diff options
author | Jeffrey Stedfast <fejj@ximian.com> | 2001-08-29 04:41:01 +0800 |
---|---|---|
committer | Jeffrey Stedfast <fejj@src.gnome.org> | 2001-08-29 04:41:01 +0800 |
commit | fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0 (patch) | |
tree | a9156f3346b9577fdf30474179ad08b37cde9c4c /camel/camel-tcp-stream-ssl.c | |
parent | 61b4c7ffee31357507683b7b0e1d1dc0d1e0f58e (diff) | |
download | gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar.gz gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar.bz2 gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar.lz gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar.xz gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar.zst gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.zip |
If the user accepts the certificate, add it to the database as a trusted
2001-08-28 Jeffrey Stedfast <fejj@ximian.com>
* camel-tcp-stream-ssl.c (ssl_bad_cert): If the user accepts the
certificate, add it to the database as a trusted CA.
svn path=/trunk/; revision=12502
Diffstat (limited to 'camel/camel-tcp-stream-ssl.c')
-rw-r--r-- | camel/camel-tcp-stream-ssl.c | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c index cc41aaaa88..ac0edea31e 100644 --- a/camel/camel-tcp-stream-ssl.c +++ b/camel/camel-tcp-stream-ssl.c @@ -38,6 +38,8 @@ #include <prerr.h> #include "nss.h" /* Don't use <> here or it will include the system nss.h instead */ #include <ssl.h> +#include <cert.h> +#include <certdb.h> #include "camel-tcp-stream-ssl.h" #include "camel-session.h" @@ -333,6 +335,7 @@ ssl_auth_cert (void *data, PRFileDesc *sockfd, PRBool checksig, PRBool is_server static SECStatus ssl_bad_cert (void *data, PRFileDesc *sockfd) { + CamelTcpStreamSSL *ssl; CERTCertificate *cert; CamelService *service; char *prompt, *cert_str; @@ -341,7 +344,8 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd) g_return_val_if_fail (data != NULL, SECFailure); g_return_val_if_fail (CAMEL_IS_SERVICE (data), SECFailure); - service = CAMEL_SERVICE (data); + ssl = CAMEL_TCP_STREAM_SSL (data); + service = ssl->priv->service; cert = SSL_PeerCertificate (sockfd); @@ -369,8 +373,28 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd) accept = camel_session_alert_user (service->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE); g_free (prompt); - if (accept) + if (accept) { + CERTCertificate *temp; + CERTCertTrust *trust; + PK11SlotInfo *slot; + char *nickname; + + nickname = CERT_MakeCANickname (cert); + + slot = PK11_GetInternalKeySlot (); + + trust = PORT_ZAlloc (sizeof (CERTCertTrust)); + trust->sslFlags = CERTDB_TRUSTED_CA | CERTDB_VALID_CA; + + temp = CERT_NewTempCertificate (ssl->priv->certdb, &cert->derCert, NULL, PR_FALSE, PR_TRUE); + + CERT_AddTempCertToPerm (temp, nickname, trust); + + CERT_DestroyCertificate (temp); + PORT_Free (nickname); + return SECSuccess; + } return SECFailure; } @@ -406,7 +430,7 @@ stream_connect (CamelTcpStream *stream, struct hostent *host, int port) /*SSL_GetClientAuthDataHook (sslSocket, ssl_get_client_auth, (void *)certNickname);*/ /*SSL_AuthCertificateHook (ssl_fd, ssl_auth_cert, (void *) CERT_GetDefaultCertDB ());*/ - SSL_BadCertHook (ssl_fd, ssl_bad_cert, ssl->priv->service); + SSL_BadCertHook (ssl_fd, ssl_bad_cert, ssl); ssl->priv->sockfd = ssl_fd; |