aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--camel/ChangeLog7
-rw-r--r--camel/camel-tcp-stream-ssl.c55
2 files changed, 7 insertions, 55 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog
index 23d5f21e78..6c64fa7bdb 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -1,5 +1,12 @@
2002-03-05 Jeffrey Stedfast <fejj@ximian.com>
+ * camel-tcp-stream-ssl.c (save_ssl_cert): Removed. Glory glory
+ hallelujah!
+ (ssl_bad_cert): No longer calls ssl_save_cert or
+ ssl_cert_is_saved.
+
+2002-03-05 Jeffrey Stedfast <fejj@ximian.com>
+
* camel-tcp-stream-openssl.c (camel_tcp_stream_openssl_new_raw):
Start the ssl stream off in non-ssl mode (useful for STARTTLS).
(camel_tcp_stream_openssl_enable_ssl): New function to toggle an
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index 9b467b3463..7f914c8734 100644
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -426,53 +426,6 @@ ssl_auth_cert (void *data, PRFileDesc *sockfd, PRBool checksig, PRBool is_server
}
#endif
-static void
-save_ssl_cert (const char *certid)
-{
- char *path, *filename;
- struct stat st;
- int fd;
-
- path = g_strdup_printf ("%s/.camel_certs", getenv ("HOME"));
- if (mkdir (path, 0700) == -1) {
- if (errno != EEXIST)
- return;
-
- if (stat (path, &st) == -1)
- return;
-
- if (!S_ISDIR (st.st_mode))
- return;
- }
-
- filename = g_strdup_printf ("%s/%s", path, certid);
- g_free (path);
-
- fd = open (filename, O_WRONLY | O_CREAT, 0600);
- if (fd != -1)
- close (fd);
-
- g_free (filename);
-}
-
-static gboolean
-ssl_cert_is_saved (const char *certid)
-{
- char *filename;
- struct stat st;
-
- filename = g_strdup_printf ("%s/.camel_certs/%s", getenv ("HOME"), certid);
-
- if (stat (filename, &st) == -1) {
- g_free (filename);
- return FALSE;
- }
-
- g_free (filename);
-
- return st.st_uid == getuid ();
-}
-
static SECStatus
ssl_bad_cert (void *data, PRFileDesc *sockfd)
{
@@ -490,10 +443,6 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
ssl = CAMEL_TCP_STREAM_SSL (data);
service = ssl->priv->service;
- /* this is part of a work-around hack */
- if (ssl_cert_is_saved (ssl->priv->expected_host))
- return SECSuccess;
-
cert = SSL_PeerCertificate (sockfd);
/* calculate the MD5 hash of the raw certificate */
@@ -546,10 +495,6 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
CERT_ImportCerts (CERT_GetDefaultCertDB (), certUsageSSLServer, 1, certs,
NULL, TRUE, FALSE, cert->nickname);
-
- /* and since the above code doesn't seem to
- work... time for a good ol' fashioned hack */
- save_ssl_cert (ssl->priv->expected_host);
#endif
return SECSuccess;
}