* src/imap.c
* src/etpan/imap-thread.c
* src/etpan/imap-thread.h
Check for IMAP certificates
** Requires libetpan-0.42-cvs4
** http://claws.sylpheed.org/snapshots/libetpan-0.42cvs4.tar.gz
+2006-02-17 [colin] 2.0.0cvs61
+
+ * src/imap.c
+ * src/etpan/imap-thread.c
+ * src/etpan/imap-thread.h
+ Check for IMAP certificates
+ ** Requires libetpan-0.42-cvs4
+ ** http://claws.sylpheed.org/snapshots/libetpan-0.42cvs4.tar.gz
+
2006-02-17 [cleroy] 2.0.0cvs60
* src/messageview.c
2006-02-17 [cleroy] 2.0.0cvs60
* src/messageview.c
( cvs diff -u -r 1.9.2.36 -r 1.9.2.37 src/gtk/gtkaspell.c; cvs diff -u -r 1.5.2.4 -r 1.5.2.5 src/gtk/gtkaspell.h; cvs diff -u -r 1.5.2.18 -r 1.5.2.19 src/prefs_spelling.c; cvs diff -u -r 1.382.2.241 -r 1.382.2.242 src/compose.c; cvs diff -u -r 1.204.2.75 -r 1.204.2.76 src/prefs_common.c; cvs diff -u -r 1.103.2.40 -r 1.103.2.41 src/prefs_common.h; ) > 2.0.0cvs58.patchset
( cvs diff -u -r 1.115.2.75 -r 1.115.2.76 src/main.c; cvs diff -u -r 1.13.2.16 -r 1.13.2.17 src/common/plugin.c; cvs diff -u -r 1.5.2.4 -r 1.5.2.5 src/common/plugin.h; cvs diff -u -r 1.5.2.26 -r 1.5.2.27 src/gtk/pluginwindow.c; ) > 2.0.0cvs59.patchset
( cvs diff -u -r 1.94.2.76 -r 1.94.2.77 src/messageview.c; cvs diff -u -r 1.204.2.76 -r 1.204.2.77 src/prefs_common.c; cvs diff -u -r 1.103.2.41 -r 1.103.2.42 src/prefs_common.h; cvs diff -u -r 1.1.2.11 -r 1.1.2.12 src/prefs_message.c; ) > 2.0.0cvs60.patchset
( cvs diff -u -r 1.9.2.36 -r 1.9.2.37 src/gtk/gtkaspell.c; cvs diff -u -r 1.5.2.4 -r 1.5.2.5 src/gtk/gtkaspell.h; cvs diff -u -r 1.5.2.18 -r 1.5.2.19 src/prefs_spelling.c; cvs diff -u -r 1.382.2.241 -r 1.382.2.242 src/compose.c; cvs diff -u -r 1.204.2.75 -r 1.204.2.76 src/prefs_common.c; cvs diff -u -r 1.103.2.40 -r 1.103.2.41 src/prefs_common.h; ) > 2.0.0cvs58.patchset
( cvs diff -u -r 1.115.2.75 -r 1.115.2.76 src/main.c; cvs diff -u -r 1.13.2.16 -r 1.13.2.17 src/common/plugin.c; cvs diff -u -r 1.5.2.4 -r 1.5.2.5 src/common/plugin.h; cvs diff -u -r 1.5.2.26 -r 1.5.2.27 src/gtk/pluginwindow.c; ) > 2.0.0cvs59.patchset
( cvs diff -u -r 1.94.2.76 -r 1.94.2.77 src/messageview.c; cvs diff -u -r 1.204.2.76 -r 1.204.2.77 src/prefs_common.c; cvs diff -u -r 1.103.2.41 -r 1.103.2.42 src/prefs_common.h; cvs diff -u -r 1.1.2.11 -r 1.1.2.12 src/prefs_message.c; ) > 2.0.0cvs60.patchset
+( cvs diff -u -r 1.179.2.92 -r 1.179.2.93 src/imap.c; cvs diff -u -r 1.1.4.28 -r 1.1.4.29 src/etpan/imap-thread.c; cvs diff -u -r 1.1.4.7 -r 1.1.4.8 src/etpan/imap-thread.h; ) > 2.0.0cvs61.patchset
MICRO_VERSION=0
INTERFACE_AGE=0
BINARY_AGE=0
MICRO_VERSION=0
INTERFACE_AGE=0
BINARY_AGE=0
EXTRA_RELEASE=
EXTRA_GTK2_VERSION=
EXTRA_RELEASE=
EXTRA_GTK2_VERSION=
#include <log.h>
#include "etpan-thread-manager.h"
#include "utils.h"
#include <log.h>
#include "etpan-thread-manager.h"
#include "utils.h"
+#include "ssl_certificate.h"
#define DISABLE_LOG_DURING_LOGIN
#define DISABLE_LOG_DURING_LOGIN
+static int etpan_certificate_check(unsigned char *certificate, int len, void *data)
+{
+#ifdef USE_OPENSSL
+ struct connect_param *param = (struct connect_param *)data;
+ X509 *cert = NULL;
+
+ if (certificate == NULL || len < 0) {
+ g_warning("no cert presented.\n");
+ return 0;
+ }
+ cert = d2i_X509(NULL, &certificate, len);
+ if (cert == NULL) {
+ g_warning("can't get cert\n");
+ return 0;
+ } else if (ssl_certificate_check(cert,
+ (gchar *)param->server, param->port) == TRUE) {
+ return 0;
+ } else {
+ return -1;
+ }
+#else
+ return 0;
+#endif
+}
static void connect_ssl_run(struct etpan_thread_op * op)
{
static void connect_ssl_run(struct etpan_thread_op * op)
{
r = mailimap_ssl_connect(param->imap,
param->server, param->port);
r = mailimap_ssl_connect(param->imap,
param->server, param->port);
chashdatum key;
chashdatum value;
mailimap * imap;
chashdatum key;
chashdatum value;
mailimap * imap;
+ unsigned char *certificate;
+ int cert_len;
+
imap = mailimap_new(0, NULL);
key.data = &folder;
imap = mailimap_new(0, NULL);
key.data = &folder;
threaded_run(folder, ¶m, &result, connect_ssl_run);
threaded_run(folder, ¶m, &result, connect_ssl_run);
+ if (result.error >= 0) {
+ cert_len = mailstream_ssl_get_certificate(imap->imap_stream, &certificate);
+ if (etpan_certificate_check(certificate, cert_len, ¶m) < 0)
+ return -1;
+ if (certificate)
+ free(certificate);
+ }
debug_print("connect %d\n", result.error);
return result.error;
debug_print("connect %d\n", result.error);
return result.error;
-struct starttls_param {
- mailimap * imap;
-};
-
struct starttls_result {
int error;
};
static void starttls_run(struct etpan_thread_op * op)
{
struct starttls_result {
int error;
};
static void starttls_run(struct etpan_thread_op * op)
{
- struct starttls_param * param;
+ struct connect_param * param;
struct starttls_result * result;
int r;
struct starttls_result * result;
int r;
param = op->param;
r = mailimap_starttls(param->imap);
param = op->param;
r = mailimap_starttls(param->imap);
result->error = MAILIMAP_ERROR_STREAM;
return;
}
result->error = MAILIMAP_ERROR_STREAM;
return;
}
tls_low = mailstream_low_tls_open(fd);
if (tls_low == NULL) {
debug_print("imap starttls run - can't tls_open\n");
tls_low = mailstream_low_tls_open(fd);
if (tls_low == NULL) {
debug_print("imap starttls run - can't tls_open\n");
-int imap_threaded_starttls(Folder * folder)
+int imap_threaded_starttls(Folder * folder, const gchar *host, int port)
- struct starttls_param param;
+ struct connect_param param;
struct starttls_result result;
struct starttls_result result;
+ int cert_len;
+ unsigned char *certificate;
debug_print("imap starttls - begin\n");
param.imap = get_imap(folder);
debug_print("imap starttls - begin\n");
param.imap = get_imap(folder);
+ param.server = host;
+ param.port = port;
threaded_run(folder, ¶m, &result, starttls_run);
debug_print("imap starttls - end\n");
threaded_run(folder, ¶m, &result, starttls_run);
debug_print("imap starttls - end\n");
+ if (result.error == 0) {
+ cert_len = mailstream_ssl_get_certificate(param.imap->imap_stream, &certificate);
+ if (etpan_certificate_check(certificate, cert_len, ¶m) < 0)
+ result.error = MAILIMAP_ERROR_STREAM;
+ if (certificate)
+ free(certificate);
+ }
guint mask);
int imap_threaded_noop(Folder * folder, unsigned int * p_exists);
guint mask);
int imap_threaded_noop(Folder * folder, unsigned int * p_exists);
-int imap_threaded_starttls(Folder * folder);
+int imap_threaded_starttls(Folder * folder, const gchar *host, int port);
int imap_threaded_create(Folder * folder, const char * mb);
int imap_threaded_rename(Folder * folder,
const char * mb, const char * new_name);
int imap_threaded_create(Folder * folder, const char * mb);
int imap_threaded_rename(Folder * folder,
const char * mb, const char * new_name);
- r = imap_threaded_starttls(session->folder);
+ r = imap_threaded_starttls(session->folder,
+ SESSION(session)->server, SESSION(session)->port);
if (r != MAILIMAP_NO_ERROR) {
debug_print("starttls err %d\n", r);
return IMAP_ERROR;
if (r != MAILIMAP_NO_ERROR) {
debug_print("starttls err %d\n", r);
return IMAP_ERROR;