@ void nntp_main_init(gboolean skip_ssl_cert_check)
 
 void nntp_main_done(gboolean have_connectivity)
 {
 
 void nntp_main_done(gboolean have_connectivity)
 {

+       nntp_disconnect_all(have_connectivity);

        etpan_thread_manager_stop(thread_manager);
 #if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__)
        return;
        etpan_thread_manager_stop(thread_manager);
 #if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__)
        return;


@@ -373,79 +374,6 @@ int nntp_threaded_connect(Folder * folder, const char * server, int port)
        return result.error;
 }
 
        return result.error;
 }
 

-static int etpan_certificate_check(const unsigned char *certificate, int len, void *data)
-{
-#ifdef USE_GNUTLS
-       struct connect_param *param = (struct connect_param *)data;
-       gnutls_x509_crt cert = NULL;
-       gnutls_datum tmp;
-       
-       if (certificate == NULL || len < 0) {
-               g_warning("no cert presented.\n");
-               return 0;
-       }
-       
-       tmp.data = malloc(len);
-       memcpy(tmp.data, certificate, len);
-       tmp.size = len;
-       gnutls_x509_crt_init(&cert);
-       if (gnutls_x509_crt_import(cert, &tmp, GNUTLS_X509_FMT_DER) < 0) {
-               g_warning("nntp: can't get cert\n");
-               return 0;
-       } else if (ssl_certificate_check(cert, (guint)-1,
-               (gchar *)param->server, (gushort)param->port) == TRUE) {
-               gnutls_x509_crt_deinit(cert);
-               return 0;
-       } else {
-               gnutls_x509_crt_deinit(cert);
-               return -1;
-       }
-#endif
-       return 0;
-}
-
-static void connect_ssl_context_cb(struct mailstream_ssl_context * ssl_context, void * data)
-{
-#ifdef USE_GNUTLS
-       PrefsAccount *account = (PrefsAccount *)data;
-       const gchar *cert_path = NULL;
-       const gchar *password = NULL;
-       gnutls_x509_crt x509 = NULL;
-       gnutls_x509_privkey pkey = NULL;
-
-       if (account->in_ssl_client_cert_file && *account->in_ssl_client_cert_file)
-               cert_path = account->in_ssl_client_cert_file;
-       if (account->in_ssl_client_cert_pass && *account->in_ssl_client_cert_pass)
-               password = account->in_ssl_client_cert_pass;
-       
-       if (mailstream_ssl_set_client_certificate_data(ssl_context, NULL, 0) < 0 ||
-           mailstream_ssl_set_client_private_key_data(ssl_context, NULL, 0) < 0)
-               debug_print("Impossible to set the client certificate.\n");
-       x509 = ssl_certificate_get_x509_from_pem_file(cert_path);
-       pkey = ssl_certificate_get_pkey_from_pem_file(cert_path);
-       if (!(x509 && pkey)) {
-               /* try pkcs12 format */
-               ssl_certificate_get_x509_and_pkey_from_p12_file(cert_path, password, &x509, &pkey);
-       }
-       if (x509 && pkey) {
-               unsigned char *x509_der = NULL, *pkey_der = NULL;
-               size_t x509_len, pkey_len;
-               
-               x509_len = (size_t)gnutls_i2d_X509(x509, &x509_der);
-               pkey_len = (size_t)gnutls_i2d_PrivateKey(pkey, &pkey_der);
-               if (x509_len > 0 && pkey_len > 0) {
-                       if (mailstream_ssl_set_client_certificate_data(ssl_context, x509_der, x509_len) < 0 ||
-                           mailstream_ssl_set_client_private_key_data(ssl_context, pkey_der, pkey_len) < 0) 
-                               log_error(LOG_PROTOCOL, _("Impossible to set the client certificate.\n"));
-                       g_free(x509_der);
-                       g_free(pkey_der);
-               }
-               gnutls_x509_crt_deinit(x509);
-               gnutls_x509_privkey_deinit(pkey);
-       }
-#endif
-}
-

 static void connect_ssl_run(struct etpan_thread_op * op)
 {
        int r;
 static void connect_ssl_run(struct etpan_thread_op * op)
 {
        int r;


@@ -459,7 +387,7 @@ static void connect_ssl_run(struct etpan_thread_op * op)
 
        r = newsnntp_ssl_connect_with_callback(param->nntp,
                                 param->server, param->port,
 
        r = newsnntp_ssl_connect_with_callback(param->nntp,
                                 param->server, param->port,

-                                connect_ssl_context_cb, param->account);
+                                etpan_connect_ssl_context_cb, param->account);

        result->error = r;
 }
 
        result->error = r;
 }
 


@@ -470,8 +398,6 @@ int nntp_threaded_connect_ssl(Folder * folder, const char * server, int port)
        chashdatum key;
        chashdatum value;
        newsnntp * nntp, * oldnntp;
        chashdatum key;
        chashdatum value;
        newsnntp * nntp, * oldnntp;

-       unsigned char *certificate = NULL;
-       int cert_len;

        
        oldnntp = get_nntp(folder);
 
        
        oldnntp = get_nntp(folder);
 


@@ -497,11 +423,8 @@ int nntp_threaded_connect_ssl(Folder * folder, const char * server, int port)
        threaded_run(folder, &param, &result, connect_ssl_run);
 
        if (result.error == NEWSNNTP_NO_ERROR && !etpan_skip_ssl_cert_check) {
        threaded_run(folder, &param, &result, connect_ssl_run);
 
        if (result.error == NEWSNNTP_NO_ERROR && !etpan_skip_ssl_cert_check) {

-               cert_len = (int)mailstream_ssl_get_certificate(nntp->nntp_stream, &certificate);
-               if (etpan_certificate_check(certificate, cert_len, &param) < 0)
+               if (etpan_certificate_check(nntp->nntp_stream, server, port) < 0)

                        return -1;
                        return -1;

-               if (certificate) 
-                       free(certificate); 

        }
        debug_print("connect %d with nntp %p\n", result.error, nntp);
        
        }
        debug_print("connect %d with nntp %p\n", result.error, nntp);
        


@@ -774,7 +697,7 @@ int nntp_threaded_article(Folder * folder, guint32 num, char **contents, size_t
 
        threaded_run(folder, &param, &result, article_run);
        
 
        threaded_run(folder, &param, &result, article_run);
        

-       debug_print("nntp post - end\n");
+       debug_print("nntp article - end\n");

        
        return result.error;
 }
        
        return result.error;
 }


@@ -971,6 +894,11 @@ int nntp_threaded_xhdr(Folder * folder, const char *header, guint32 beg, guint32
        return result.error;
 }
 
        return result.error;
 }
 

+void nntp_main_set_timeout(int sec)
+{
+       mailstream_network_delay.tv_sec = sec;
+       mailstream_network_delay.tv_usec = 0;
+}

 
 #else
 
 
 #else