2008-10-10 [colin] 3.6.1cvs2

author Colin Leroy <colin@colino.net>

Fri, 10 Oct 2008 18:47:00 +0000 (18:47 +0000)

committer Colin Leroy <colin@colino.net>

Fri, 10 Oct 2008 18:47:00 +0000 (18:47 +0000)
author Colin Leroy <colin@colino.net>
Fri, 10 Oct 2008 18:47:00 +0000 (18:47 +0000)
committer Colin Leroy <colin@colino.net>
Fri, 10 Oct 2008 18:47:00 +0000 (18:47 +0000)
diff --git a/ChangeLog b/ChangeLog

index c9209bf60d5599f0147d77df394cd1a0beb12664..f0302d2058dc4c2edb40a300d55c8fd9b918e290 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2008-10-10 [colin]     3.6.1cvs2
+
+       * src/common/ssl.h
+       * src/common/ssl_certificate.c
+       * src/gtk/sslcertwindow.c
+               Add offline certificate verification,
+               thanks to Nikos Mavrogiannopoulos for the
+               hints
+
  2008-10-10 [colin]     3.6.1cvs1
  
         * src/common/ssl_certificate.c
diff --git a/PATCHSETS b/PATCHSETS

index 6e473af02b82bce66fc3fa92fe48ed0a5d0a18a3..3ae80f2ba0347c97dfc384fce8ad419493c19698 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
@@ -3583,3 +3583,4 @@
  ( cvs diff -u -r 1.1.2.2 -r 1.1.2.3 claws-mail.pc.in;  ) > 3.6.0cvs24.patchset
  ( cvs diff -u -r 1.9.2.33 -r 1.9.2.34 src/common/ssl.c;  ) > 3.6.0cvs25.patchset
  ( cvs diff -u -r 1.4.2.30 -r 1.4.2.31 src/common/ssl_certificate.c;  cvs diff -u -r 1.9.2.24 -r 1.9.2.25 src/gtk/sslcertwindow.c;  ) > 3.6.1cvs1.patchset
+( cvs diff -u -r 1.2.2.10 -r 1.2.2.11 src/common/ssl.h;  cvs diff -u -r 1.4.2.31 -r 1.4.2.32 src/common/ssl_certificate.c;  cvs diff -u -r 1.9.2.25 -r 1.9.2.26 src/gtk/sslcertwindow.c;  ) > 3.6.1cvs2.patchset
diff --git a/configure.ac b/configure.ac

index 5e6a9cbd45298c133506c60ba9c9e5bbd42344f3..d91b23951375a4f5d6fd91dc4cd9c2c5a58baf0f 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -11,7 +11,7 @@ MINOR_VERSION=6
  MICRO_VERSION=1
  INTERFACE_AGE=0
  BINARY_AGE=0
-EXTRA_VERSION=1
+EXTRA_VERSION=2
  EXTRA_RELEASE=
  EXTRA_GTK2_VERSION=
  
diff --git a/src/common/ssl.h b/src/common/ssl.h

index 4dbb1f239b8f1ba079890cb3b293e4c3f876025e..14d6459f247aefefa2091682cd3656370b90d954 100644 (file)
--- a/src/common/ssl.h
+++ b/src/common/ssl.h
@@ -72,6 +72,7 @@ struct _SSLClientCertHookData
  SSL_CTX *ssl_get_ctx(void);
  #endif
                 
+const gchar *claws_ssl_get_cert_file(void);
  #endif /* USE_OPENSSL */
  
  #endif /* __SSL_H__ */
diff --git a/src/common/ssl_certificate.c b/src/common/ssl_certificate.c

index b0242b4487d375f8ef49fc3b5e090d30030d860f..2cfce302c6427b14aa2362f196fbcc71443d37b6 100644 (file)
--- a/src/common/ssl_certificate.c
+++ b/src/common/ssl_certificate.c
@@ -649,11 +649,71 @@ char *ssl_certificate_check_signer (X509 *cert)
         return NULL;
  }
  #else
-char *ssl_certificate_check_signer (gnutls_x509_crt cert, guint status) 
+guint check_cert(gnutls_x509_crt cert)
  {
-       if (status == (guint)-1)
-               return g_strdup(_("Uncheckable"));
+       gnutls_x509_crt *ca_list;
+       unsigned int max = 512;
+       unsigned int flags = 0;
+       gnutls_datum tmp;
+       struct stat s;
+       int r, i;
+       unsigned int status;
+       FILE *fp;
+
+       if (claws_ssl_get_cert_file())
+               fp = fopen(claws_ssl_get_cert_file(), "r");
+       else
+               return (guint)-1;
+
+       if (fstat(fileno(fp), &s) < 0) {
+               perror("fstat");
+               fclose(fp);
+               return (guint)-1;
+       }
+
+       ca_list=(gnutls_x509_crt_t*)malloc(max*sizeof(gnutls_x509_crt_t));
+       tmp.data = malloc(s.st_size);
+       memset(tmp.data, 0, s.st_size);
+       tmp.size = s.st_size;
+       if (fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
+               perror("fread");
+               free(tmp.data);
+               free(ca_list);
+               fclose(fp);
+               return (guint)-1;
+       }
+
+       if ((r = gnutls_x509_crt_list_import(ca_list, &max, 
+                       &tmp, GNUTLS_X509_FMT_PEM, flags)) < 0) {
+               debug_print("cert import failed: %s\n", gnutls_strerror(r));
+               free(tmp.data);
+               free(ca_list);
+               fclose(fp);
+               return (guint)-1;
+       }
+       free(tmp.data);
+       debug_print("got %d certs in ca_list! %p\n", max, &ca_list);
+       r = gnutls_x509_crt_verify(cert, ca_list, max, flags, &status);
+       fclose(fp);
  
+       for (i = 0; i < max; i++)
+               gnutls_x509_crt_deinit(ca_list[i]);
+       free(ca_list);
+
+       if (r < 0)
+               return (guint)-1;
+       else
+               return status;
+
+}
+
+char *ssl_certificate_check_signer (gnutls_x509_crt cert, guint status) 
+{
+       if (status == (guint)-1) {
+               status = check_cert(cert);
+               if (status == -1)
+                       return g_strdup(_("Uncheckable"));
+       }
         if (status & GNUTLS_CERT_INVALID) {
                 if (gnutls_x509_crt_check_issuer(cert, cert))
                         return g_strdup(_("Self-signed certificate"));
diff --git a/src/gtk/sslcertwindow.c b/src/gtk/sslcertwindow.c

index aa2a2da27e8e5e28f0c9adcf022346dc376b0185..215177011d2c607d222a3c420293d07172a59096 100644 (file)
--- a/src/gtk/sslcertwindow.c
+++ b/src/gtk/sslcertwindow.c
@@ -229,7 +229,7 @@ static GtkWidget *cert_presenter(SSLCertificate *cert)
  #endif
  
         if (sig_status==NULL)
-               sig_status = g_strdup(_("correct"));
+               sig_status = g_strdup(_("Correct"));
  
         vbox = gtk_vbox_new(FALSE, 5);
         hbox = gtk_hbox_new(FALSE, 5);
@@ -398,7 +398,7 @@ static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert)
         sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
  #endif
         if (sig_status==NULL)
-               sig_status = g_strdup(_("correct"));
+               sig_status = g_strdup(_("Correct"));
  
         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
         label = gtk_label_new(buf);
@@ -443,7 +443,7 @@ static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert)
  #endif
  
         if (sig_status==NULL)
-               sig_status = g_strdup(_("correct"));
+               sig_status = g_strdup(_("Correct"));
  
         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
         label = gtk_label_new(buf);
@@ -502,7 +502,7 @@ static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCert
  #endif
  
         if (sig_status==NULL)
-               sig_status = g_strdup(_("correct"));
+               sig_status = g_strdup(_("Correct"));
  
         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
         label = gtk_label_new(buf);
author	Colin Leroy <colin@colino.net>
	Fri, 10 Oct 2008 18:47:00 +0000 (18:47 +0000)
committer	Colin Leroy <colin@colino.net>
	Fri, 10 Oct 2008 18:47:00 +0000 (18:47 +0000)
ChangeLog		patch \| blob \| history
PATCHSETS		patch \| blob \| history
configure.ac		patch \| blob \| history
src/common/ssl.h		patch \| blob \| history
src/common/ssl_certificate.c		patch \| blob \| history
src/gtk/sslcertwindow.c		patch \| blob \| history