aboutsummaryrefslogtreecommitdiffstats
path: root/camel/camel-tcp-stream-openssl.c
diff options
context:
space:
mode:
authorJeffrey Stedfast <fejj@ximian.com>2001-10-11 06:13:05 +0800
committerJeffrey Stedfast <fejj@src.gnome.org>2001-10-11 06:13:05 +0800
commitf3e2d67d4dc9211f7036618e0f272d9ef1f86915 (patch)
tree82bf4ff32aae3d0cc8fb608e5b3eeb684d2e9ac2 /camel/camel-tcp-stream-openssl.c
parent6f8c05ce9ed8b972ed6ee1f3129f9db7a032b885 (diff)
downloadgsoc2013-evolution-f3e2d67d4dc9211f7036618e0f272d9ef1f86915.tar
gsoc2013-evolution-f3e2d67d4dc9211f7036618e0f272d9ef1f86915.tar.gz
gsoc2013-evolution-f3e2d67d4dc9211f7036618e0f272d9ef1f86915.tar.bz2
gsoc2013-evolution-f3e2d67d4dc9211f7036618e0f272d9ef1f86915.tar.lz
gsoc2013-evolution-f3e2d67d4dc9211f7036618e0f272d9ef1f86915.tar.xz
gsoc2013-evolution-f3e2d67d4dc9211f7036618e0f272d9ef1f86915.tar.zst
gsoc2013-evolution-f3e2d67d4dc9211f7036618e0f272d9ef1f86915.zip
Same hack as below.
2001-10-10 Jeffrey Stedfast <fejj@ximian.com> * camel-tcp-stream-openssl.c (ssl_verify): Same hack as below. * camel-tcp-stream-ssl.c (ssl_bad_cert): Hack around the fact that adding a cert to nss's certdb seems to not work. svn path=/trunk/; revision=13575
Diffstat (limited to 'camel/camel-tcp-stream-openssl.c')
-rw-r--r--camel/camel-tcp-stream-openssl.c51
1 files changed, 51 insertions, 0 deletions
diff --git a/camel/camel-tcp-stream-openssl.c b/camel/camel-tcp-stream-openssl.c
index a940f2419a..f83b309de7 100644
--- a/camel/camel-tcp-stream-openssl.c
+++ b/camel/camel-tcp-stream-openssl.c
@@ -466,6 +466,51 @@ socket_connect (struct hostent *h, int port)
return fd;
}
+static void
+save_ssl_cert (const char *certid)
+{
+ char *path, *filename;
+ struct stat st;
+ int fd;
+
+ path = g_strdup_printf ("%s/.camel_certs", getenv ("HOME"));
+ if (mkdir (path, 0700) == -1) {
+ if (errno != EEXIST)
+ return;
+
+ if (stat (path, &st) == -1)
+ return;
+
+ if (!S_ISDIR (st.st_mode))
+ return;
+ }
+
+ filename = g_strdup_printf ("%s/%s", path, certid);
+ g_free (path);
+
+ fd = open (filename, O_WRONLY | O_CREAT);
+ if (fd != -1)
+ close (fd);
+
+ g_free (filename);
+}
+
+static gboolean
+ssl_cert_is_saved (const char *certid)
+{
+ char *filename;
+ int fd;
+
+ filename = g_strdup_printf ("%s/.camel_certs/%s", getenv ("HOME"), certid);
+
+ fd = open (filename, O_RDONLY);
+ g_free (filename);
+ if (fd != -1)
+ close (fd);
+
+ return fd != -1;
+}
+
static int
ssl_verify (int ok, X509_STORE_CTX *ctx)
{
@@ -481,6 +526,9 @@ ssl_verify (int ok, X509_STORE_CTX *ctx)
cert = X509_STORE_CTX_get_current_cert (ctx);
err = X509_STORE_CTX_get_error (ctx);
+ if (stream)
+ ok = ssl_cert_is_saved (stream->priv->expected_host);
+
if (!ok && stream) {
CamelService *service = stream->priv->service;
char *prompt, *cert_str;
@@ -499,6 +547,9 @@ ssl_verify (int ok, X509_STORE_CTX *ctx)
ok = camel_session_alert_user (service->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE);
g_free (prompt);
+
+ if (ok)
+ save_ssl_cert (stream->priv->expected_host);
}
return ok;