PK11_SetPasswordFunc (mutt_nss_password_func);
if (NSS_Init (SslCertFile) == SECFailure)
return mutt_nss_error ("NSS_Init");
PK11_SetPasswordFunc (mutt_nss_password_func);
if (NSS_Init (SslCertFile) == SECFailure)
return mutt_nss_error ("NSS_Init");
/* always use strong crypto. */
if (NSS_SetDomesticPolicy () == SECFailure)
return mutt_nss_error ("NSS_SetDomesticPolicy");
/* always use strong crypto. */
if (NSS_SetDomesticPolicy () == SECFailure)
return mutt_nss_error ("NSS_SetDomesticPolicy");
strfcpy (timebuf, asctime (&t), sizeof (timebuf));
timebuf[strlen (timebuf) - 1] = 0;
strfcpy (timebuf, asctime (&t), sizeof (timebuf));
timebuf[strlen (timebuf) - 1] = 0;
/* calculate the MD5 hash of the raw certificate */
HASH_HashBuf (HASH_AlgMD5, hash, cert->derCert.data, cert->derCert.len);
/* calculate the MD5 hash of the raw certificate */
HASH_HashBuf (HASH_AlgMD5, hash, cert->derCert.data, cert->derCert.len);
else
status[sizeof (status) - 1] = 0;
memcpy (status, "--- SSL Certificate Check",
else
status[sizeof (status) - 1] = 0;
memcpy (status, "--- SSL Certificate Check",
mvaddstr (LINES - 1, 0, "(r)eject, accept (o)nce, (a)lways accept?");
clrtoeol ();
ch = mutt_getch ();
mvaddstr (LINES - 1, 0, "(r)eject, accept (o)nce, (a)lways accept?");
clrtoeol ();
ch = mutt_getch ();
/* push this certificate onto the user's certificate store so it
* automatically becomes valid next time we see it
*/
/* push this certificate onto the user's certificate store so it
* automatically becomes valid next time we see it
*/
/* set this certificate as a valid peer for SSL-auth ONLY. */
CERT_DecodeTrustString (&trust, "P,,");
/* set this certificate as a valid peer for SSL-auth ONLY. */
CERT_DecodeTrustString (&trust, "P,,");
/* SSL_PeerCertificate() returns a copy with an updated ref count, so
* we have to destroy our copy here.
*/
CERT_DestroyCertificate (cert);
/* SSL_PeerCertificate() returns a copy with an updated ref count, so
* we have to destroy our copy here.
*/
CERT_DestroyCertificate (cert);
addr.inet.family = AF_INET;
addr.inet.port = PR_htons (con->account.port);
he = gethostbyname (con->account.host);
addr.inet.family = AF_INET;
addr.inet.port = PR_htons (con->account.port);
he = gethostbyname (con->account.host);
mutt_error (_("PR_NewTCPSocket failed."));
break;
}
/* make this a SSL socket */
sockdata->fd = SSL_ImportFD (NULL, sockdata->fd);
mutt_error (_("PR_NewTCPSocket failed."));
break;
}
/* make this a SSL socket */
sockdata->fd = SSL_ImportFD (NULL, sockdata->fd);
/* set SSL version options based upon user's preferences */
if (!option (OPTTLSV1))
SSL_OptionSet (sockdata->fd, SSL_ENABLE_TLS, PR_FALSE);
/* set SSL version options based upon user's preferences */
if (!option (OPTTLSV1))
SSL_OptionSet (sockdata->fd, SSL_ENABLE_TLS, PR_FALSE);
if (!option (OPTSSLV2))
SSL_OptionSet (sockdata->fd, SSL_ENABLE_SSL2, PR_FALSE);
if (!option (OPTSSLV3))
SSL_OptionSet (sockdata->fd, SSL_ENABLE_SSL3, PR_FALSE);
if (!option (OPTSSLV2))
SSL_OptionSet (sockdata->fd, SSL_ENABLE_SSL2, PR_FALSE);
if (!option (OPTSSLV3))
SSL_OptionSet (sockdata->fd, SSL_ENABLE_SSL3, PR_FALSE);
/* set the host we were attempting to connect to in order to verify
* the name in the certificate we get back.
*/
/* set the host we were attempting to connect to in order to verify
* the name in the certificate we get back.
*/
/* use the default supplied hook. it takes an argument to our
* certificate database. the manual lies, you can't really specify
* NULL for the callback to get the default!
*/
/* use the default supplied hook. it takes an argument to our
* certificate database. the manual lies, you can't really specify
* NULL for the callback to get the default!
*/
/* set the callback to be used when SSL_AuthCertificate() fails. this
* allows us to override and insert the cert back into the db
*/
SSL_BadCertHook (sockdata->fd, mutt_nss_bad_cert, sockdata->db);
/* set the callback to be used when SSL_AuthCertificate() fails. this
* allows us to override and insert the cert back into the db
*/
SSL_BadCertHook (sockdata->fd, mutt_nss_bad_cert, sockdata->db);
/* HACK. some of the higher level calls in mutt_socket.c depend on this
* being >0 when we are in the connected state. we just set this to
* an arbitrary value to avoid hitting that bug, since we neve have the
* real fd.
*/
con->fd = 42;
/* HACK. some of the higher level calls in mutt_socket.c depend on this
* being >0 when we are in the connected state. we just set this to
* an arbitrary value to avoid hitting that bug, since we neve have the
* real fd.
*/
con->fd = 42;
- con->open = mutt_nss_socket_open;
- con->read = mutt_nss_socket_read;
- con->write = mutt_nss_socket_write;
- con->close = mutt_nss_socket_close;
+ con->conn_open = mutt_nss_socket_open;
+ con->conn_read = mutt_nss_socket_read;
+ con->conn_write = mutt_nss_socket_write;
+ con->conn_close = mutt_nss_socket_close;