X-Git-Url: http://git.madism.org/?p=apps%2Fmadmutt.git;a=blobdiff_plain;f=lib-sys%2Fmutt_ssl.c;h=5d7c551ef513fcde5e3ca9391fedbda7de0095fa;hp=c7dcc7a071f7439f581407630c6b344ced4df3be;hb=f3cbb9f51357972f6e74244494236a41dc4d84cd;hpb=108f3c7ab59844591f7540347914ea57be5245e2

diff --git a/lib-sys/mutt_ssl.c b/lib-sys/mutt_ssl.c
index c7dcc7a..5d7c551 100644
--- a/lib-sys/mutt_ssl.c
+++ b/lib-sys/mutt_ssl.c
@@ -7,9 +7,7 @@
  * please see the file GPL in the top level source directory.
  */
 
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
+#include <lib-lib/lib-lib.h>
 
 #ifdef USE_SSL
 
@@ -18,13 +16,6 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 
-#include <string.h>
-
-#include <lib-lib/mem.h>
-#include <lib-lib/str.h>
-#include <lib-lib/macros.h>
-#include <lib-lib/debug.h>
-
 #include <lib-ui/curses.h>
 #include <lib-ui/menu.h>
 
@@ -89,19 +80,16 @@ int mutt_ssl_starttls (CONNECTION * conn)
   ssldata = p_new(sslsockdata, 1);
   /* the ssl_use_xxx protocol options don't apply. We must use TLS in TLS. */
   if (!(ssldata->ctx = SSL_CTX_new (TLSv1_client_method ()))) {
-    debug_print (1, ("Error allocating SSL_CTX\n"));
     goto bail_ssldata;
   }
 
   ssl_get_client_cert (ssldata, conn);
 
   if (!(ssldata->ssl = SSL_new (ssldata->ctx))) {
-    debug_print (1, ("Error allocating SSL\n"));
     goto bail_ctx;
   }
 
   if (SSL_set_fd (ssldata->ssl, conn->fd) != 1) {
-    debug_print (1, ("Error setting fd\n"));
     goto bail_ssl;
   }
 
@@ -345,9 +333,6 @@ static int ssl_socket_close (CONNECTION * conn)
 
   if (data) {
     SSL_shutdown (data->ssl);
-#if 0
-    X509_free (data->cert);
-#endif
     SSL_free (data->ssl);
     SSL_CTX_free (data->ctx);
     p_delete(&conn->sockdata);
@@ -478,14 +463,10 @@ static int check_certificate_by_signer (X509 * peercert)
   if (option (OPTSSLSYSTEMCERTS)) {
     if (X509_STORE_set_default_paths (ctx))
       pass++;
-    else
-      debug_print (2, ("X509_STORE_set_default_paths failed\n"));
   }
 
   if (X509_STORE_load_locations (ctx, SslCertFile, NULL))
     pass++;
-  else
-    debug_print (2, ("X509_STORE_load_locations_failed\n"));
 
   if (pass == 0) {
     /* nothing to do */
@@ -496,17 +477,6 @@ static int check_certificate_by_signer (X509 * peercert)
   X509_STORE_CTX_init (&xsc, ctx, peercert, NULL);
 
   pass = (X509_verify_cert (&xsc) > 0);
-#ifdef DEBUG
-  if (!pass) {
-    char buf[SHORT_STRING];
-    int err;
-
-    err = X509_STORE_CTX_get_error (&xsc);
-    snprintf (buf, sizeof (buf), "%s (%d)",
-              X509_verify_cert_error_string (err), err);
-    debug_print (2, ("X509_verify_cert: %s\n", buf));
-  }
-#endif
   X509_STORE_CTX_cleanup (&xsc);
   X509_STORE_free (ctx);
 
@@ -523,13 +493,11 @@ static int check_certificate_by_digest (X509 * peercert)
 
   /* expiration check */
   if (X509_cmp_current_time (X509_get_notBefore (peercert)) >= 0) {
-    debug_print (2, ("Server certificate is not yet valid\n"));
     mutt_error (_("Server certificate is not yet valid"));
     mutt_sleep (2);
     return 0;
   }
   if (X509_cmp_current_time (X509_get_notAfter (peercert)) <= 0) {
-    debug_print (2, ("Server certificate has expired\n"));
     mutt_error (_("Server certificate has expired"));
     mutt_sleep (2);
     return 0;
@@ -539,7 +507,7 @@ static int check_certificate_by_digest (X509 * peercert)
     return 0;
 
   if (!X509_digest (peercert, EVP_sha1 (), peermd, &peermdlen)) {
-    fclose (fp);
+    m_fclose(&fp);
     return 0;
   }
 
@@ -549,7 +517,7 @@ static int check_certificate_by_digest (X509 * peercert)
       break;
   }
   X509_free (cert);
-  fclose (fp);
+  m_fclose(&fp);
 
   return pass;
 }
@@ -566,18 +534,15 @@ static int ssl_check_certificate (sslsockdata * data)
 
   /* check session cache first */
   if (check_certificate_cache (data->cert)) {
-    debug_print (1, ("ssl_check_certificate: using cached certificate\n"));
     return 1;
   }
 
   if (check_certificate_by_signer (data->cert)) {
-    debug_print (1, ("signer check passed\n"));
     return 1;
   }
 
   /* automatic check from user's database */
   if (SslCertFile && check_certificate_by_digest (data->cert)) {
-    debug_print (1, ("digest check passed\n"));
     return 1;
   }
 
@@ -656,7 +621,7 @@ static int ssl_check_certificate (sslsockdata * data)
       if ((fp = fopen (SslCertFile, "a"))) {
         if (PEM_write_X509 (fp, data->cert))
           done = 1;
-        fclose (fp);
+        m_fclose(&fp);
       }
       if (!done) {
         mutt_error (_("Warning: Couldn't save certificate"));
@@ -684,7 +649,6 @@ static int ssl_check_certificate (sslsockdata * data)
 static void ssl_get_client_cert (sslsockdata * ssldata, CONNECTION * conn)
 {
   if (SslClientCert) {
-    debug_print (2, ("Using client certificate %s\n", SslClientCert));
     SSL_CTX_set_default_passwd_cb_userdata (ssldata->ctx, &conn->account);
     SSL_CTX_set_default_passwd_cb (ssldata->ctx, ssl_passwd_cb);
     SSL_CTX_use_certificate_file (ssldata->ctx, SslClientCert,
@@ -701,9 +665,6 @@ static int ssl_passwd_cb (char *buf, int size, int rwflag, void *userdata)
   if (mutt_account_getuser (account))
     return 0;
 
-  debug_print (2, ("getting password for %s@%s:%u\n",
-              account->user, account->host, account->port));
-
   if (mutt_account_getpass (account))
     return 0;