cleaner messages, no popup if required

author Colin Leroy <colin@colino.net>

Tue, 12 Nov 2002 08:37:34 +0000 (08:37 +0000)

committer Colin Leroy <colin@colino.net>

Tue, 12 Nov 2002 08:37:34 +0000 (08:37 +0000)
author Colin Leroy <colin@colino.net>
Tue, 12 Nov 2002 08:37:34 +0000 (08:37 +0000)
committer Colin Leroy <colin@colino.net>
Tue, 12 Nov 2002 08:37:34 +0000 (08:37 +0000)
diff --git a/ChangeLog.claws b/ChangeLog.claws

index 89803fef4a78b4e7aab3606806398ab0376dec93..f67d66cf1e0c10e6de973f1d63850cbf7507019f 100644 (file)
--- a/ChangeLog.claws
+++ b/ChangeLog.claws
@@ -1,3 +1,12 @@
+2002-11-11 [colin]     0.8.5claws127
+
+       * src/ssl_certificate.c
+               Cleaner messages
+               Don't popup, instead log error, if the 
+               corresponding pref is checked
+       * src/ssl_certificate.h
+               include <openssl/objects/h>
+
  2002-11-11 [colin]     0.8.5claws126
  
         * src/ssl_certificate.h
  2002-11-11 [colin]     0.8.5claws126
  
         * src/ssl_certificate.h
diff --git a/configure.in b/configure.in

index 2f79409ef1a44723b50593c4a98ff328c9854c88..4cfe443b537cc5ff7474c4c8339251586b877ccb 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -11,7 +11,7 @@ MINOR_VERSION=8
  MICRO_VERSION=5
  INTERFACE_AGE=0
  BINARY_AGE=0
  MICRO_VERSION=5
  INTERFACE_AGE=0
  BINARY_AGE=0
-EXTRA_VERSION=claws126
+EXTRA_VERSION=claws127
  VERSION=$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION$EXTRA_VERSION
  
  dnl set $target
  VERSION=$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION$EXTRA_VERSION
  
  dnl set $target
diff --git a/src/ssl_certificate.c b/src/ssl_certificate.c

index 6632d3abfac404b3cac66df606774b7cc7e7f948..1eb29aaadc7f19343d6f28b5bf1b4ba474d82585 100644 (file)
--- a/src/ssl_certificate.c
+++ b/src/ssl_certificate.c
@@ -29,8 +29,10 @@
  #include "alertpanel.h"
  #include "utils.h"
  #include "intl.h"
  #include "alertpanel.h"
  #include "utils.h"
  #include "intl.h"
+#include "prefs_common.h"
  
  static void ssl_certificate_destroy(SSLCertificate *cert);
  
  static void ssl_certificate_destroy(SSLCertificate *cert);
+static char *ssl_certificate_check_signer (X509 *cert); 
  
  static char * readable_fingerprint(unsigned char *src, int len) 
  {
  
  static char * readable_fingerprint(unsigned char *src, int len) 
  {
@@ -97,24 +99,70 @@ static void ssl_certificate_save (SSLCertificate *cert)
  
  static char* ssl_certificate_to_string(SSLCertificate *cert)
  {
  
  static char* ssl_certificate_to_string(SSLCertificate *cert)
  {
-       char *ret, *issuer, *subject, *fingerprint;
-       int j;
+       char *ret, buf[100];
+       char *issuer_commonname, *issuer_location, *issuer_organization;
+       char *subject_commonname, *subject_location, *subject_organization;
+       char *fingerprint, *sig_status;
         unsigned int n;
         unsigned char md[EVP_MAX_MD_SIZE];      
         unsigned int n;
         unsigned char md[EVP_MAX_MD_SIZE];      
-               
+       
+       /* issuer */    
+        X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
+                                       NID_commonName, buf, 100);
+        issuer_commonname = g_strdup(buf);
+        X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
+                                       NID_localityName, buf, 100);
+        issuer_location = g_strdup(buf);
+        X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
+                                       NID_countryName, buf, 100);
+        issuer_location = g_strconcat(issuer_location,", ",buf, NULL);
+        X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
+                                       NID_organizationName, buf, 100);
+        issuer_organization = g_strdup(buf);
+
+       /* issuer */    
+        X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
+                                       NID_commonName, buf, 100);
+        subject_commonname = g_strdup(buf);
+        X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
+                                       NID_localityName, buf, 100);
+        subject_location = g_strdup(buf);
+        X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
+                                       NID_countryName, buf, 100);
+        subject_location = g_strconcat(subject_location,", ",buf, NULL);
+        X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
+                                       NID_organizationName, buf, 100);
+        subject_organization = g_strdup(buf);
+                
+       /* fingerprint */
         X509_digest(cert->x509_cert, EVP_md5(), md, &n);
         X509_digest(cert->x509_cert, EVP_md5(), md, &n);
-       issuer = X509_NAME_oneline(X509_get_issuer_name(cert->x509_cert), 0, 0);
-       subject = X509_NAME_oneline(X509_get_subject_name(cert->x509_cert), 0, 0);
-       fingerprint = readable_fingerprint(md, (int)n);         
-       ret = g_strdup_printf("  Issuer: %s\n  Subject: %s\n  Fingerprint: %s",
-                               issuer, subject, fingerprint);
-
-       if (issuer)
-               g_free(issuer);
-       if (subject)
-               g_free(subject);
+       fingerprint = readable_fingerprint(md, (int)n);
+
+       /* signature */
+       sig_status = ssl_certificate_check_signer(cert->x509_cert);
+
+       ret = g_strdup_printf(_("  Owner: %s (%s) in %s\n  Signed by: %s (%s) in %s\n  Fingerprint: %s\n  Signature status: %s"),
+                               subject_commonname, subject_organization, subject_location, 
+                               issuer_commonname, issuer_organization, issuer_location, 
+                               fingerprint,
+                               (sig_status==NULL ? "correct":sig_status));
+
+       if (issuer_commonname)
+               g_free(issuer_commonname);
+       if (issuer_location)
+               g_free(issuer_location);
+       if (issuer_organization)
+               g_free(issuer_organization);
+       if (subject_commonname)
+               g_free(subject_commonname);
+       if (subject_location)
+               g_free(subject_location);
+       if (subject_organization)
+               g_free(subject_organization);
         if (fingerprint)
                 g_free(fingerprint);
         if (fingerprint)
                 g_free(fingerprint);
+       if (sig_status)
+               g_free(sig_status);
         return ret;
  }
         
         return ret;
  }
         
@@ -179,7 +227,7 @@ static char *ssl_certificate_check_signer (X509 *cert)
         store = X509_STORE_new();
         if (store == NULL) {
                 printf("Can't create X509_STORE\n");
         store = X509_STORE_new();
         if (store == NULL) {
                 printf("Can't create X509_STORE\n");
-               return FALSE;
+               return NULL;
         }
         if (X509_STORE_set_default_paths(store)) 
                 ok++;
         }
         if (X509_STORE_set_default_paths(store)) 
                 ok++;
@@ -223,21 +271,22 @@ gboolean ssl_certificate_check (X509 *x509_cert, gchar *host)
         if (known_cert == NULL) {
                 gint val;
                 gchar *err_msg, *cur_cert_str;
         if (known_cert == NULL) {
                 gint val;
                 gchar *err_msg, *cur_cert_str;
-               gchar *sig_status = NULL;
                 
                 cur_cert_str = ssl_certificate_to_string(current_cert);
                 
                 
                 cur_cert_str = ssl_certificate_to_string(current_cert);
                 
-               sig_status = ssl_certificate_check_signer(x509_cert);
-
-               err_msg = g_strdup_printf(_("The SSL certificate presented by %s is unknown.\nPresented certificate is:\n%s\n\n%s%s"),
+               err_msg = g_strdup_printf(_("%s presented an unknown SSL certificate:\n%s"),
                                           host,
                                           host,
-                                         cur_cert_str,
-                                         (sig_status == NULL)?"The presented certificate signature is correct.":"The presented certificate signature is not correct: ",
-                                         (sig_status == NULL)?"":sig_status);
+                                         cur_cert_str);
                 g_free (cur_cert_str);
                 g_free (cur_cert_str);
-               if (sig_status)
-                       g_free (sig_status);
- 
+
+               if (prefs_common.no_recv_err_panel) {
+                       log_error(_("%s\n\nMail won't be retrieved on this account until you save the certificate.\n(Uncheck the \"%s\" preference).\n"),
+                                       err_msg,
+                                       _("Don't popup error dialog on receive error"));
+                       g_free(err_msg);
+                       return FALSE;
+               }
+                
                 val = alertpanel(_("Warning"),
                                err_msg,
                                _("Accept and save"), _("Cancel connection"), NULL);
                 val = alertpanel(_("Warning"),
                                err_msg,
                                _("Accept and save"), _("Cancel connection"), NULL);
@@ -261,17 +310,23 @@ gboolean ssl_certificate_check (X509 *x509_cert, gchar *host)
  
                 known_cert_str = ssl_certificate_to_string(known_cert);
                 cur_cert_str = ssl_certificate_to_string(current_cert);
  
                 known_cert_str = ssl_certificate_to_string(known_cert);
                 cur_cert_str = ssl_certificate_to_string(current_cert);
-               err_msg = g_strdup_printf(_("The SSL certificate presented by %s differs from the known one.\nKnown certificate is:\n%s\nPresented certificate is:\n%s\n\n%s%s"),
+               err_msg = g_strdup_printf(_("%s's SSL certificate changed !\nWe have saved this one:\n%s\n\nIt is now:\n%s\n\nThis could mean the server answering is not the known one."),
                                           host,
                                           known_cert_str,
                                           host,
                                           known_cert_str,
-                                         cur_cert_str,
-                                         (sig_status == NULL)?"The presented certificate signature is correct.":"The presented certificate signature is not correct: ",
-                                         (sig_status == NULL)?"":sig_status);
+                                         cur_cert_str);
                 g_free (cur_cert_str);
                 g_free (known_cert_str);
                 if (sig_status)
                         g_free (sig_status);
  
                 g_free (cur_cert_str);
                 g_free (known_cert_str);
                 if (sig_status)
                         g_free (sig_status);
  
+               if (prefs_common.no_recv_err_panel) {
+                       log_error(_("%s\n\nMail won't be retrieved on this account until you save the certificate.\n(Uncheck the \"%s\" preference).\n"),
+                                       err_msg,
+                                       _("Don't popup error dialog on receive error"));
+                       g_free(err_msg);
+                       return FALSE;
+               }
+
                 val = alertpanel(_("Warning"),
                                err_msg,
                                _("Accept and save"), _("Cancel connection"), NULL);
                 val = alertpanel(_("Warning"),
                                err_msg,
                                _("Accept and save"), _("Cancel connection"), NULL);
diff --git a/src/ssl_certificate.h b/src/ssl_certificate.h

index a208767e0430750cee470934f96bc41a66602f43..ad2e4bc4399d3e9a76921489bffc1e961b592495 100644 (file)
--- a/src/ssl_certificate.h
+++ b/src/ssl_certificate.h
@@ -27,6 +27,7 @@
  #if USE_SSL
  
  #include <openssl/ssl.h>
  #if USE_SSL
  
  #include <openssl/ssl.h>
+#include <openssl/objects.h>
  #include <glib.h>
  
  typedef struct _SSLCertificate SSLCertificate;
  #include <glib.h>
  
  typedef struct _SSLCertificate SSLCertificate;
author	Colin Leroy <colin@colino.net>
	Tue, 12 Nov 2002 08:37:34 +0000 (08:37 +0000)
committer	Colin Leroy <colin@colino.net>
	Tue, 12 Nov 2002 08:37:34 +0000 (08:37 +0000)
ChangeLog.claws		patch \| blob \| history
configure.in		patch \| blob \| history
src/ssl_certificate.c		patch \| blob \| history
src/ssl_certificate.h		patch \| blob \| history