From 0ec6ccc4dfc136dd7347e49e4dc2b309126706a9 Mon Sep 17 00:00:00 2001 From: Jeffrey Stedfast Date: Wed, 21 Mar 2001 21:45:26 +0000 Subject: Return -1 on fail. (camel_filter_driver_filter_folder): Same. 2001-03-21 Jeffrey Stedfast * camel-filter-driver.c (camel_filter_driver_filter_message): Return -1 on fail. (camel_filter_driver_filter_folder): Same. (camel_filter_driver_filter_mbox): Same. (camel_filter_driver_filter_folder): Return -1 if an exception was set as well. 2001-03-19 Jeffrey Stedfast * camel-tcp-stream-openssl.c (camel_tcp_stream_openssl_finalize): Free the expected host. (camel_tcp_stream_openssl_new): Now takes a Service and an expected_host. Set them. svn path=/trunk/; revision=8871 --- camel/camel-tcp-stream-openssl.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) (limited to 'camel/camel-tcp-stream-openssl.c') diff --git a/camel/camel-tcp-stream-openssl.c b/camel/camel-tcp-stream-openssl.c index 1830c8dab6..39a42d615b 100644 --- a/camel/camel-tcp-stream-openssl.c +++ b/camel/camel-tcp-stream-openssl.c @@ -53,6 +53,9 @@ static gpointer stream_get_socket (CamelTcpStream *stream); struct _CamelTcpStreamOpenSSLPrivate { int sockfd; SSL *ssl; + + CamelService *service; + char *expected_host; }; static void @@ -82,9 +85,8 @@ camel_tcp_stream_openssl_init (gpointer object, gpointer klass) { CamelTcpStreamOpenSSL *stream = CAMEL_TCP_STREAM_OPENSSL (object); - stream->priv = g_new (struct _CamelTcpStreamOpenSSLPrivate, 1); + stream->priv = g_new0 (struct _CamelTcpStreamOpenSSLPrivate, 1); stream->priv->sockfd = -1; - stream->priv->ssl = NULL; } static void @@ -104,6 +106,8 @@ camel_tcp_stream_openssl_finalize (CamelObject *object) if (stream->priv->sockfd != -1) close (stream->priv->sockfd); + g_free (stream->priv->expected_host); + g_free (stream->priv); } @@ -130,16 +134,25 @@ camel_tcp_stream_openssl_get_type (void) /** * camel_tcp_stream_openssl_new: + * @service: camel service + * @expected_host: host that the stream is expecting to connect with. + * + * Since the SSL certificate authenticator may need to prompt the + * user, a CamelService is needed. @expected_host is needed as a + * protection against an MITM attack. * * Return value: a tcp stream **/ CamelStream * -camel_tcp_stream_openssl_new () +camel_tcp_stream_openssl_new (CamelService *service, const char *expected_host) { CamelTcpStreamOpenSSL *stream; stream = CAMEL_TCP_STREAM_OPENSSL (camel_object_new (camel_tcp_stream_openssl_get_type ())); + stream->priv->service = service; + stream->priv->expected_host = g_strdup (expected_host); + return CAMEL_STREAM (stream); } @@ -360,7 +373,7 @@ socket_connect (struct hostent *h, int port) } static int -verify_callback (int ok, X509_STORE_CTX *ctx) +ssl_verify (int ok, X509_STORE_CTX *ctx) { char *str, buf[256]; X509 *cert; @@ -392,7 +405,7 @@ verify_callback (int ok, X509_STORE_CTX *ctx) } static SSL * -open_ssl_connection (int sockfd) +open_ssl_connection (CamelService *service, int sockfd) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; @@ -400,7 +413,7 @@ open_ssl_connection (int sockfd) /* SSLv23_client_method will negotiate with SSL v2, v3, or TLS v1 */ ssl_ctx = SSL_CTX_new (SSLv23_client_method ()); - SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &verify_cb); + SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &ssl_verify); ssl = SSL_new (ssl_ctx); SSL_set_fd (ssl, sockfd); @@ -431,7 +444,7 @@ stream_connect (CamelTcpStream *stream, struct hostent *host, int port) if (fd == -1) return -1; - ssl = open_ssl_connection (sockfd); + ssl = open_ssl_connection (stream->priv->service, sockfd); if (!ssl) return -1; -- cgit v1.2.3