aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--camel/ChangeLog14
-rw-r--r--camel/camel-tcp-stream-openssl.c32
2 files changed, 36 insertions, 10 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog
index a55a98b336..7481dcaa39 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -1,3 +1,17 @@
+2001-07-05 Chris Toshok <toshok@ximian.com>
+
+ * camel-tcp-stream-openssl.c (ssl_verify): use
+ X509_STORE_CTX_get_ex_data to get at the SSL* - don't use the
+ X509_STORE_CTX to look up our stream, since it's not what we used
+ to insert our stream into the hashtable.
+ (open_ssl_connection): insert the stream into the hashtable before
+ calling SSL_connect, as this can cause ssl_verify to be called,
+ and we need to look up the stream there. remove the stream from
+ the hashtable if there's an error connecting.
+ (stream_connect): pass the CamelTcpStreamOpenSSL* to
+ open_ssl_connection since it handles the hashtable stuff. remove
+ hashtable stuff from here.
+
2001-07-05 Jeffrey Stedfast <fejj@ximian.com>
* camel-folder.c (camel_folder_copy_messages_to): if source ==
diff --git a/camel/camel-tcp-stream-openssl.c b/camel/camel-tcp-stream-openssl.c
index 214269a433..8923c31425 100644
--- a/camel/camel-tcp-stream-openssl.c
+++ b/camel/camel-tcp-stream-openssl.c
@@ -402,12 +402,15 @@ socket_connect (struct hostent *h, int port)
static int
ssl_verify (int ok, X509_STORE_CTX *ctx)
{
+ SSL *ssl;
CamelTcpStreamOpenSSL *stream;
X509 *cert;
int err;
+
+ ssl = X509_STORE_CTX_get_ex_data (ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
OPENSSL_TABLE_LOCK ();
- stream = CAMEL_TCP_STREAM_OPENSSL (g_hash_table_lookup (openssl_table, ctx));
+ stream = CAMEL_TCP_STREAM_OPENSSL (g_hash_table_lookup (openssl_table, ssl->ctx));
OPENSSL_TABLE_UNLOCK ();
cert = X509_STORE_CTX_get_current_cert (ctx);
@@ -437,12 +440,15 @@ ssl_verify (int ok, X509_STORE_CTX *ctx)
}
static SSL *
-open_ssl_connection (CamelService *service, int sockfd)
+open_ssl_connection (CamelService *service, int sockfd, CamelTcpStreamOpenSSL *openssl)
{
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
int n;
+ SSLeay_add_ssl_algorithms();
+ SSL_load_error_strings();
+
/* SSLv23_client_method will negotiate with SSL v2, v3, or TLS v1 */
ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
g_return_val_if_fail (ssl_ctx != NULL, NULL);
@@ -450,9 +456,22 @@ open_ssl_connection (CamelService *service, int sockfd)
SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &ssl_verify);
ssl = SSL_new (ssl_ctx);
SSL_set_fd (ssl, sockfd);
+
+ OPENSSL_TABLE_LOCK ();
+ if (!openssl_table)
+ openssl_table = g_hash_table_new (g_direct_hash, g_direct_equal);
+
+ g_hash_table_insert (openssl_table, ssl->ctx, openssl);
+ OPENSSL_TABLE_UNLOCK ();
+
n = SSL_connect (ssl);
if (n != 1) {
+
+ OPENSSL_TABLE_LOCK ();
+ g_hash_table_remove (openssl_table, ssl->ctx);
+ OPENSSL_TABLE_UNLOCK ();
+
SSL_shutdown (ssl);
if (ssl->ctx)
@@ -478,20 +497,13 @@ stream_connect (CamelTcpStream *stream, struct hostent *host, int port)
if (fd == -1)
return -1;
- ssl = open_ssl_connection (openssl->priv->service, fd);
+ ssl = open_ssl_connection (openssl->priv->service, fd, openssl);
if (!ssl)
return -1;
openssl->priv->sockfd = fd;
openssl->priv->ssl = ssl;
- OPENSSL_TABLE_LOCK ();
- if (!openssl_table)
- openssl_table = g_hash_table_new (g_direct_hash, g_direct_equal);
-
- g_hash_table_insert (openssl_table, ssl->ctx, openssl);
- OPENSSL_TABLE_UNLOCK ();
-
return 0;
}