From fed0490e74911463cc25cba2a673dbaa1c65211d Mon Sep 17 00:00:00 2001 From: Colin Leroy Date: Tue, 12 Nov 2002 10:20:22 +0000 Subject: [PATCH] add port to certificate checker (sorry for once more breaking registered certificates :( ) --- ChangeLog.claws | 10 ++++++++++ configure.in | 2 +- src/ssl.c | 2 +- src/ssl_certificate.c | 26 ++++++++++++++++---------- src/ssl_certificate.h | 3 ++- 5 files changed, 30 insertions(+), 13 deletions(-) diff --git a/ChangeLog.claws b/ChangeLog.claws index 6cff21b0b..0e587f67c 100644 --- a/ChangeLog.claws +++ b/ChangeLog.claws @@ -1,3 +1,13 @@ +2002-11-12 [colin] 0.8.5claws130 + + * src/ssl_certificate.[ch] + Take connection port into account for + checking certificates (a single hostname + could have multiple servers with multiple + certificates) + * src/ssl.c + Pass the port to ssl_certificate_check + 2002-11-12 [paul] 0.8.5claws129 * src/folder.c diff --git a/configure.in b/configure.in index 28eccc490..4b7b4f141 100644 --- a/configure.in +++ b/configure.in @@ -11,7 +11,7 @@ MINOR_VERSION=8 MICRO_VERSION=5 INTERFACE_AGE=0 BINARY_AGE=0 -EXTRA_VERSION=claws129 +EXTRA_VERSION=claws130 VERSION=$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION$EXTRA_VERSION dnl set $target diff --git a/src/ssl.c b/src/ssl.c index 038786cac..653cc4419 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -119,7 +119,7 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method) /* Get server's certificate (note: beware of dynamic allocation) */ if ((server_cert = SSL_get_peer_certificate(sockinfo->ssl)) != NULL) { - ret = ssl_certificate_check (server_cert, sockinfo->hostname); + ret = ssl_certificate_check (server_cert, sockinfo->hostname, sockinfo->port); X509_free(server_cert); } else { printf("server_cert is NULL ! this _should_not_ happen !\n"); diff --git a/src/ssl_certificate.c b/src/ssl_certificate.c index 1eb29aaad..572bb20ff 100644 --- a/src/ssl_certificate.c +++ b/src/ssl_certificate.c @@ -56,7 +56,7 @@ static char * readable_fingerprint(unsigned char *src, int len) return ret; } -SSLCertificate *ssl_certificate_new(X509 *x509_cert, gchar *host) +SSLCertificate *ssl_certificate_new(X509 *x509_cert, gchar *host, gushort port) { SSLCertificate *cert = g_new0(SSLCertificate, 1); @@ -67,13 +67,15 @@ SSLCertificate *ssl_certificate_new(X509 *x509_cert, gchar *host) cert->x509_cert = X509_dup(x509_cert); cert->host = g_strdup(host); + cert->port = port; return cert; } static void ssl_certificate_save (SSLCertificate *cert) { - gchar *file; + gchar *file, *port; FILE *fp; + file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S, "certs", G_DIR_SEPARATOR_S, NULL); @@ -81,10 +83,12 @@ static void ssl_certificate_save (SSLCertificate *cert) make_dir_hier(file); g_free(file); + port = g_strdup_printf("%d", cert->port); file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S, "certs", G_DIR_SEPARATOR_S, - cert->host, ".cert", NULL); + cert->host, ".", port, ".cert", NULL); + g_free(port); fp = fopen(file, "w"); if (fp == NULL) { g_free(file); @@ -177,18 +181,20 @@ void ssl_certificate_destroy(SSLCertificate *cert) cert = NULL; } -static SSLCertificate *ssl_certificate_find (gchar *host) +static SSLCertificate *ssl_certificate_find (gchar *host, gushort port) { gchar *file; - gchar buf[1024], *subject, *issuer, *fingerprint; + gchar *buf; SSLCertificate *cert = NULL; X509 *tmp_x509; FILE *fp; + buf = g_strdup_printf("%d", port); file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S, "certs", G_DIR_SEPARATOR_S, - host, ".cert", NULL); + host, ".", buf, ".cert", NULL); + g_free(buf); fp = fopen(file, "r"); if (fp == NULL) { g_free(file); @@ -197,7 +203,7 @@ static SSLCertificate *ssl_certificate_find (gchar *host) if ((tmp_x509 = d2i_X509_fp(fp, 0)) != NULL) { - cert = ssl_certificate_new(tmp_x509, host); + cert = ssl_certificate_new(tmp_x509, host, port); X509_free(tmp_x509); } fclose(fp); @@ -256,9 +262,9 @@ static char *ssl_certificate_check_signer (X509 *cert) return NULL; } -gboolean ssl_certificate_check (X509 *x509_cert, gchar *host) +gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port) { - SSLCertificate *current_cert = ssl_certificate_new(x509_cert, host); + SSLCertificate *current_cert = ssl_certificate_new(x509_cert, host, port); SSLCertificate *known_cert; if (current_cert == NULL) { @@ -266,7 +272,7 @@ gboolean ssl_certificate_check (X509 *x509_cert, gchar *host) return FALSE; } - known_cert = ssl_certificate_find (host); + known_cert = ssl_certificate_find (host, port); if (known_cert == NULL) { gint val; diff --git a/src/ssl_certificate.h b/src/ssl_certificate.h index ad2e4bc43..9c80d1500 100644 --- a/src/ssl_certificate.h +++ b/src/ssl_certificate.h @@ -36,9 +36,10 @@ struct _SSLCertificate { X509 *x509_cert; gchar *host; + gushort port; }; -gboolean ssl_certificate_check (X509 *x509_cert, gchar *host); +gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port); #endif /* USE_SSL */ #endif /* SSL_CERTIFICATE_H */ -- 2.25.1