2006-02-17 [colin] 2.0.0cvs61

	* src/imap.c
	* src/etpan/imap-thread.c
	* src/etpan/imap-thread.h
		Check for IMAP certificates
		** Requires libetpan-0.42-cvs4
		** http://claws.sylpheed.org/snapshots/libetpan-0.42cvs4.tar.gz

diff --git a/ChangeLog b/ChangeLog
index 025fe9bba00f2385ed8974e084e920c673febb47..b7bb5b019b0860f92fa3bab6221d3199889349eb 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2006-02-17 [colin]     2.0.0cvs61
+
+       * src/imap.c
+       * src/etpan/imap-thread.c
+       * src/etpan/imap-thread.h
+               Check for IMAP certificates
+               ** Requires libetpan-0.42-cvs4 
+               ** http://claws.sylpheed.org/snapshots/libetpan-0.42cvs4.tar.gz
+
 2006-02-17 [cleroy]    2.0.0cvs60
 
        * src/messageview.c

diff --git a/PATCHSETS b/PATCHSETS
index b8941bf3a19bb990ba4303a77a9c690457495c56..1e7c4c225a4d9dfc432131b89b777d6d1cbe82a7 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
@@ -1244,3 +1244,4 @@
 ( cvs diff -u -r 1.9.2.36 -r 1.9.2.37 src/gtk/gtkaspell.c;  cvs diff -u -r 1.5.2.4 -r 1.5.2.5 src/gtk/gtkaspell.h;  cvs diff -u -r 1.5.2.18 -r 1.5.2.19 src/prefs_spelling.c;  cvs diff -u -r 1.382.2.241 -r 1.382.2.242 src/compose.c;  cvs diff -u -r 1.204.2.75 -r 1.204.2.76 src/prefs_common.c;  cvs diff -u -r 1.103.2.40 -r 1.103.2.41 src/prefs_common.h;  ) > 2.0.0cvs58.patchset
 ( cvs diff -u -r 1.115.2.75 -r 1.115.2.76 src/main.c;  cvs diff -u -r 1.13.2.16 -r 1.13.2.17 src/common/plugin.c;  cvs diff -u -r 1.5.2.4 -r 1.5.2.5 src/common/plugin.h;  cvs diff -u -r 1.5.2.26 -r 1.5.2.27 src/gtk/pluginwindow.c;  ) > 2.0.0cvs59.patchset
 ( cvs diff -u -r 1.94.2.76 -r 1.94.2.77 src/messageview.c;  cvs diff -u -r 1.204.2.76 -r 1.204.2.77 src/prefs_common.c;  cvs diff -u -r 1.103.2.41 -r 1.103.2.42 src/prefs_common.h;  cvs diff -u -r 1.1.2.11 -r 1.1.2.12 src/prefs_message.c;  ) > 2.0.0cvs60.patchset
+( cvs diff -u -r 1.179.2.92 -r 1.179.2.93 src/imap.c;  cvs diff -u -r 1.1.4.28 -r 1.1.4.29 src/etpan/imap-thread.c;  cvs diff -u -r 1.1.4.7 -r 1.1.4.8 src/etpan/imap-thread.h;  ) > 2.0.0cvs61.patchset

diff --git a/configure.ac b/configure.ac
index ee7c60d1eabf6f297e965245c9ae15ec1d09d9d8..22d8d08837748ca815f5b163c73a8d63c21a46ee 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -11,7 +11,7 @@ MINOR_VERSION=0
 MICRO_VERSION=0
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=60
+EXTRA_VERSION=61
 EXTRA_RELEASE=
 EXTRA_GTK2_VERSION=
 

diff --git a/src/etpan/imap-thread.c b/src/etpan/imap-thread.c
index 212e6cd40755458b3ac1c5c8c1802fbc57f721e3..c7c3859f002237879c7e619aecaf72258268098b 100644 (file)
--- a/src/etpan/imap-thread.c
+++ b/src/etpan/imap-thread.c
@@ -19,6 +19,7 @@
 #include <log.h>
 #include "etpan-thread-manager.h"
 #include "utils.h"
+#include "ssl_certificate.h"
 
 #define DISABLE_LOG_DURING_LOGIN
 
@@ -284,6 +285,30 @@ int imap_threaded_connect(Folder * folder, const char * server, int port)
        return result.error;
 }
 
+static int etpan_certificate_check(unsigned char *certificate, int len, void *data)
+{
+#ifdef USE_OPENSSL
+       struct connect_param *param = (struct connect_param *)data;
+       X509 *cert = NULL;
+
+       if (certificate == NULL || len < 0) {
+               g_warning("no cert presented.\n");
+               return 0;
+       }
+       cert = d2i_X509(NULL, &certificate, len);
+       if (cert == NULL) {
+               g_warning("can't get cert\n");
+               return 0;
+       } else if (ssl_certificate_check(cert, 
+               (gchar *)param->server, param->port) == TRUE) {
+               return 0;
+       } else {
+               return -1;
+       }
+#else
+       return 0;
+#endif
+}
 
 static void connect_ssl_run(struct etpan_thread_op * op)
 {
@@ -296,7 +321,6 @@ static void connect_ssl_run(struct etpan_thread_op * op)
        
        r = mailimap_ssl_connect(param->imap,
                                 param->server, param->port);
-       
        result->error = r;
 }
 
@@ -307,7 +331,9 @@ int imap_threaded_connect_ssl(Folder * folder, const char * server, int port)
        chashdatum key;
        chashdatum value;
        mailimap * imap;
-       
+       unsigned char *certificate;
+       int cert_len;
+
        imap = mailimap_new(0, NULL);
        
        key.data = &folder;
@@ -322,6 +348,13 @@ int imap_threaded_connect_ssl(Folder * folder, const char * server, int port)
        
        threaded_run(folder, &param, &result, connect_ssl_run);
        
+       if (result.error >= 0) {
+               cert_len = mailstream_ssl_get_certificate(imap->imap_stream, &certificate);
+               if (etpan_certificate_check(certificate, cert_len, &param) < 0)
+                       return -1;
+               if (certificate) 
+                       free(certificate); 
+       }
        debug_print("connect %d\n", result.error);
        
        return result.error;
@@ -669,20 +702,16 @@ int imap_threaded_noop(Folder * folder, unsigned int * p_exists)
 }
 
 
-struct starttls_param {
-       mailimap * imap;
-};
-
 struct starttls_result {
        int error;
 };
 
 static void starttls_run(struct etpan_thread_op * op)
 {
-       struct starttls_param * param;
+       struct connect_param * param;
        struct starttls_result * result;
        int r;
-       
+
        param = op->param;
        r = mailimap_starttls(param->imap);
        
@@ -703,6 +732,7 @@ static void starttls_run(struct etpan_thread_op * op)
                        result->error = MAILIMAP_ERROR_STREAM;
                        return;
                }
+
                tls_low = mailstream_low_tls_open(fd);
                if (tls_low == NULL) {
                        debug_print("imap starttls run - can't tls_open\n");
@@ -714,19 +744,30 @@ static void starttls_run(struct etpan_thread_op * op)
        }
 }
 
-int imap_threaded_starttls(Folder * folder)
+int imap_threaded_starttls(Folder * folder, const gchar *host, int port)
 {
-       struct starttls_param param;
+       struct connect_param param;
        struct starttls_result result;
+       int cert_len;
+       unsigned char *certificate;
        
        debug_print("imap starttls - begin\n");
        
        param.imap = get_imap(folder);
+       param.server = host;
+       param.port = port;
        
        threaded_run(folder, &param, &result, starttls_run);
        
        debug_print("imap starttls - end\n");
        
+       if (result.error == 0) {
+               cert_len = mailstream_ssl_get_certificate(param.imap->imap_stream, &certificate);
+               if (etpan_certificate_check(certificate, cert_len, &param) < 0)
+                       result.error = MAILIMAP_ERROR_STREAM;
+               if (certificate) 
+                       free(certificate); 
+       }       
        return result.error;
 }
 

diff --git a/src/etpan/imap-thread.h b/src/etpan/imap-thread.h
index 562d6df842ae7d66eac72c30bec57418300e4038..b25f7282c1628fe39b75ce877b9d55a77f7b98ce 100644 (file)
--- a/src/etpan/imap-thread.h
+++ b/src/etpan/imap-thread.h
@@ -33,7 +33,7 @@ int imap_threaded_status(Folder * folder, const char * mb,
                guint mask);
 
 int imap_threaded_noop(Folder * folder, unsigned int * p_exists);
-int imap_threaded_starttls(Folder * folder);
+int imap_threaded_starttls(Folder * folder, const gchar *host, int port);
 int imap_threaded_create(Folder * folder, const char * mb);
 int imap_threaded_rename(Folder * folder,
                         const char * mb, const char * new_name);

diff --git a/src/imap.c b/src/imap.c
index f637763bcca145bee600dd315ccebe68803476e0..c6be77426b0958faf7d8b10e9c698878aba70d37 100644 (file)
--- a/src/imap.c
+++ b/src/imap.c
@@ -2525,7 +2525,8 @@ static gint imap_cmd_starttls(IMAPSession *session)
 {
        int r;
        
-       r = imap_threaded_starttls(session->folder);
+       r = imap_threaded_starttls(session->folder, 
+               SESSION(session)->server, SESSION(session)->port);
        if (r != MAILIMAP_NO_ERROR) {
                debug_print("starttls err %d\n", r);
                return IMAP_ERROR;