aboutsummaryrefslogtreecommitdiffstats
path: root/camel/camel-tcp-stream-openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'camel/camel-tcp-stream-openssl.c')
-rw-r--r--camel/camel-tcp-stream-openssl.c27
1 files changed, 20 insertions, 7 deletions
diff --git a/camel/camel-tcp-stream-openssl.c b/camel/camel-tcp-stream-openssl.c
index 1830c8dab6..39a42d615b 100644
--- a/camel/camel-tcp-stream-openssl.c
+++ b/camel/camel-tcp-stream-openssl.c
@@ -53,6 +53,9 @@ static gpointer stream_get_socket (CamelTcpStream *stream);
struct _CamelTcpStreamOpenSSLPrivate {
int sockfd;
SSL *ssl;
+
+ CamelService *service;
+ char *expected_host;
};
static void
@@ -82,9 +85,8 @@ camel_tcp_stream_openssl_init (gpointer object, gpointer klass)
{
CamelTcpStreamOpenSSL *stream = CAMEL_TCP_STREAM_OPENSSL (object);
- stream->priv = g_new (struct _CamelTcpStreamOpenSSLPrivate, 1);
+ stream->priv = g_new0 (struct _CamelTcpStreamOpenSSLPrivate, 1);
stream->priv->sockfd = -1;
- stream->priv->ssl = NULL;
}
static void
@@ -104,6 +106,8 @@ camel_tcp_stream_openssl_finalize (CamelObject *object)
if (stream->priv->sockfd != -1)
close (stream->priv->sockfd);
+ g_free (stream->priv->expected_host);
+
g_free (stream->priv);
}
@@ -130,16 +134,25 @@ camel_tcp_stream_openssl_get_type (void)
/**
* camel_tcp_stream_openssl_new:
+ * @service: camel service
+ * @expected_host: host that the stream is expecting to connect with.
+ *
+ * Since the SSL certificate authenticator may need to prompt the
+ * user, a CamelService is needed. @expected_host is needed as a
+ * protection against an MITM attack.
*
* Return value: a tcp stream
**/
CamelStream *
-camel_tcp_stream_openssl_new ()
+camel_tcp_stream_openssl_new (CamelService *service, const char *expected_host)
{
CamelTcpStreamOpenSSL *stream;
stream = CAMEL_TCP_STREAM_OPENSSL (camel_object_new (camel_tcp_stream_openssl_get_type ()));
+ stream->priv->service = service;
+ stream->priv->expected_host = g_strdup (expected_host);
+
return CAMEL_STREAM (stream);
}
@@ -360,7 +373,7 @@ socket_connect (struct hostent *h, int port)
}
static int
-verify_callback (int ok, X509_STORE_CTX *ctx)
+ssl_verify (int ok, X509_STORE_CTX *ctx)
{
char *str, buf[256];
X509 *cert;
@@ -392,7 +405,7 @@ verify_callback (int ok, X509_STORE_CTX *ctx)
}
static SSL *
-open_ssl_connection (int sockfd)
+open_ssl_connection (CamelService *service, int sockfd)
{
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
@@ -400,7 +413,7 @@ open_ssl_connection (int sockfd)
/* SSLv23_client_method will negotiate with SSL v2, v3, or TLS v1 */
ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
- SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &verify_cb);
+ SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &ssl_verify);
ssl = SSL_new (ssl_ctx);
SSL_set_fd (ssl, sockfd);
@@ -431,7 +444,7 @@ stream_connect (CamelTcpStream *stream, struct hostent *host, int port)
if (fd == -1)
return -1;
- ssl = open_ssl_connection (sockfd);
+ ssl = open_ssl_connection (stream->priv->service, sockfd);
if (!ssl)
return -1;