(sorry for once more breaking registered certificates :( )
+2002-11-12 [colin] 0.8.5claws130
+
+ * src/ssl_certificate.[ch]
+ Take connection port into account for
+ checking certificates (a single hostname
+ could have multiple servers with multiple
+ certificates)
+ * src/ssl.c
+ Pass the port to ssl_certificate_check
+
2002-11-12 [paul] 0.8.5claws129
* src/folder.c
2002-11-12 [paul] 0.8.5claws129
* src/folder.c
MICRO_VERSION=5
INTERFACE_AGE=0
BINARY_AGE=0
MICRO_VERSION=5
INTERFACE_AGE=0
BINARY_AGE=0
VERSION=$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION$EXTRA_VERSION
dnl set $target
VERSION=$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION$EXTRA_VERSION
dnl set $target
/* Get server's certificate (note: beware of dynamic allocation) */
if ((server_cert = SSL_get_peer_certificate(sockinfo->ssl)) != NULL) {
/* Get server's certificate (note: beware of dynamic allocation) */
if ((server_cert = SSL_get_peer_certificate(sockinfo->ssl)) != NULL) {
- ret = ssl_certificate_check (server_cert, sockinfo->hostname);
+ ret = ssl_certificate_check (server_cert, sockinfo->hostname, sockinfo->port);
X509_free(server_cert);
} else {
printf("server_cert is NULL ! this _should_not_ happen !\n");
X509_free(server_cert);
} else {
printf("server_cert is NULL ! this _should_not_ happen !\n");
-SSLCertificate *ssl_certificate_new(X509 *x509_cert, gchar *host)
+SSLCertificate *ssl_certificate_new(X509 *x509_cert, gchar *host, gushort port)
{
SSLCertificate *cert = g_new0(SSLCertificate, 1);
{
SSLCertificate *cert = g_new0(SSLCertificate, 1);
cert->x509_cert = X509_dup(x509_cert);
cert->host = g_strdup(host);
cert->x509_cert = X509_dup(x509_cert);
cert->host = g_strdup(host);
return cert;
}
static void ssl_certificate_save (SSLCertificate *cert)
{
return cert;
}
static void ssl_certificate_save (SSLCertificate *cert)
{
file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
"certs", G_DIR_SEPARATOR_S, NULL);
file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
"certs", G_DIR_SEPARATOR_S, NULL);
make_dir_hier(file);
g_free(file);
make_dir_hier(file);
g_free(file);
+ port = g_strdup_printf("%d", cert->port);
file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
"certs", G_DIR_SEPARATOR_S,
file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
"certs", G_DIR_SEPARATOR_S,
- cert->host, ".cert", NULL);
+ cert->host, ".", port, ".cert", NULL);
fp = fopen(file, "w");
if (fp == NULL) {
g_free(file);
fp = fopen(file, "w");
if (fp == NULL) {
g_free(file);
-static SSLCertificate *ssl_certificate_find (gchar *host)
+static SSLCertificate *ssl_certificate_find (gchar *host, gushort port)
- gchar buf[1024], *subject, *issuer, *fingerprint;
SSLCertificate *cert = NULL;
X509 *tmp_x509;
FILE *fp;
SSLCertificate *cert = NULL;
X509 *tmp_x509;
FILE *fp;
+ buf = g_strdup_printf("%d", port);
file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
"certs", G_DIR_SEPARATOR_S,
file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
"certs", G_DIR_SEPARATOR_S,
+ host, ".", buf, ".cert", NULL);
fp = fopen(file, "r");
if (fp == NULL) {
g_free(file);
fp = fopen(file, "r");
if (fp == NULL) {
g_free(file);
if ((tmp_x509 = d2i_X509_fp(fp, 0)) != NULL) {
if ((tmp_x509 = d2i_X509_fp(fp, 0)) != NULL) {
- cert = ssl_certificate_new(tmp_x509, host);
+ cert = ssl_certificate_new(tmp_x509, host, port);
X509_free(tmp_x509);
}
fclose(fp);
X509_free(tmp_x509);
}
fclose(fp);
-gboolean ssl_certificate_check (X509 *x509_cert, gchar *host)
+gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port)
- SSLCertificate *current_cert = ssl_certificate_new(x509_cert, host);
+ SSLCertificate *current_cert = ssl_certificate_new(x509_cert, host, port);
SSLCertificate *known_cert;
if (current_cert == NULL) {
SSLCertificate *known_cert;
if (current_cert == NULL) {
- known_cert = ssl_certificate_find (host);
+ known_cert = ssl_certificate_find (host, port);
if (known_cert == NULL) {
gint val;
if (known_cert == NULL) {
gint val;
{
X509 *x509_cert;
gchar *host;
{
X509 *x509_cert;
gchar *host;
-gboolean ssl_certificate_check (X509 *x509_cert, gchar *host);
+gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port);
#endif /* USE_SSL */
#endif /* SSL_CERTIFICATE_H */
#endif /* USE_SSL */
#endif /* SSL_CERTIFICATE_H */