diff options
| author | Jeffrey Stedfast <fejj@ximian.com> | 2002-07-31 03:16:11 +0800 |
|---|---|---|
| committer | Jeffrey Stedfast <fejj@src.gnome.org> | 2002-07-31 03:16:11 +0800 |
| commit | b0633536f2b5e11a1a1ab032bad38218c31173db (patch) | |
| tree | 69da48419125f8df2b6fe07166fd526b5353d20a /camel/camel-tcp-stream-ssl.c | |
| parent | edc715415f16324b248eca2067d2700042a27ed4 (diff) | |
| download | gsoc2013-evolution-b0633536f2b5e11a1a1ab032bad38218c31173db.tar.gz gsoc2013-evolution-b0633536f2b5e11a1a1ab032bad38218c31173db.tar.zst gsoc2013-evolution-b0633536f2b5e11a1a1ab032bad38218c31173db.zip | |
New source file implementing a very basic certificate database. This is
2002-07-30 Jeffrey Stedfast <fejj@ximian.com>
* camel-certdb.c: New source file implementing a very basic
certificate database. This is mostly just here because the Mozilla
NSS certdb seems to not be working for everyone's Evolution
install (works fine for me and Ettore but not many other people).
* camel-tcp-stream-ssl.c (ssl_bad_cert): If we have this
certificate in our own CamelCertDB, then get the trust value from
that and only prompt the user if the trust is unknown.
* camel-tcp-stream-openssl.c (ssl_verify): Same.
* camel.c (camel_init): Create our default certdb.
svn path=/trunk/; revision=17642
Diffstat (limited to 'camel/camel-tcp-stream-ssl.c')
| -rw-r--r-- | camel/camel-tcp-stream-ssl.c | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c index 31a69eb371..15b3dcd8fb 100644 --- a/camel/camel-tcp-stream-ssl.c +++ b/camel/camel-tcp-stream-ssl.c @@ -27,6 +27,7 @@ * will be used instead. */ + #ifdef HAVE_CONFIG_H #include <config.h> #endif @@ -55,7 +56,7 @@ #include "camel-tcp-stream-ssl.h" #include "camel-session.h" - +#include "camel-certdb.h" /* from md5-utils.h */ void md5_get_digest (const char *buffer, int buffer_size, unsigned char digest[16]); @@ -468,6 +469,8 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd) { unsigned char md5sum[16], fingerprint[40], *f; gboolean accept, valid_cert; + CamelCertDB *certdb = NULL; + CamelCert *ccert = NULL; char *prompt, *cert_str; CamelTcpStreamSSL *ssl; CERTCertificate *cert; @@ -492,6 +495,32 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd) /*issuer = CERT_FindCertByName (CERT_GetDefaultCertDB (), &cert->derIssuer); valid_cert = issuer && CERT_VerifySignedData (&cert->signatureWrap, issuer, PR_Now (), NULL);*/ + /* first check our own certificate database to see if we accepted the cert (nss's certdb seems to not work) */ + certdb = camel_certdb_get_default (); + if (certdb) { + ccert = camel_certdb_get_cert (certdb, fingerprint); + if (ccert) { + if (ccert->trust != CAMEL_CERT_TRUST_UNKNOWN) { + accept = ccert->trust != CAMEL_CERT_TRUST_NEVER; + camel_certdb_cert_unref (certdb, ccert); + camel_object_unref (certdb); + + return accept ? SECSuccess : SECFailure; + } + } else { + /* create a new camel-cert */ + ccert = camel_certdb_cert_new (certdb); + camel_cert_set_issuer (certdb, ccert, CERT_NameToAscii (&cert->issuer)); + camel_cert_set_subject (certdb, ccert, CERT_NameToAscii (&cert->subject)); + camel_cert_set_hostname (certdb, ccert, ssl->priv->expected_host); + camel_cert_set_fingerprint (certdb, ccert, fingerprint); + camel_cert_set_trust (certdb, ccert, CAMEL_CERT_TRUST_UNKNOWN); + + /* Add the certificate to our db */ + camel_certdb_add (certdb, ccert); + } + } + cert_str = g_strdup_printf (_("Issuer: %s\n" "Subject: %s\n" "Fingerprint: %s\n" @@ -533,10 +562,19 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd) CERT_ImportCerts (CERT_GetDefaultCertDB (), certUsageSSLServer, 1, certs, NULL, TRUE, FALSE, cert->nickname); #endif - return SECSuccess; + + if (ccert) { + camel_cert_set_trust (certdb, ccert, CAMEL_CERT_TRUST_FULLY); + camel_certdb_touch (certdb); + } + } + + if (certdb) { + camel_certdb_cert_unref (certdb, ccert); + camel_object_unref (certdb); } - return SECFailure; + return accept ? SECSuccess : SECFailure; } static PRFileDesc * |