X-Git-Url: http://git.madism.org/?p=apps%2Fmadmutt.git;a=blobdiff_plain;f=lib-sys%2Fmutt_ssl.c;h=1557a8fae8328bba12b8bfe17626e37a5015eb66;hp=b247377d5a60a51359d6004fd7ef43966598401e;hb=230399f9632c37b66c1c117a17e8327eae6b3235;hpb=ccf2b75a9ed50a79c4d8e5d6235c7313fcd3719a diff --git a/lib-sys/mutt_ssl.c b/lib-sys/mutt_ssl.c index b247377..1557a8f 100644 --- a/lib-sys/mutt_ssl.c +++ b/lib-sys/mutt_ssl.c @@ -20,10 +20,7 @@ #include -#include -#include -#include -#include +#include #include #include @@ -89,19 +86,16 @@ int mutt_ssl_starttls (CONNECTION * conn) ssldata = p_new(sslsockdata, 1); /* the ssl_use_xxx protocol options don't apply. We must use TLS in TLS. */ if (!(ssldata->ctx = SSL_CTX_new (TLSv1_client_method ()))) { - debug_print (1, ("Error allocating SSL_CTX\n")); goto bail_ssldata; } ssl_get_client_cert (ssldata, conn); if (!(ssldata->ssl = SSL_new (ssldata->ctx))) { - debug_print (1, ("Error allocating SSL\n")); goto bail_ctx; } if (SSL_set_fd (ssldata->ssl, conn->fd) != 1) { - debug_print (1, ("Error setting fd\n")); goto bail_ssl; } @@ -382,7 +376,7 @@ static int check_certificate_cache (X509 *peercert) { unsigned char peermd[EVP_MAX_MD_SIZE]; unsigned int peermdlen; X509 *cert; - LIST *scert; + string_list_t *scert; if (!X509_digest (peercert, EVP_sha1(), peermd, &peermdlen)) return 0; @@ -478,14 +472,10 @@ static int check_certificate_by_signer (X509 * peercert) if (option (OPTSSLSYSTEMCERTS)) { if (X509_STORE_set_default_paths (ctx)) pass++; - else - debug_print (2, ("X509_STORE_set_default_paths failed\n")); } if (X509_STORE_load_locations (ctx, SslCertFile, NULL)) pass++; - else - debug_print (2, ("X509_STORE_load_locations_failed\n")); if (pass == 0) { /* nothing to do */ @@ -496,17 +486,6 @@ static int check_certificate_by_signer (X509 * peercert) X509_STORE_CTX_init (&xsc, ctx, peercert, NULL); pass = (X509_verify_cert (&xsc) > 0); -#ifdef DEBUG - if (!pass) { - char buf[SHORT_STRING]; - int err; - - err = X509_STORE_CTX_get_error (&xsc); - snprintf (buf, sizeof (buf), "%s (%d)", - X509_verify_cert_error_string (err), err); - debug_print (2, ("X509_verify_cert: %s\n", buf)); - } -#endif X509_STORE_CTX_cleanup (&xsc); X509_STORE_free (ctx); @@ -523,13 +502,11 @@ static int check_certificate_by_digest (X509 * peercert) /* expiration check */ if (X509_cmp_current_time (X509_get_notBefore (peercert)) >= 0) { - debug_print (2, ("Server certificate is not yet valid\n")); mutt_error (_("Server certificate is not yet valid")); mutt_sleep (2); return 0; } if (X509_cmp_current_time (X509_get_notAfter (peercert)) <= 0) { - debug_print (2, ("Server certificate has expired\n")); mutt_error (_("Server certificate has expired")); mutt_sleep (2); return 0; @@ -566,18 +543,15 @@ static int ssl_check_certificate (sslsockdata * data) /* check session cache first */ if (check_certificate_cache (data->cert)) { - debug_print (1, ("ssl_check_certificate: using cached certificate\n")); return 1; } if (check_certificate_by_signer (data->cert)) { - debug_print (1, ("signer check passed\n")); return 1; } /* automatic check from user's database */ if (SslCertFile && check_certificate_by_digest (data->cert)) { - debug_print (1, ("digest check passed\n")); return 1; } @@ -684,7 +658,6 @@ static int ssl_check_certificate (sslsockdata * data) static void ssl_get_client_cert (sslsockdata * ssldata, CONNECTION * conn) { if (SslClientCert) { - debug_print (2, ("Using client certificate %s\n", SslClientCert)); SSL_CTX_set_default_passwd_cb_userdata (ssldata->ctx, &conn->account); SSL_CTX_set_default_passwd_cb (ssldata->ctx, ssl_passwd_cb); SSL_CTX_use_certificate_file (ssldata->ctx, SslClientCert, @@ -701,9 +674,6 @@ static int ssl_passwd_cb (char *buf, int size, int rwflag, void *userdata) if (mutt_account_getuser (account)) return 0; - debug_print (2, ("getting password for %s@%s:%u\n", - account->user, account->host, account->port)); - if (mutt_account_getpass (account)) return 0;