+2008-10-10 [colin] 3.6.1cvs2
+
+ * src/common/ssl.h
+ * src/common/ssl_certificate.c
+ * src/gtk/sslcertwindow.c
+ Add offline certificate verification,
+ thanks to Nikos Mavrogiannopoulos for the
+ hints
+
2008-10-10 [colin] 3.6.1cvs1
* src/common/ssl_certificate.c
return NULL;
}
#else
-char *ssl_certificate_check_signer (gnutls_x509_crt cert, guint status)
+guint check_cert(gnutls_x509_crt cert)
{
- if (status == (guint)-1)
- return g_strdup(_("Uncheckable"));
+ gnutls_x509_crt *ca_list;
+ unsigned int max = 512;
+ unsigned int flags = 0;
+ gnutls_datum tmp;
+ struct stat s;
+ int r, i;
+ unsigned int status;
+ FILE *fp;
+
+ if (claws_ssl_get_cert_file())
+ fp = fopen(claws_ssl_get_cert_file(), "r");
+ else
+ return (guint)-1;
+
+ if (fstat(fileno(fp), &s) < 0) {
+ perror("fstat");
+ fclose(fp);
+ return (guint)-1;
+ }
+
+ ca_list=(gnutls_x509_crt_t*)malloc(max*sizeof(gnutls_x509_crt_t));
+ tmp.data = malloc(s.st_size);
+ memset(tmp.data, 0, s.st_size);
+ tmp.size = s.st_size;
+ if (fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
+ perror("fread");
+ free(tmp.data);
+ free(ca_list);
+ fclose(fp);
+ return (guint)-1;
+ }
+
+ if ((r = gnutls_x509_crt_list_import(ca_list, &max,
+ &tmp, GNUTLS_X509_FMT_PEM, flags)) < 0) {
+ debug_print("cert import failed: %s\n", gnutls_strerror(r));
+ free(tmp.data);
+ free(ca_list);
+ fclose(fp);
+ return (guint)-1;
+ }
+ free(tmp.data);
+ debug_print("got %d certs in ca_list! %p\n", max, &ca_list);
+ r = gnutls_x509_crt_verify(cert, ca_list, max, flags, &status);
+ fclose(fp);
+ for (i = 0; i < max; i++)
+ gnutls_x509_crt_deinit(ca_list[i]);
+ free(ca_list);
+
+ if (r < 0)
+ return (guint)-1;
+ else
+ return status;
+
+}
+
+char *ssl_certificate_check_signer (gnutls_x509_crt cert, guint status)
+{
+ if (status == (guint)-1) {
+ status = check_cert(cert);
+ if (status == -1)
+ return g_strdup(_("Uncheckable"));
+ }
if (status & GNUTLS_CERT_INVALID) {
if (gnutls_x509_crt_check_issuer(cert, cert))
return g_strdup(_("Self-signed certificate"));
#endif
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
vbox = gtk_vbox_new(FALSE, 5);
hbox = gtk_hbox_new(FALSE, 5);
sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
#endif
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
buf = g_strdup_printf(_("Signature status: %s"), sig_status);
label = gtk_label_new(buf);
#endif
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
buf = g_strdup_printf(_("Signature status: %s"), sig_status);
label = gtk_label_new(buf);
#endif
if (sig_status==NULL)
- sig_status = g_strdup(_("correct"));
+ sig_status = g_strdup(_("Correct"));
buf = g_strdup_printf(_("Signature status: %s"), sig_status);
label = gtk_label_new(buf);