# include "config.h"
#endif
+#ifdef USE_GNUTLS
+
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#ifdef HAVE_GNUTLS_OPENSSL_H
#include <gnutls/openssl.h>
#endif
+#include <lib-lib/mem.h>
+#include <lib-lib/str.h>
+#include <lib-lib/macros.h>
+#include <lib-lib/file.h>
+
#include "mutt.h"
#include "mutt_socket.h"
#include "mutt_curses.h"
#include "mutt_menu.h"
#include "mutt_ssl.h"
-#include "mutt_regex.h"
-#include "lib/mem.h"
-#include "lib/intl.h"
+#include "lib/rx.h"
typedef struct _tlssockdata {
gnutls_session state;
err = gnutls_global_init ();
if (err < 0) {
- mutt_error ("gnutls_global_init: %s", gnutls_strerror (err));
+ mutt_error (_("gnutls_global_init: %s"), gnutls_strerror (err));
mutt_sleep (2);
return -1;
}
return 0;
}
-int mutt_gnutls_socket_setup (CONNECTION * conn)
+int mutt_ssl_socket_setup (CONNECTION * conn)
{
if (tls_init () < 0)
return -1;
int ret;
if (!data) {
- mutt_error ("Error: no TLS socket open");
+ mutt_error (_("Error: no TLS socket open"));
mutt_sleep (2);
return -1;
}
ret = gnutls_record_recv (data->state, buf, len);
if (gnutls_error_is_fatal (ret) == 1) {
- mutt_error ("tls_socket_read (%s)", gnutls_strerror (ret));
+ mutt_error (_("tls_socket_read (%s)"), gnutls_strerror (ret));
mutt_sleep (4);
return -1;
}
int ret;
if (!data) {
- mutt_error ("Error: no TLS socket open");
+ mutt_error (_("Error: no TLS socket open"));
mutt_sleep (2);
return -1;
}
ret = gnutls_record_send (data->state, buf, len);
if (gnutls_error_is_fatal (ret) == 1) {
- mutt_error ("tls_socket_write (%s)", gnutls_strerror (ret));
+ mutt_error (_("tls_socket_write (%s)"), gnutls_strerror (ret));
mutt_sleep (4);
return -1;
}
return 0;
}
-int mutt_gnutls_starttls (CONNECTION * conn)
+int mutt_ssl_starttls (CONNECTION * conn)
{
if (tls_init () < 0)
return -1;
tlssockdata *data;
int err;
- data = (tlssockdata *) safe_calloc (1, sizeof (tlssockdata));
+ data = p_new(tlssockdata, 1);
conn->sockdata = data;
err = gnutls_certificate_allocate_credentials (&data->xcred);
if (err < 0) {
- FREE (&conn->sockdata);
- mutt_error ("gnutls_certificate_allocate_credentials: %s",
+ p_delete(&conn->sockdata);
+ mutt_error (_("gnutls_certificate_allocate_credentials: %s"),
gnutls_strerror (err));
mutt_sleep (2);
return -1;
}
if (err < 0) {
if (err == GNUTLS_E_FATAL_ALERT_RECEIVED) {
- mutt_error ("gnutls_handshake: %s(%s)", gnutls_strerror (err),
+ mutt_error (_("gnutls_handshake: %s(%s)"), gnutls_strerror (err),
gnutls_alert_get_name (gnutls_alert_get (data->state)));
}
else {
- mutt_error ("gnutls_handshake: %s", gnutls_strerror (err));
+ mutt_error (_("gnutls_handshake: %s"), gnutls_strerror (err));
}
mutt_sleep (2);
goto fail;
fail:
gnutls_certificate_free_credentials (data->xcred);
gnutls_deinit (data->state);
- FREE (&conn->sockdata);
+ p_delete(&conn->sockdata);
return -1;
}
gnutls_certificate_free_credentials (data->xcred);
gnutls_deinit (data->state);
- FREE(&conn->sockdata);
+ p_delete(&conn->sockdata);
}
return raw_socket_close (conn);
return 0;
b64_data.size = filestat.st_size + 1;
- b64_data_data = (unsigned char *) safe_calloc (1, b64_data.size);
+ b64_data_data = p_new(unsigned char, b64_data.size);
b64_data_data[b64_data.size - 1] = '\0';
b64_data.data = b64_data_data;
do {
ret = gnutls_pem_base64_decode_alloc (NULL, &b64_data, &cert);
if (ret != 0) {
- FREE (&b64_data_data);
+ p_delete(&b64_data_data);
return 0;
}
- ptr = (unsigned char *) strstr (b64_data.data, CERT_SEP) + 1;
- ptr = (unsigned char *) strstr (ptr, CERT_SEP);
+ ptr = (unsigned char *) strstr ((char*) b64_data.data, CERT_SEP) + 1;
+ ptr = (unsigned char *) strstr ((char*) ptr, CERT_SEP);
b64_data.size = b64_data.size - (ptr - b64_data.data);
b64_data.data = ptr;
if (memcmp (cert.data, peercert->data, cert.size) == 0) {
/* match found */
gnutls_free (cert.data);
- FREE (&b64_data_data);
+ p_delete(&b64_data_data);
return 1;
}
}
} while (ptr != NULL);
/* no match found */
- FREE (&b64_data_data);
+ p_delete(&b64_data_data);
return 0;
}
Weekdays[l->tm_wday], l->tm_mday, Months[l->tm_mon],
l->tm_year + 1900, l->tm_hour, l->tm_min, l->tm_sec);
else
- strfcpy (s, _("[invalid date]"), len);
+ m_strcpy(s, len, _("[invalid date]"));
return (s);
}
if (regexec (&preg, linestr, 3, pmatch, 0) == 0) {
linestr[pmatch[1].rm_eo] = '\0';
linestr[pmatch[2].rm_eo] = '\0';
- if (strcmp (linestr + pmatch[1].rm_so, hostname) == 0 &&
- strcmp (linestr + pmatch[2].rm_so, buf) == 0) {
+ if (m_strcmp(linestr + pmatch[1].rm_so, hostname) == 0 &&
+ m_strcmp(linestr + pmatch[2].rm_so, buf) == 0) {
regfree (&preg);
- FREE(&linestr);
+ p_delete(&linestr);
fclose (fp);
return 1;
}
MUTTMENU *menu;
int done, row, i, ret;
FILE *fp;
- gnutls_x509_dn dn;
time_t t;
const gnutls_datum *cert_list;
- int cert_list_size = 0;
+ unsigned int cert_list_size = 0;
gnutls_certificate_status certstat;
char datestr[30];
gnutls_x509_crt cert;
/* We only support X.509 certificates (not OpenPGP) at the moment */
if (gnutls_certificate_type_get (state) != GNUTLS_CRT_X509) {
- mutt_error (_("Error certificate is not X.509"));
+ mutt_error (_("Certificate is not X.509"));
mutt_sleep (2);
return 0;
}
/* interactive check from user */
menu = mutt_new_menu ();
menu->max = 25;
- menu->dialog = (char **) safe_calloc (1, menu->max * sizeof (char *));
+ menu->dialog = p_new(char*, menu->max);
for (i = 0; i < menu->max; i++)
- menu->dialog[i] = (char *) safe_calloc (1, SHORT_STRING * sizeof (char));
+ menu->dialog[i] = p_new(char, SHORT_STRING);
row = 0;
- strfcpy (menu->dialog[row], _("This certificate belongs to:"),
- SHORT_STRING);
+ m_strcpy(menu->dialog[row], SHORT_STRING,
+ _("This certificate belongs to:"));
row++;
buflen = sizeof (dn_common_name);
dn_province, dn_country);
row++;
- strfcpy (menu->dialog[row], _("This certificate was issued by:"),
- SHORT_STRING);
+ m_strcpy(menu->dialog[row], SHORT_STRING,
+ _("This certificate was issued by:"));
row++;
buflen = sizeof (dn_common_name);
if (certerr_notyetvalid) {
row++;
- strfcpy (menu->dialog[row],
- _("WARNING: Server certificate is not yet valid"), SHORT_STRING);
+ m_strcpy(menu->dialog[row], SHORT_STRING,
+ _("WARNING: Server certificate is not yet valid"));
}
if (certerr_expired) {
row++;
- strfcpy (menu->dialog[row], _("WARNING: Server certificate has expired"),
- SHORT_STRING);
+ m_strcpy(menu->dialog[row], SHORT_STRING,
+ _("WARNING: Server certificate has expired"));
}
if (certerr_revoked) {
row++;
- strfcpy (menu->dialog[row],
- _("WARNING: Server certificate has been revoked"), SHORT_STRING);
+ m_strcpy(menu->dialog[row], SHORT_STRING,
+ _("WARNING: Server certificate has been revoked"));
}
if (certerr_hostname) {
row++;
- strfcpy (menu->dialog[row],
- _("WARNING: Server hostname does not match certificate"),
- SHORT_STRING);
+ m_strcpy(menu->dialog[row], SHORT_STRING,
+ _("WARNING: Server hostname does not match certificate"));
}
if (certerr_signernotca) {
row++;
- strfcpy (menu->dialog[row],
- _("WARNING: Signer of server certificate is not a CA"),
- SHORT_STRING);
+ m_strcpy(menu->dialog[row], SHORT_STRING,
+ _("WARNING: Signer of server certificate is not a CA"));
}
menu->title = _("TLS/SSL Certificate check");
menu->help = helpstr;
done = 0;
+ set_option (OPTUNBUFFEREDINPUT);
while (!done) {
switch (mutt_menuLoop (menu)) {
case -1: /* abort */
break;
}
}
+ unset_option (OPTUNBUFFEREDINPUT);
mutt_menuDestroy (&menu);
gnutls_x509_crt_deinit (cert);
return (done == 2);
}
+
+#endif /* USE_GNUTLS */