/*
- * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
- * Copyright (C) 1999-2006 Hiroyuki Yamamoto
- * This file Copyright (C) 2002-2005 Colin Leroy <colin@colino.net>
+ * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
+ * Copyright (C) 1999-2009 Colin Leroy <colin@colino.net>
+ * and the Claws Mail team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
-#if USE_OPENSSL
+#ifdef USE_GNUTLS
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
-#include <openssl/ssl.h>
#include <glib.h>
#include <glib/gi18n.h>
#include <gtk/gtk.h>
#include "prefs_common.h"
+#include "defs.h"
#include "ssl_certificate.h"
#include "utils.h"
#include "alertpanel.h"
#include "hooks.h"
-gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert);
-gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert);
-gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert);
+static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert);
+static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert);
+static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert);
-GtkWidget *cert_presenter(SSLCertificate *cert)
+static GtkWidget *cert_presenter(SSLCertificate *cert)
{
GtkWidget *vbox = NULL;
GtkWidget *hbox = NULL;
GtkTable *status_table = NULL;
GtkWidget *label = NULL;
- char buf[100];
char *issuer_commonname, *issuer_location, *issuer_organization;
char *subject_commonname, *subject_location, *subject_organization;
- char *fingerprint, *sig_status, *exp_date;
- unsigned int n;
- unsigned char md[EVP_MAX_MD_SIZE];
- ASN1_TIME *validity;
+ char *sig_status, *exp_date;
+ char *md5_fingerprint, *sha1_fingerprint, *fingerprint;
+ size_t n;
+ char buf[100];
+ unsigned char md[128];
+ char *tmp;
time_t exp_time_t;
+ struct tm lt;
/* issuer */
- if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
- NID_commonName, buf, 100) >= 0)
- issuer_commonname = g_strdup(buf);
- else
- issuer_commonname = g_strdup(_("<not in certificate>"));
- if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
- NID_localityName, buf, 100) >= 0) {
- issuer_location = g_strdup(buf);
- if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
- NID_countryName, buf, 100) >= 0)
- issuer_location = g_strconcat(issuer_location,", ",buf, NULL);
- } else if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
- NID_countryName, buf, 100) >= 0)
- issuer_location = g_strdup(buf);
- else
- issuer_location = g_strdup(_("<not in certificate>"));
-
- if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
- NID_organizationName, buf, 100) >= 0)
- issuer_organization = g_strdup(buf);
- else
- issuer_organization = g_strdup(_("<not in certificate>"));
-
- /* subject */
- if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
- NID_commonName, buf, 100) >= 0)
- subject_commonname = g_strdup(buf);
- else
- subject_commonname = g_strdup(_("<not in certificate>"));
- if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
- NID_localityName, buf, 100) >= 0) {
- subject_location = g_strdup(buf);
- if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
- NID_countryName, buf, 100) >= 0)
- subject_location = g_strconcat(subject_location,", ",buf, NULL);
- } else if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
- NID_countryName, buf, 100) >= 0)
- subject_location = g_strdup(buf);
- else
- subject_location = g_strdup(_("<not in certificate>"));
-
- if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
- NID_organizationName, buf, 100) >= 0)
- subject_organization = g_strdup(buf);
- else
- subject_organization = g_strdup(_("<not in certificate>"));
-
- if ((validity = X509_get_notAfter(cert->x509_cert)) != NULL) {
- exp_time_t = asn1toTime(validity);
+ issuer_commonname = g_malloc(BUFFSIZE);
+ issuer_location = g_malloc(BUFFSIZE);
+ issuer_organization = g_malloc(BUFFSIZE);
+ subject_commonname = g_malloc(BUFFSIZE);
+ subject_location = g_malloc(BUFFSIZE);
+ subject_organization = g_malloc(BUFFSIZE);
+
+ n = BUFFSIZE;
+ if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert,
+ GNUTLS_OID_X520_COMMON_NAME, 0, 0, issuer_commonname, &n))
+ strncpy(issuer_commonname, _("<not in certificate>"), BUFFSIZE);
+ n = BUFFSIZE;
+
+ if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert,
+ GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, issuer_location, &n)) {
+ if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert,
+ GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, issuer_location, &n)) {
+ strncpy(issuer_location, _("<not in certificate>"), BUFFSIZE);
+ }
} else {
- exp_time_t = (time_t)0;
+ tmp = g_malloc(BUFFSIZE);
+ if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert,
+ GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, tmp, &n) == 0) {
+ strncat(issuer_location, ", ", BUFFSIZE-strlen(issuer_location));
+ strncat(issuer_location, tmp, BUFFSIZE-strlen(issuer_location));
+ }
+ g_free(tmp);
}
-
+
+ n = BUFFSIZE;
+ if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert,
+ GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, issuer_organization, &n))
+ strncpy(issuer_organization, _("<not in certificate>"), BUFFSIZE);
+
+ n = BUFFSIZE;
+ if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert,
+ GNUTLS_OID_X520_COMMON_NAME, 0, 0, subject_commonname, &n))
+ strncpy(subject_commonname, _("<not in certificate>"), BUFFSIZE);
+ n = BUFFSIZE;
+
+ if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert,
+ GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, subject_location, &n)) {
+ if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert,
+ GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, subject_location, &n)) {
+ strncpy(subject_location, _("<not in certificate>"), BUFFSIZE);
+ }
+ } else {
+ tmp = g_malloc(BUFFSIZE);
+ if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert,
+ GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, tmp, &n) == 0) {
+ strncat(subject_location, ", ", BUFFSIZE-strlen(subject_location));
+ strncat(subject_location, tmp, BUFFSIZE-strlen(subject_location));
+ }
+ g_free(tmp);
+ }
+
+ n = BUFFSIZE;
+ if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert,
+ GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, subject_organization, &n))
+ strncpy(subject_organization, _("<not in certificate>"), BUFFSIZE);
+
+ exp_time_t = gnutls_x509_crt_get_expiration_time(cert->x509_cert);
+
memset(buf, 0, sizeof(buf));
- strftime(buf, sizeof(buf)-1, prefs_common.date_format, localtime(&exp_time_t));
- exp_date = buf? g_strdup(buf):g_strdup("?");
+ if (exp_time_t > 0) {
+ fast_strftime(buf, sizeof(buf)-1, prefs_common.date_format, localtime_r(&exp_time_t, <));
+ exp_date = (*buf) ? g_strdup(buf):g_strdup("?");
+ } else
+ exp_date = g_strdup("");
/* fingerprint */
- X509_digest(cert->x509_cert, EVP_md5(), md, &n);
- fingerprint = readable_fingerprint(md, (int)n);
+ n = 128;
+ gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_MD5, md, &n);
+ md5_fingerprint = readable_fingerprint(md, (int)n);
+ n = 128;
+ gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA1, md, &n);
+ sha1_fingerprint = readable_fingerprint(md, (int)n);
/* signature */
- sig_status = ssl_certificate_check_signer(cert->x509_cert);
+ sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
vbox = gtk_vbox_new(FALSE, 5);
hbox = gtk_hbox_new(FALSE, 5);
gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
gtk_table_attach(owner_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
label = gtk_label_new(subject_commonname);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_table_attach(owner_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
gtk_table_attach(owner_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
label = gtk_label_new(subject_organization);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_table_attach(owner_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
gtk_table_attach(owner_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
label = gtk_label_new(subject_location);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_table_attach(owner_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
gtk_table_attach(signer_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
label = gtk_label_new(issuer_commonname);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_table_attach(signer_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
gtk_table_attach(signer_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
label = gtk_label_new(issuer_organization);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_table_attach(signer_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
gtk_table_attach(signer_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
label = gtk_label_new(issuer_location);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_table_attach(signer_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
- label = gtk_label_new(_("Fingerprint: "));
+ label = gtk_label_new(_("Fingerprint: \n"));
gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
gtk_table_attach(status_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
+ fingerprint = g_strdup_printf("MD5: %s\nSHA1: %s",
+ md5_fingerprint, sha1_fingerprint);
label = gtk_label_new(fingerprint);
+ g_free(fingerprint);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_table_attach(status_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
label = gtk_label_new(_("Signature status: "));
gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
gtk_table_attach(status_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
label = gtk_label_new(sig_status);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_table_attach(status_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
label = gtk_label_new(_("Expires on: "));
gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
gtk_table_attach(status_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
label = gtk_label_new(exp_date);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_table_attach(status_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
g_free(subject_commonname);
g_free(subject_location);
g_free(subject_organization);
- g_free(fingerprint);
+ g_free(md5_fingerprint);
+ g_free(sha1_fingerprint);
g_free(sig_status);
g_free(exp_date);
return vbox;
static gboolean sslcert_ask_hook(gpointer source, gpointer data)
{
SSLCertHookData *hookdata = (SSLCertHookData *)source;
+
if (hookdata == NULL) {
return FALSE;
}
+
+ if (prefs_common.skip_ssl_cert_check) {
+ hookdata->accept = TRUE;
+ return TRUE;
+ }
+
if (hookdata->old_cert == NULL) {
if (hookdata->expired)
hookdata->accept = sslcertwindow_ask_expired_cert(hookdata->cert);
g_free(buf);
}
-gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert)
+static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert)
{
gchar *buf, *sig_status;
AlertValue val;
gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
g_free(buf);
- sig_status = ssl_certificate_check_signer(cert->x509_cert);
-
+ sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
buf = g_strdup_printf(_("Signature status: %s"), sig_status);
label = gtk_label_new(buf);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
g_free(buf);
return (val == G_ALERTALTERNATE);
}
-gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert)
+static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert)
{
gchar *buf, *sig_status;
AlertValue val;
gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
g_free(buf);
- sig_status = ssl_certificate_check_signer(cert->x509_cert);
+ sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
buf = g_strdup_printf(_("Signature status: %s"), sig_status);
label = gtk_label_new(buf);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
g_free(buf);
return (val == G_ALERTALTERNATE);
}
-gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert)
+static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert)
{
GtkWidget *old_cert_widget = cert_presenter(old_cert);
GtkWidget *new_cert_widget = cert_presenter(new_cert);
gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
g_free(buf);
- sig_status = ssl_certificate_check_signer(new_cert->x509_cert);
+ sig_status = ssl_certificate_check_signer(new_cert->x509_cert, new_cert->status);
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
buf = g_strdup_printf(_("Signature status: %s"), sig_status);
label = gtk_label_new(buf);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
g_free(buf);