aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--camel/camel-tcp-stream-ssl.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index 50e6aed152..b63586ac9c 100644
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -41,7 +41,10 @@
#include <cert.h>
#include <certdb.h>
#include <pk11func.h>
-#include <sechash.h>
+
+/* this is commented because otherwise we get an error about the
+ redefinition of MD5Context...yay */
+/*#include <e-util/md5-utils.h>*/
#include "camel-tcp-stream-ssl.h"
#include "camel-session.h"
@@ -403,10 +406,10 @@ static SECStatus
ssl_bad_cert (void *data, PRFileDesc *sockfd)
{
unsigned char md5sum[16], fingerprint[40], *f;
- CERTCertificate *cert, *issuer;
gboolean accept, valid_cert;
char *prompt, *cert_str;
CamelTcpStreamSSL *ssl;
+ CERTCertificate *cert;
CamelService *service;
int i;
@@ -423,13 +426,14 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
cert = SSL_PeerCertificate (sockfd);
/* calculate the MD5 hash of the raw certificate */
- /*md5_get_digest (cert->derCert.data, cert->derCert.len, md5sum);*/
- HASH_HashBuf (HASH_AlgMD5, md5sum, cert->derCert.data, cert->derCert.len);
+ md5_get_digest (cert->derCert.data, cert->derCert.len, md5sum);
+ /*HASH_HashBuf (HASH_AlgMD5, md5sum, cert->derCert.data, cert->derCert.len);*/
for (i = 0, f = fingerprint; i < 16; i++, f += 3)
sprintf (f, "%.2x%c", md5sum[i], i != 15 ? ':' : '\0');
- issuer = CERT_FindCertByName (CERT_GetDefaultCertDB (), &cert->derIssuer);
- valid_cert = issuer && CERT_VerifySignedData (&cert->signatureWrap, issuer, PR_Now (), NULL);
+ valid_cert = CERT_VerifyCertNow (CERT_GetDefaultCertDB (), cert, TRUE, certUsageSSLClient, NULL);
+ /*issuer = CERT_FindCertByName (CERT_GetDefaultCertDB (), &cert->derIssuer);
+ valid_cert = issuer && CERT_VerifySignedData (&cert->signatureWrap, issuer, PR_Now (), NULL);*/
cert_str = g_strdup_printf (_("Issuer: %s\n"
"Subject: %s\n"