diff options
author | Jeffrey Stedfast <fejj@ximian.com> | 2001-01-16 15:19:49 +0800 |
---|---|---|
committer | Jeffrey Stedfast <fejj@src.gnome.org> | 2001-01-16 15:19:49 +0800 |
commit | 405f1c52290c72da9108d637d6b69cd33c296b80 (patch) | |
tree | 790fa0ad398b2d6f68565e723de635a18098fd02 /camel/camel-tcp-stream-ssl.c | |
parent | 1511e09691ffb94c99b7e2343162aefd4d298f9d (diff) | |
download | gsoc2013-evolution-405f1c52290c72da9108d637d6b69cd33c296b80.tar.gz gsoc2013-evolution-405f1c52290c72da9108d637d6b69cd33c296b80.tar.zst gsoc2013-evolution-405f1c52290c72da9108d637d6b69cd33c296b80.zip |
Ugh, this design is ugly like my butt.
2001-01-16 Jeffrey Stedfast <fejj@ximian.com>
Ugh, this design is ugly like my butt.
* camel-session.c (camel_session_query_cert_authenticator): New
function which will be useful when we integrate SSL.
* camel-tcp-stream-ssl.c (ssl_auth_cert): Callback to authenticate
a certificate.
(ssl_bad_cert): Callback that gets the reason the certificate is
bad and then calls camel's cert-authenticator callback to notify
the user and to allow the user to override the check.
(stream_connect): Set the URL we expect to connect with and setup
the auth_cert and bad_cert callbacks.
(camel_tcp_stream_ssl_new): Now takes a CamelSession and a
expected_host argument that it will use for certificate
authentication.
(camel_tcp_stream_ssl_finalize): Unref the session and free the
expected_host.
svn path=/trunk/; revision=7531
Diffstat (limited to 'camel/camel-tcp-stream-ssl.c')
-rw-r--r-- | camel/camel-tcp-stream-ssl.c | 56 |
1 files changed, 55 insertions, 1 deletions
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c index 42255562bc..e9afb768bc 100644 --- a/camel/camel-tcp-stream-ssl.c +++ b/camel/camel-tcp-stream-ssl.c @@ -44,6 +44,12 @@ static int stream_connect (CamelTcpStream *stream, struct hostent *host, int static int stream_getsockopt (CamelTcpStream *stream, CamelSockOptData *data); static int stream_setsockopt (CamelTcpStream *stream, const CamelSockOptData *data); +/* callbacks */ + +static SECStatus ssl_bad_cert (void *data, PRFileDesc *fd); +static SECStatus ssl_auth_cert (void *data, PRFileDesc *fd, PRBool checksig, PRBool is_server); + + static void camel_tcp_stream_ssl_class_init (CamelTcpStreamSSLClass *camel_tcp_stream_ssl_class) { @@ -71,6 +77,8 @@ camel_tcp_stream_ssl_init (gpointer object, gpointer klass) CamelTcpStreamSSL *stream = CAMEL_TCP_STREAM_SSL (object); stream->sockfd = NULL; + stream->session = NULL; + stream->expected_host = NULL; } static void @@ -80,6 +88,9 @@ camel_tcp_stream_ssl_finalize (CamelObject *object) if (stream->sockfd != NULL) PR_Close (stream->sockfd); + + camel_object_unref (CAMEL_OBJECT (stream->session)); + g_free (stream->expected_host); } @@ -105,16 +116,26 @@ camel_tcp_stream_ssl_get_type (void) /** * camel_tcp_stream_ssl_new: + * @session: camel session + * @expected_host: host that the stream is expected to connect with. + * + * Since the SSL certificate authenticator may need to prompt the + * user, a CamelSession is needed. #expected_host is needed as a + * protection against an MITM attack. * * Return value: a tcp stream **/ CamelStream * -camel_tcp_stream_ssl_new () +camel_tcp_stream_ssl_new (CamelSession *session, const char *expected_host) { CamelTcpStreamSSL *stream; stream = CAMEL_TCP_STREAM_SSL (camel_object_new (camel_tcp_stream_ssl_get_type ())); + camel_object_ref (CAMEL_OBJECT (session)); + stream->session = session; + stream->expected_host = g_strdup (expected_host); + return CAMEL_STREAM (stream); } @@ -167,6 +188,34 @@ stream_close (CamelStream *stream) } +static SECStatus +ssl_auth_cert (void *data, PRFileDesc *fd, PRBool checksig, PRBool is_server) +{ + return SSL_AuthCertificate (NULL, fd, TRUE, FALSE); +} + +static SECStatus +ssl_bad_cert (void *data, PRFileDesc *fd) +{ + CamelSession *session; + char *string; + PRInt32 len; + + g_return_val_if_fail (data != NULL, SECFailure); + g_return_val_if_fail (CAMEL_IS_SESSION (data), SECFailure); + + /* FIXME: International issues here?? */ + len = PR_GetErrorTextLen (PR_GetError ()); + string = g_malloc0 (len); + PR_GetErrorText (string); + + session = CAMEL_SESSION (data); + if (camel_session_query_cert_authenticator (session, string)) + return SECSuccess; + + return SECFailure; +} + static int stream_connect (CamelTcpStream *stream, struct hostent *host, int port) { @@ -186,6 +235,8 @@ stream_connect (CamelTcpStream *stream, struct hostent *host, int port) fd = PR_OpenTCPSocket (host->h_addrtype); ssl_fd = SSL_ImportFD (NULL, fd); + SSL_SetUrl (ssl_fd, ssl->expected_host); + if (ssl_fd == NULL || PR_Connect (ssl_fd, &netaddr, timeout) == PR_FAILURE) { if (ssl_fd != NULL) PR_Close (ssl_fd); @@ -193,6 +244,9 @@ stream_connect (CamelTcpStream *stream, struct hostent *host, int port) return -1; } + SSL_AuthCertificateHook (ssl_fd, ssl_auth_cert, NULL); + SSL_BadCertHook (ssl_fd, ssl_bad_cert, ssl->session); + ssl->sockfd = ssl_fd; return 0; |