aboutsummaryrefslogtreecommitdiffstats
path: root/camel/camel-tcp-stream-ssl.c
diff options
context:
space:
mode:
authorJeffrey Stedfast <fejj@ximian.com>2001-08-29 04:41:01 +0800
committerJeffrey Stedfast <fejj@src.gnome.org>2001-08-29 04:41:01 +0800
commitfb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0 (patch)
treea9156f3346b9577fdf30474179ad08b37cde9c4c /camel/camel-tcp-stream-ssl.c
parent61b4c7ffee31357507683b7b0e1d1dc0d1e0f58e (diff)
downloadgsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar
gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar.gz
gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar.bz2
gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar.lz
gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar.xz
gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.tar.zst
gsoc2013-evolution-fb7ab0fcbe4e9911f2a0936b4b5cfd4cacccaaf0.zip
If the user accepts the certificate, add it to the database as a trusted
2001-08-28 Jeffrey Stedfast <fejj@ximian.com> * camel-tcp-stream-ssl.c (ssl_bad_cert): If the user accepts the certificate, add it to the database as a trusted CA. svn path=/trunk/; revision=12502
Diffstat (limited to 'camel/camel-tcp-stream-ssl.c')
-rw-r--r--camel/camel-tcp-stream-ssl.c30
1 files changed, 27 insertions, 3 deletions
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index cc41aaaa88..ac0edea31e 100644
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -38,6 +38,8 @@
#include <prerr.h>
#include "nss.h" /* Don't use <> here or it will include the system nss.h instead */
#include <ssl.h>
+#include <cert.h>
+#include <certdb.h>
#include "camel-tcp-stream-ssl.h"
#include "camel-session.h"
@@ -333,6 +335,7 @@ ssl_auth_cert (void *data, PRFileDesc *sockfd, PRBool checksig, PRBool is_server
static SECStatus
ssl_bad_cert (void *data, PRFileDesc *sockfd)
{
+ CamelTcpStreamSSL *ssl;
CERTCertificate *cert;
CamelService *service;
char *prompt, *cert_str;
@@ -341,7 +344,8 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
g_return_val_if_fail (data != NULL, SECFailure);
g_return_val_if_fail (CAMEL_IS_SERVICE (data), SECFailure);
- service = CAMEL_SERVICE (data);
+ ssl = CAMEL_TCP_STREAM_SSL (data);
+ service = ssl->priv->service;
cert = SSL_PeerCertificate (sockfd);
@@ -369,8 +373,28 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
accept = camel_session_alert_user (service->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE);
g_free (prompt);
- if (accept)
+ if (accept) {
+ CERTCertificate *temp;
+ CERTCertTrust *trust;
+ PK11SlotInfo *slot;
+ char *nickname;
+
+ nickname = CERT_MakeCANickname (cert);
+
+ slot = PK11_GetInternalKeySlot ();
+
+ trust = PORT_ZAlloc (sizeof (CERTCertTrust));
+ trust->sslFlags = CERTDB_TRUSTED_CA | CERTDB_VALID_CA;
+
+ temp = CERT_NewTempCertificate (ssl->priv->certdb, &cert->derCert, NULL, PR_FALSE, PR_TRUE);
+
+ CERT_AddTempCertToPerm (temp, nickname, trust);
+
+ CERT_DestroyCertificate (temp);
+ PORT_Free (nickname);
+
return SECSuccess;
+ }
return SECFailure;
}
@@ -406,7 +430,7 @@ stream_connect (CamelTcpStream *stream, struct hostent *host, int port)
/*SSL_GetClientAuthDataHook (sslSocket, ssl_get_client_auth, (void *)certNickname);*/
/*SSL_AuthCertificateHook (ssl_fd, ssl_auth_cert, (void *) CERT_GetDefaultCertDB ());*/
- SSL_BadCertHook (ssl_fd, ssl_bad_cert, ssl->priv->service);
+ SSL_BadCertHook (ssl_fd, ssl_bad_cert, ssl);
ssl->priv->sockfd = ssl_fd;