From ce37dab0912af36fd7b4c8e76760be6ebc32f11a Mon Sep 17 00:00:00 2001 From: Colin Leroy Date: Tue, 12 Nov 2002 12:38:52 +0000 Subject: [PATCH] use FQDN host in certificates --- ChangeLog.claws | 5 +++++ configure.in | 2 +- src/ssl_certificate.c | 32 +++++++++++++++++++++++--------- src/ssl_certificate.h | 2 ++ 4 files changed, 31 insertions(+), 10 deletions(-) diff --git a/ChangeLog.claws b/ChangeLog.claws index 0e587f67c..cd2da29e0 100644 --- a/ChangeLog.claws +++ b/ChangeLog.claws @@ -1,3 +1,8 @@ +2002-11-12 [colin] 0.8.5claws131 + + * src/ssl_certificate.[ch] + Use FQDN hostname + 2002-11-12 [colin] 0.8.5claws130 * src/ssl_certificate.[ch] diff --git a/configure.in b/configure.in index 4b7b4f141..dbc1e526c 100644 --- a/configure.in +++ b/configure.in @@ -11,7 +11,7 @@ MINOR_VERSION=8 MICRO_VERSION=5 INTERFACE_AGE=0 BINARY_AGE=0 -EXTRA_VERSION=claws130 +EXTRA_VERSION=claws131 VERSION=$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION$EXTRA_VERSION dnl set $target diff --git a/src/ssl_certificate.c b/src/ssl_certificate.c index 572bb20ff..1ef0c9f69 100644 --- a/src/ssl_certificate.c +++ b/src/ssl_certificate.c @@ -30,10 +30,21 @@ #include "utils.h" #include "intl.h" #include "prefs_common.h" +#include "socket.h" static void ssl_certificate_destroy(SSLCertificate *cert); static char *ssl_certificate_check_signer (X509 *cert); +static char * get_fqdn(char *host) +{ + struct hostent *hp; + hp = my_gethostbyname(host); + if (hp == NULL) + return g_strdup(host); /*caller should free*/ + else + return g_strdup(hp->h_name); +} + static char * readable_fingerprint(unsigned char *src, int len) { int i=0; @@ -64,9 +75,8 @@ SSLCertificate *ssl_certificate_new(X509 *x509_cert, gchar *host, gushort port) ssl_certificate_destroy(cert); return NULL; } - cert->x509_cert = X509_dup(x509_cert); - cert->host = g_strdup(host); + cert->host = get_fqdn(host); cert->port = port; return cert; } @@ -101,7 +111,7 @@ static void ssl_certificate_save (SSLCertificate *cert) } -static char* ssl_certificate_to_string(SSLCertificate *cert) +char* ssl_certificate_to_string(SSLCertificate *cert) { char *ret, buf[100]; char *issuer_commonname, *issuer_location, *issuer_organization; @@ -181,33 +191,37 @@ void ssl_certificate_destroy(SSLCertificate *cert) cert = NULL; } -static SSLCertificate *ssl_certificate_find (gchar *host, gushort port) +SSLCertificate *ssl_certificate_find (gchar *host, gushort port) { gchar *file; gchar *buf; + gchar *fqdn_host; SSLCertificate *cert = NULL; X509 *tmp_x509; FILE *fp; - + + fqdn_host = get_fqdn(host); buf = g_strdup_printf("%d", port); file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S, "certs", G_DIR_SEPARATOR_S, - host, ".", buf, ".cert", NULL); + fqdn_host, ".", buf, ".cert", NULL); g_free(buf); fp = fopen(file, "r"); if (fp == NULL) { g_free(file); + g_free(fqdn_host); return NULL; } if ((tmp_x509 = d2i_X509_fp(fp, 0)) != NULL) { - cert = ssl_certificate_new(tmp_x509, host, port); + cert = ssl_certificate_new(tmp_x509, fqdn_host, port); X509_free(tmp_x509); } fclose(fp); g_free(file); + g_free(fqdn_host); return cert; } @@ -281,7 +295,7 @@ gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port) cur_cert_str = ssl_certificate_to_string(current_cert); err_msg = g_strdup_printf(_("%s presented an unknown SSL certificate:\n%s"), - host, + current_cert->host, cur_cert_str); g_free (cur_cert_str); @@ -317,7 +331,7 @@ gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port) known_cert_str = ssl_certificate_to_string(known_cert); cur_cert_str = ssl_certificate_to_string(current_cert); err_msg = g_strdup_printf(_("%s's SSL certificate changed !\nWe have saved this one:\n%s\n\nIt is now:\n%s\n\nThis could mean the server answering is not the known one."), - host, + current_cert->host, known_cert_str, cur_cert_str); g_free (cur_cert_str); diff --git a/src/ssl_certificate.h b/src/ssl_certificate.h index 9c80d1500..6e0c8bc92 100644 --- a/src/ssl_certificate.h +++ b/src/ssl_certificate.h @@ -40,6 +40,8 @@ struct _SSLCertificate }; gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port); +SSLCertificate *ssl_certificate_find (gchar *host, gushort port); +char* ssl_certificate_to_string(SSLCertificate *cert); #endif /* USE_SSL */ #endif /* SSL_CERTIFICATE_H */ -- 2.25.1