projects
/
apps
/
madmutt.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Remove included regex lib
[apps/madmutt.git]
/
mutt_ssl_gnutls.c
diff --git
a/mutt_ssl_gnutls.c
b/mutt_ssl_gnutls.c
index
8f6bd23
..
9382054
100644
(file)
--- a/
mutt_ssl_gnutls.c
+++ b/
mutt_ssl_gnutls.c
@@
-12,21
+12,26
@@
# include "config.h"
#endif
# include "config.h"
#endif
+#ifdef USE_GNUTLS
+
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#ifdef HAVE_GNUTLS_OPENSSL_H
#include <gnutls/openssl.h>
#endif
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#ifdef HAVE_GNUTLS_OPENSSL_H
#include <gnutls/openssl.h>
#endif
+#include <lib-lib/mem.h>
+#include <lib-lib/str.h>
+#include <lib-lib/macros.h>
+#include <lib-lib/file.h>
+
+#include <lib-ui/curses.h>
+#include <lib-ui/menu.h>
+
#include "mutt.h"
#include "mutt_socket.h"
#include "mutt.h"
#include "mutt_socket.h"
-#include "mutt_curses.h"
-#include "mutt_menu.h"
#include "mutt_ssl.h"
#include "mutt_ssl.h"
-#include "lib/mem.h"
-#include "lib/str.h"
-#include "lib/intl.h"
#include "lib/rx.h"
typedef struct _tlssockdata {
#include "lib/rx.h"
typedef struct _tlssockdata {
@@
-65,7
+70,7
@@
static int tls_init (void)
return 0;
}
return 0;
}
-int mutt_
gnutls
_socket_setup (CONNECTION * conn)
+int mutt_
ssl
_socket_setup (CONNECTION * conn)
{
if (tls_init () < 0)
return -1;
{
if (tls_init () < 0)
return -1;
@@
-131,7
+136,7
@@
static int tls_socket_open (CONNECTION * conn)
return 0;
}
return 0;
}
-int mutt_
gnutls
_starttls (CONNECTION * conn)
+int mutt_
ssl
_starttls (CONNECTION * conn)
{
if (tls_init () < 0)
return -1;
{
if (tls_init () < 0)
return -1;
@@
-155,11
+160,11
@@
static int tls_negotiate (CONNECTION * conn)
tlssockdata *data;
int err;
tlssockdata *data;
int err;
- data =
(tlssockdata *) safe_calloc (1, sizeof (tlssockdata)
);
+ data =
p_new(tlssockdata, 1
);
conn->sockdata = data;
err = gnutls_certificate_allocate_credentials (&data->xcred);
if (err < 0) {
conn->sockdata = data;
err = gnutls_certificate_allocate_credentials (&data->xcred);
if (err < 0) {
-
FREE
(&conn->sockdata);
+
p_delete
(&conn->sockdata);
mutt_error (_("gnutls_certificate_allocate_credentials: %s"),
gnutls_strerror (err));
mutt_sleep (2);
mutt_error (_("gnutls_certificate_allocate_credentials: %s"),
gnutls_strerror (err));
mutt_sleep (2);
@@
-183,7
+188,7
@@
static int tls_negotiate (CONNECTION * conn)
gnutls_init (&data->state, GNUTLS_CLIENT);
/* set socket */
gnutls_init (&data->state, GNUTLS_CLIENT);
/* set socket */
- gnutls_transport_set_ptr (data->state, (gnutls_transport_ptr)
conn->fd);
+ gnutls_transport_set_ptr (data->state, (gnutls_transport_ptr)
(intptr_t)
conn->fd);
/* disable TLS/SSL protocols as needed */
if (!option (OPTTLSV1) && !option (OPTSSLV3)) {
/* disable TLS/SSL protocols as needed */
if (!option (OPTTLSV1) && !option (OPTSSLV3)) {
@@
-256,7
+261,7
@@
static int tls_negotiate (CONNECTION * conn)
fail:
gnutls_certificate_free_credentials (data->xcred);
gnutls_deinit (data->state);
fail:
gnutls_certificate_free_credentials (data->xcred);
gnutls_deinit (data->state);
-
FREE
(&conn->sockdata);
+
p_delete
(&conn->sockdata);
return -1;
}
return -1;
}
@@
-269,7
+274,7
@@
static int tls_socket_close (CONNECTION * conn)
gnutls_certificate_free_credentials (data->xcred);
gnutls_deinit (data->state);
gnutls_certificate_free_credentials (data->xcred);
gnutls_deinit (data->state);
-
FREE
(&conn->sockdata);
+
p_delete
(&conn->sockdata);
}
return raw_socket_close (conn);
}
return raw_socket_close (conn);
@@
-304,7
+309,7
@@
static int tls_compare_certificates (const gnutls_datum * peercert)
return 0;
b64_data.size = filestat.st_size + 1;
return 0;
b64_data.size = filestat.st_size + 1;
- b64_data_data =
(unsigned char *) safe_calloc (1
, b64_data.size);
+ b64_data_data =
p_new(unsigned char
, b64_data.size);
b64_data_data[b64_data.size - 1] = '\0';
b64_data.data = b64_data_data;
b64_data_data[b64_data.size - 1] = '\0';
b64_data.data = b64_data_data;
@@
-319,7
+324,7
@@
static int tls_compare_certificates (const gnutls_datum * peercert)
do {
ret = gnutls_pem_base64_decode_alloc (NULL, &b64_data, &cert);
if (ret != 0) {
do {
ret = gnutls_pem_base64_decode_alloc (NULL, &b64_data, &cert);
if (ret != 0) {
-
FREE
(&b64_data_data);
+
p_delete
(&b64_data_data);
return 0;
}
return 0;
}
@@
-333,7
+338,7
@@
static int tls_compare_certificates (const gnutls_datum * peercert)
if (memcmp (cert.data, peercert->data, cert.size) == 0) {
/* match found */
gnutls_free (cert.data);
if (memcmp (cert.data, peercert->data, cert.size) == 0) {
/* match found */
gnutls_free (cert.data);
-
FREE
(&b64_data_data);
+
p_delete
(&b64_data_data);
return 1;
}
}
return 1;
}
}
@@
-342,7
+347,7
@@
static int tls_compare_certificates (const gnutls_datum * peercert)
} while (ptr != NULL);
/* no match found */
} while (ptr != NULL);
/* no match found */
-
FREE
(&b64_data_data);
+
p_delete
(&b64_data_data);
return 0;
}
return 0;
}
@@
-378,7
+383,7
@@
static char *tls_make_date (time_t t, char *s, size_t len)
Weekdays[l->tm_wday], l->tm_mday, Months[l->tm_mon],
l->tm_year + 1900, l->tm_hour, l->tm_min, l->tm_sec);
else
Weekdays[l->tm_wday], l->tm_mday, Months[l->tm_mon],
l->tm_year + 1900, l->tm_hour, l->tm_min, l->tm_sec);
else
-
strfcpy (s, _("[invalid date]"), len
);
+
m_strcpy(s, len, _("[invalid date]")
);
return (s);
}
return (s);
}
@@
-412,10
+417,10
@@
static int tls_check_stored_hostname (const gnutls_datum * cert,
if (regexec (&preg, linestr, 3, pmatch, 0) == 0) {
linestr[pmatch[1].rm_eo] = '\0';
linestr[pmatch[2].rm_eo] = '\0';
if (regexec (&preg, linestr, 3, pmatch, 0) == 0) {
linestr[pmatch[1].rm_eo] = '\0';
linestr[pmatch[2].rm_eo] = '\0';
- if (
str_cmp
(linestr + pmatch[1].rm_so, hostname) == 0 &&
-
str_cmp
(linestr + pmatch[2].rm_so, buf) == 0) {
+ if (
m_strcmp
(linestr + pmatch[1].rm_so, hostname) == 0 &&
+
m_strcmp
(linestr + pmatch[2].rm_so, buf) == 0) {
regfree (&preg);
regfree (&preg);
-
FREE
(&linestr);
+
p_delete
(&linestr);
fclose (fp);
return 1;
}
fclose (fp);
return 1;
}
@@
-452,7
+457,7
@@
static int tls_check_certificate (CONNECTION * conn)
time_t t;
const gnutls_datum *cert_list;
unsigned int cert_list_size = 0;
time_t t;
const gnutls_datum *cert_list;
unsigned int cert_list_size = 0;
- gnutls_certificate_status certstat;
+ gnutls_certificate_status
_t
certstat;
char datestr[30];
gnutls_x509_crt cert;
gnutls_datum pemdata;
char datestr[30];
gnutls_x509_crt cert;
gnutls_datum pemdata;
@@
-469,18
+474,11
@@
static int tls_check_certificate (CONNECTION * conn)
return 0;
}
return 0;
}
- certstat = gnutls_certificate_verify_peers (state);
-
- if (certstat == GNUTLS_E_NO_CERTIFICATE_FOUND) {
- mutt_error (_("Unable to get certificate from peer"));
- mutt_sleep (2);
- return 0;
- }
- if (certstat < 0) {
- mutt_error (_("Certificate verification error (%s)"),
- gnutls_strerror (certstat));
- mutt_sleep (2);
- return 0;
+ if (gnutls_certificate_verify_peers2(state, &certstat) < 0) {
+ mutt_error (_("Certificate verification error (%s)"),
+ gnutls_strerror(certstat));
+ mutt_sleep (2);
+ return 0;
}
/* We only support X.509 certificates (not OpenPGP) at the moment */
}
/* We only support X.509 certificates (not OpenPGP) at the moment */
@@
-583,13
+581,13
@@
static int tls_check_certificate (CONNECTION * conn)
/* interactive check from user */
menu = mutt_new_menu ();
menu->max = 25;
/* interactive check from user */
menu = mutt_new_menu ();
menu->max = 25;
- menu->dialog =
(char **) safe_calloc (1, menu->max * sizeof (char *)
);
+ menu->dialog =
p_new(char*, menu->max
);
for (i = 0; i < menu->max; i++)
for (i = 0; i < menu->max; i++)
- menu->dialog[i] =
(char *) safe_calloc (1, SHORT_STRING * sizeof (char)
);
+ menu->dialog[i] =
p_new(char, SHORT_STRING
);
row = 0;
row = 0;
-
strfcpy (menu->dialog[row], _("This certificate belongs to:")
,
-
SHORT_STRING
);
+
m_strcpy(menu->dialog[row], SHORT_STRING
,
+
_("This certificate belongs to:")
);
row++;
buflen = sizeof (dn_common_name);
row++;
buflen = sizeof (dn_common_name);
@@
-633,8
+631,8
@@
static int tls_check_certificate (CONNECTION * conn)
dn_province, dn_country);
row++;
dn_province, dn_country);
row++;
-
strfcpy (menu->dialog[row], _("This certificate was issued by:")
,
-
SHORT_STRING
);
+
m_strcpy(menu->dialog[row], SHORT_STRING
,
+
_("This certificate was issued by:")
);
row++;
buflen = sizeof (dn_common_name);
row++;
buflen = sizeof (dn_common_name);
@@
-700,30
+698,28
@@
static int tls_check_certificate (CONNECTION * conn)
if (certerr_notyetvalid) {
row++;
if (certerr_notyetvalid) {
row++;
-
strfcpy (menu->dialog[row]
,
- _("WARNING: Server certificate is not yet valid")
, SHORT_STRING
);
+
m_strcpy(menu->dialog[row], SHORT_STRING
,
+ _("WARNING: Server certificate is not yet valid"));
}
if (certerr_expired) {
row++;
}
if (certerr_expired) {
row++;
-
strfcpy (menu->dialog[row], _("WARNING: Server certificate has expired")
,
-
SHORT_STRING
);
+
m_strcpy(menu->dialog[row], SHORT_STRING
,
+
_("WARNING: Server certificate has expired")
);
}
if (certerr_revoked) {
row++;
}
if (certerr_revoked) {
row++;
-
strfcpy (menu->dialog[row]
,
- _("WARNING: Server certificate has been revoked")
, SHORT_STRING
);
+
m_strcpy(menu->dialog[row], SHORT_STRING
,
+ _("WARNING: Server certificate has been revoked"));
}
if (certerr_hostname) {
row++;
}
if (certerr_hostname) {
row++;
- strfcpy (menu->dialog[row],
- _("WARNING: Server hostname does not match certificate"),
- SHORT_STRING);
+ m_strcpy(menu->dialog[row], SHORT_STRING,
+ _("WARNING: Server hostname does not match certificate"));
}
if (certerr_signernotca) {
row++;
}
if (certerr_signernotca) {
row++;
- strfcpy (menu->dialog[row],
- _("WARNING: Signer of server certificate is not a CA"),
- SHORT_STRING);
+ m_strcpy(menu->dialog[row], SHORT_STRING,
+ _("WARNING: Signer of server certificate is not a CA"));
}
menu->title = _("TLS/SSL Certificate check");
}
menu->title = _("TLS/SSL Certificate check");
@@
-747,6
+743,7
@@
static int tls_check_certificate (CONNECTION * conn)
menu->help = helpstr;
done = 0;
menu->help = helpstr;
done = 0;
+ set_option (OPTUNBUFFEREDINPUT);
while (!done) {
switch (mutt_menuLoop (menu)) {
case -1: /* abort */
while (!done) {
switch (mutt_menuLoop (menu)) {
case -1: /* abort */
@@
-789,7
+786,10
@@
static int tls_check_certificate (CONNECTION * conn)
break;
}
}
break;
}
}
+ unset_option (OPTUNBUFFEREDINPUT);
mutt_menuDestroy (&menu);
gnutls_x509_crt_deinit (cert);
return (done == 2);
}
mutt_menuDestroy (&menu);
gnutls_x509_crt_deinit (cert);
return (done == 2);
}
+
+#endif /* USE_GNUTLS */