/*
* Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
- * Copyright (C) 1999-2007 Colin Leroy <colin@colino.net>
+ * Copyright (C) 1999-2009 Colin Leroy <colin@colino.net>
* and the Claws Mail team
*
* This program is free software; you can redistribute it and/or modify
# include "config.h"
#endif
-#if (defined(USE_OPENSSL) || defined (USE_GNUTLS))
+#ifdef USE_GNUTLS
-#if USE_OPENSSL
-#include <openssl/ssl.h>
-#else
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
-#endif
+
#include <glib.h>
#include <glib/gi18n.h>
#include <gtk/gtk.h>
char *subject_commonname, *subject_location, *subject_organization;
char *sig_status, *exp_date;
char *md5_fingerprint, *sha1_fingerprint, *fingerprint;
- unsigned int n;
+ size_t n;
char buf[100];
unsigned char md[128];
-#if USE_OPENSSL
- ASN1_TIME *validity;
-#else
char *tmp;
-#endif
time_t exp_time_t;
struct tm lt;
/* issuer */
-#if USE_OPENSSL
- if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
- NID_commonName, buf, 100) >= 0)
- issuer_commonname = g_strdup(buf);
- else
- issuer_commonname = g_strdup(_("<not in certificate>"));
- if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
- NID_localityName, buf, 100) >= 0) {
- issuer_location = g_strdup(buf);
- if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
- NID_countryName, buf, 100) >= 0)
- issuer_location = g_strconcat(issuer_location,", ",buf, NULL);
- } else if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
- NID_countryName, buf, 100) >= 0)
- issuer_location = g_strdup(buf);
- else
- issuer_location = g_strdup(_("<not in certificate>"));
-
- if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert),
- NID_organizationName, buf, 100) >= 0)
- issuer_organization = g_strdup(buf);
- else
- issuer_organization = g_strdup(_("<not in certificate>"));
-
- /* subject */
- if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
- NID_commonName, buf, 100) >= 0)
- subject_commonname = g_strdup(buf);
- else
- subject_commonname = g_strdup(_("<not in certificate>"));
- if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
- NID_localityName, buf, 100) >= 0) {
- subject_location = g_strdup(buf);
- if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
- NID_countryName, buf, 100) >= 0)
- subject_location = g_strconcat(subject_location,", ",buf, NULL);
- } else if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
- NID_countryName, buf, 100) >= 0)
- subject_location = g_strdup(buf);
- else
- subject_location = g_strdup(_("<not in certificate>"));
-
- if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert),
- NID_organizationName, buf, 100) >= 0)
- subject_organization = g_strdup(buf);
- else
- subject_organization = g_strdup(_("<not in certificate>"));
-
- if ((validity = X509_get_notAfter(cert->x509_cert)) != NULL) {
- exp_time_t = asn1toTime(validity);
- } else {
- exp_time_t = (time_t)0;
- }
-#else
issuer_commonname = g_malloc(BUFFSIZE);
issuer_location = g_malloc(BUFFSIZE);
issuer_organization = g_malloc(BUFFSIZE);
strncpy(subject_organization, _("<not in certificate>"), BUFFSIZE);
exp_time_t = gnutls_x509_crt_get_expiration_time(cert->x509_cert);
-#endif
memset(buf, 0, sizeof(buf));
- strftime(buf, sizeof(buf)-1, prefs_common.date_format, localtime_r(&exp_time_t, <));
- exp_date = (*buf) ? g_strdup(buf):g_strdup("?");
+ if (exp_time_t > 0) {
+ fast_strftime(buf, sizeof(buf)-1, prefs_common.date_format, localtime_r(&exp_time_t, <));
+ exp_date = (*buf) ? g_strdup(buf):g_strdup("?");
+ } else
+ exp_date = g_strdup("");
/* fingerprint */
-#if USE_OPENSSL
- X509_digest(cert->x509_cert, EVP_md5(), md, &n);
- md5_fingerprint = readable_fingerprint(md, (int)n);
- X509_digest(cert->x509_cert, EVP_sha1(), md, &n);
- sha1_fingerprint = readable_fingerprint(md, (int)n);
-
- /* signature */
- sig_status = ssl_certificate_check_signer(cert->x509_cert);
-#else
n = 128;
gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_MD5, md, &n);
md5_fingerprint = readable_fingerprint(md, (int)n);
+ n = 128;
gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA1, md, &n);
sha1_fingerprint = readable_fingerprint(md, (int)n);
/* signature */
sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
-#endif
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
vbox = gtk_vbox_new(FALSE, 5);
hbox = gtk_hbox_new(FALSE, 5);
{
SSLCertHookData *hookdata = (SSLCertHookData *)source;
- if (prefs_common.skip_ssl_cert_check)
- return TRUE;
-
if (hookdata == NULL) {
return FALSE;
}
+
+ if (prefs_common.skip_ssl_cert_check) {
+ hookdata->accept = TRUE;
+ return TRUE;
+ }
+
if (hookdata->old_cert == NULL) {
if (hookdata->expired)
hookdata->accept = sslcertwindow_ask_expired_cert(hookdata->cert);
gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
g_free(buf);
-#if USE_OPENSSL
- sig_status = ssl_certificate_check_signer(cert->x509_cert);
-#else
sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
-#endif
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
buf = g_strdup_printf(_("Signature status: %s"), sig_status);
label = gtk_label_new(buf);
gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
g_free(buf);
-#if USE_OPENSSL
- sig_status = ssl_certificate_check_signer(cert->x509_cert);
-#else
sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
-#endif
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
buf = g_strdup_printf(_("Signature status: %s"), sig_status);
label = gtk_label_new(buf);
gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
g_free(buf);
-#if USE_OPENSSL
- sig_status = ssl_certificate_check_signer(new_cert->x509_cert);
-#else
sig_status = ssl_certificate_check_signer(new_cert->x509_cert, new_cert->status);
-#endif
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
buf = g_strdup_printf(_("Signature status: %s"), sig_status);
label = gtk_label_new(buf);