Return -1 on fail. (camel_filter_driver_filter_folder): Same.

2001-03-21  Jeffrey Stedfast  <fejj@ximian.com>

	* camel-filter-driver.c (camel_filter_driver_filter_message):
	Return -1 on fail.
	(camel_filter_driver_filter_folder): Same.
	(camel_filter_driver_filter_mbox): Same.
	(camel_filter_driver_filter_folder): Return -1 if an exception was
	set as well.

2001-03-19  Jeffrey Stedfast  <fejj@ximian.com>

	* camel-tcp-stream-openssl.c (camel_tcp_stream_openssl_finalize):
	Free the expected host.
	(camel_tcp_stream_openssl_new): Now takes a Service and an
	expected_host. Set them.

svn path=/trunk/; revision=8871

1 files changed, 20 insertions, 7 deletions

diff --git a/camel/camel-tcp-stream-openssl.c b/camel/camel-tcp-stream-openssl.c
index 1830c8dab6..39a42d615b 100644
--- a/camel/camel-tcp-stream-openssl.c
+++ b/camel/camel-tcp-stream-openssl.c
@@ -53,6 +53,9 @@ static gpointer stream_get_socket (CamelTcpStream *stream);
 struct _CamelTcpStreamOpenSSLPrivate {
 	int sockfd;
 	SSL *ssl;
+	
+	CamelService *service;
+	char *expected_host;
 };
 
 static void
@@ -82,9 +85,8 @@ camel_tcp_stream_openssl_init (gpointer object, gpointer klass)
 {
 	CamelTcpStreamOpenSSL *stream = CAMEL_TCP_STREAM_OPENSSL (object);
 	
-	stream->priv = g_new (struct _CamelTcpStreamOpenSSLPrivate, 1);
+	stream->priv = g_new0 (struct _CamelTcpStreamOpenSSLPrivate, 1);
 	stream->priv->sockfd = -1;
-	stream->priv->ssl = NULL;
 }
 
 static void
@@ -104,6 +106,8 @@ camel_tcp_stream_openssl_finalize (CamelObject *object)
 	if (stream->priv->sockfd != -1)
 		close (stream->priv->sockfd);
 	
+	g_free (stream->priv->expected_host);
+	
 	g_free (stream->priv);
 }
 
@@ -130,16 +134,25 @@ camel_tcp_stream_openssl_get_type (void)
 
 /**
  * camel_tcp_stream_openssl_new:
+ * @service: camel service
+ * @expected_host: host that the stream is expecting to connect with.
+ *
+ * Since the SSL certificate authenticator may need to prompt the
+ * user, a CamelService is needed. @expected_host is needed as a
+ * protection against an MITM attack.
  *
  * Return value: a tcp stream
  **/
 CamelStream *
-camel_tcp_stream_openssl_new ()
+camel_tcp_stream_openssl_new (CamelService *service, const char *expected_host)
 {
 	CamelTcpStreamOpenSSL *stream;
 	
 	stream = CAMEL_TCP_STREAM_OPENSSL (camel_object_new (camel_tcp_stream_openssl_get_type ()));
 	
+	stream->priv->service = service;
+	stream->priv->expected_host = g_strdup (expected_host);
+	
 	return CAMEL_STREAM (stream);
 }
 
@@ -360,7 +373,7 @@ socket_connect (struct hostent *h, int port)
 }
 
 static int
-verify_callback (int ok, X509_STORE_CTX *ctx) 
+ssl_verify (int ok, X509_STORE_CTX *ctx)
 {
 	char *str, buf[256];
 	X509 *cert;
@@ -392,7 +405,7 @@ verify_callback (int ok, X509_STORE_CTX *ctx)
 }
 
 static SSL *
-open_ssl_connection (int sockfd)
+open_ssl_connection (CamelService *service, int sockfd)
 {
 	SSL_CTX *ssl_ctx = NULL;
 	SSL *ssl = NULL;
@@ -400,7 +413,7 @@ open_ssl_connection (int sockfd)
 	
 	/* SSLv23_client_method will negotiate with SSL v2, v3, or TLS v1 */
 	ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
-	SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &verify_cb);
+	SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &ssl_verify);
 	ssl = SSL_new (ssl_ctx);
 	SSL_set_fd (ssl, sockfd);
 	
@@ -431,7 +444,7 @@ stream_connect (CamelTcpStream *stream, struct hostent *host, int port)
 	if (fd == -1)
 		return -1;
 	
-	ssl = open_ssl_connection (sockfd);
+	ssl = open_ssl_connection (stream->priv->service, sockfd);
 	if (!ssl)
 		return -1;