diff options
-rw-r--r-- | camel/ChangeLog | 7 | ||||
-rw-r--r-- | camel/camel-tcp-stream-ssl.c | 55 |
2 files changed, 7 insertions, 55 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog index 23d5f21e78..6c64fa7bdb 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,5 +1,12 @@ 2002-03-05 Jeffrey Stedfast <fejj@ximian.com> + * camel-tcp-stream-ssl.c (save_ssl_cert): Removed. Glory glory + hallelujah! + (ssl_bad_cert): No longer calls ssl_save_cert or + ssl_cert_is_saved. + +2002-03-05 Jeffrey Stedfast <fejj@ximian.com> + * camel-tcp-stream-openssl.c (camel_tcp_stream_openssl_new_raw): Start the ssl stream off in non-ssl mode (useful for STARTTLS). (camel_tcp_stream_openssl_enable_ssl): New function to toggle an diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c index 9b467b3463..7f914c8734 100644 --- a/camel/camel-tcp-stream-ssl.c +++ b/camel/camel-tcp-stream-ssl.c @@ -426,53 +426,6 @@ ssl_auth_cert (void *data, PRFileDesc *sockfd, PRBool checksig, PRBool is_server } #endif -static void -save_ssl_cert (const char *certid) -{ - char *path, *filename; - struct stat st; - int fd; - - path = g_strdup_printf ("%s/.camel_certs", getenv ("HOME")); - if (mkdir (path, 0700) == -1) { - if (errno != EEXIST) - return; - - if (stat (path, &st) == -1) - return; - - if (!S_ISDIR (st.st_mode)) - return; - } - - filename = g_strdup_printf ("%s/%s", path, certid); - g_free (path); - - fd = open (filename, O_WRONLY | O_CREAT, 0600); - if (fd != -1) - close (fd); - - g_free (filename); -} - -static gboolean -ssl_cert_is_saved (const char *certid) -{ - char *filename; - struct stat st; - - filename = g_strdup_printf ("%s/.camel_certs/%s", getenv ("HOME"), certid); - - if (stat (filename, &st) == -1) { - g_free (filename); - return FALSE; - } - - g_free (filename); - - return st.st_uid == getuid (); -} - static SECStatus ssl_bad_cert (void *data, PRFileDesc *sockfd) { @@ -490,10 +443,6 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd) ssl = CAMEL_TCP_STREAM_SSL (data); service = ssl->priv->service; - /* this is part of a work-around hack */ - if (ssl_cert_is_saved (ssl->priv->expected_host)) - return SECSuccess; - cert = SSL_PeerCertificate (sockfd); /* calculate the MD5 hash of the raw certificate */ @@ -546,10 +495,6 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd) CERT_ImportCerts (CERT_GetDefaultCertDB (), certUsageSSLServer, 1, certs, NULL, TRUE, FALSE, cert->nickname); - - /* and since the above code doesn't seem to - work... time for a good ol' fashioned hack */ - save_ssl_cert (ssl->priv->expected_host); #endif return SECSuccess; } |