From f3e2d67d4dc9211f7036618e0f272d9ef1f86915 Mon Sep 17 00:00:00 2001
From: Jeffrey Stedfast <fejj@ximian.com>
Date: Wed, 10 Oct 2001 22:13:05 +0000
Subject: Same hack as below.

2001-10-10  Jeffrey Stedfast  <fejj@ximian.com>

	* camel-tcp-stream-openssl.c (ssl_verify): Same hack as below.

	* camel-tcp-stream-ssl.c (ssl_bad_cert): Hack around the fact that
	adding a cert to nss's certdb seems to not work.

svn path=/trunk/; revision=13575
---
 camel/ChangeLog                  |  7 ++++++
 camel/camel-tcp-stream-openssl.c | 51 ++++++++++++++++++++++++++++++++++++++
 camel/camel-tcp-stream-ssl.c     | 53 ++++++++++++++++++++++++++++++++++++++++
 camel/camel-tcp-stream-ssl.h     |  1 -
 4 files changed, 111 insertions(+), 1 deletion(-)

diff --git a/camel/ChangeLog b/camel/ChangeLog
index fc4d8da425..b1623c80d5 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -1,3 +1,10 @@
+2001-10-10  Jeffrey Stedfast  <fejj@ximian.com>
+
+	* camel-tcp-stream-openssl.c (ssl_verify): Same hack as below.
+
+	* camel-tcp-stream-ssl.c (ssl_bad_cert): Hack around the fact that
+	adding a cert to nss's certdb seems to not work.
+
 2001-10-10    <NotZed@Ximian.com>
 
 	* camel-vee-folder.c (vee_sync): Only re-build the folder if we're
diff --git a/camel/camel-tcp-stream-openssl.c b/camel/camel-tcp-stream-openssl.c
index a940f2419a..f83b309de7 100644
--- a/camel/camel-tcp-stream-openssl.c
+++ b/camel/camel-tcp-stream-openssl.c
@@ -466,6 +466,51 @@ socket_connect (struct hostent *h, int port)
 	return fd;
 }
 
+static void
+save_ssl_cert (const char *certid)
+{
+	char *path, *filename;
+	struct stat st;
+	int fd;
+	
+	path = g_strdup_printf ("%s/.camel_certs", getenv ("HOME"));
+	if (mkdir (path, 0700) == -1) {
+		if (errno != EEXIST)
+			return;
+		
+		if (stat (path, &st) == -1)
+			return;
+		
+		if (!S_ISDIR (st.st_mode))
+			return;
+	}
+	
+	filename = g_strdup_printf ("%s/%s", path, certid);
+	g_free (path);
+	
+	fd = open (filename, O_WRONLY | O_CREAT);
+	if (fd != -1)
+		close (fd);
+	
+	g_free (filename);
+}
+
+static gboolean
+ssl_cert_is_saved (const char *certid)
+{
+	char *filename;
+	int fd;
+	
+	filename = g_strdup_printf ("%s/.camel_certs/%s", getenv ("HOME"), certid);
+	
+	fd = open (filename, O_RDONLY);
+	g_free (filename);
+	if (fd != -1)
+		close (fd);
+	
+	return fd != -1;
+}
+
 static int
 ssl_verify (int ok, X509_STORE_CTX *ctx)
 {
@@ -481,6 +526,9 @@ ssl_verify (int ok, X509_STORE_CTX *ctx)
 	cert = X509_STORE_CTX_get_current_cert (ctx);
 	err = X509_STORE_CTX_get_error (ctx);
 	
+	if (stream)
+		ok = ssl_cert_is_saved (stream->priv->expected_host);
+	
 	if (!ok && stream) {
 		CamelService *service = stream->priv->service;
 		char *prompt, *cert_str;
@@ -499,6 +547,9 @@ ssl_verify (int ok, X509_STORE_CTX *ctx)
 		
 		ok = camel_session_alert_user (service->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE);
 		g_free (prompt);
+		
+		if (ok)
+			save_ssl_cert (stream->priv->expected_host);
 	}
 	
 	return ok;
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index d025f49a20..fa0da4041a 100644
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -333,6 +333,51 @@ ssl_auth_cert (void *data, PRFileDesc *sockfd, PRBool checksig, PRBool is_server
 }
 #endif
 
+static void
+save_ssl_cert (const char *certid)
+{
+	char *path, *filename;
+	struct stat st;
+	int fd;
+	
+	path = g_strdup_printf ("%s/.camel_certs", getenv ("HOME"));
+	if (mkdir (path, 0700) == -1) {
+		if (errno != EEXIST)
+			return;
+		
+		if (stat (path, &st) == -1)
+			return;
+		
+		if (!S_ISDIR (st.st_mode))
+			return;
+	}
+	
+	filename = g_strdup_printf ("%s/%s", path, certid);
+	g_free (path);
+	
+	fd = open (filename, O_WRONLY | O_CREAT);
+	if (fd != -1)
+		close (fd);
+	
+	g_free (filename);
+}
+
+static gboolean
+ssl_cert_is_saved (const char *certid)
+{
+	char *filename;
+	int fd;
+	
+	filename = g_strdup_printf ("%s/.camel_certs/%s", getenv ("HOME"), certid);
+	
+	fd = open (filename, O_RDONLY);
+	g_free (filename);
+	if (fd != -1)
+		close (fd);
+	
+	return fd != -1;
+}
+
 static SECStatus
 ssl_bad_cert (void *data, PRFileDesc *sockfd)
 {
@@ -348,6 +393,10 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
 	ssl = CAMEL_TCP_STREAM_SSL (data);
 	service = ssl->priv->service;
 	
+	/* this is part of a work-around hack */
+	if (ssl_cert_is_saved (ssl->priv->expected_host))
+		return SECSuccess;
+	
 	cert = SSL_PeerCertificate (sockfd);
 	
 	cert_str = g_strdup_printf (_("EMail: %s\n"
@@ -387,6 +436,10 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
 		CERT_ImportCerts (CERT_GetDefaultCertDB (), certUsageSSLServer, 1, certs,
 				  NULL, TRUE, FALSE, cert->nickname);
 		
+		/* and since the above code doesn't seem to
+                   work... time for a good ol' fashioned hack */
+		save_ssl_cert (ssl->priv->expected_host);
+		
 		return SECSuccess;
 	}
 	
diff --git a/camel/camel-tcp-stream-ssl.h b/camel/camel-tcp-stream-ssl.h
index af68fe9644..181c553a1a 100644
--- a/camel/camel-tcp-stream-ssl.h
+++ b/camel/camel-tcp-stream-ssl.h
@@ -57,7 +57,6 @@ CamelType camel_tcp_stream_ssl_get_type (void);
 /* public methods */
 CamelStream *camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host);
 
-
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */
-- 
cgit v1.2.3