X-Git-Url: http://git.madism.org/?p=apps%2Fmadmutt.git;a=blobdiff_plain;f=lib-sys%2Fmutt_ssl.c;h=745141ba452b780f140019ef49b2cdaf6745e2b1;hp=c7dcc7a071f7439f581407630c6b344ced4df3be;hb=558b0bd9de90a9dc28f409d8f46679bf48c72ded;hpb=108f3c7ab59844591f7540347914ea57be5245e2 diff --git a/lib-sys/mutt_ssl.c b/lib-sys/mutt_ssl.c index c7dcc7a..745141b 100644 --- a/lib-sys/mutt_ssl.c +++ b/lib-sys/mutt_ssl.c @@ -7,9 +7,7 @@ * please see the file GPL in the top level source directory. */ -#if HAVE_CONFIG_H -# include "config.h" -#endif +#include #ifdef USE_SSL @@ -18,13 +16,6 @@ #include #include -#include - -#include -#include -#include -#include - #include #include @@ -89,19 +80,16 @@ int mutt_ssl_starttls (CONNECTION * conn) ssldata = p_new(sslsockdata, 1); /* the ssl_use_xxx protocol options don't apply. We must use TLS in TLS. */ if (!(ssldata->ctx = SSL_CTX_new (TLSv1_client_method ()))) { - debug_print (1, ("Error allocating SSL_CTX\n")); goto bail_ssldata; } ssl_get_client_cert (ssldata, conn); if (!(ssldata->ssl = SSL_new (ssldata->ctx))) { - debug_print (1, ("Error allocating SSL\n")); goto bail_ctx; } if (SSL_set_fd (ssldata->ssl, conn->fd) != 1) { - debug_print (1, ("Error setting fd\n")); goto bail_ssl; } @@ -155,7 +143,7 @@ static int ssl_init (void) /* load entropy from egd sockets */ #ifdef HAVE_RAND_EGD add_entropy (getenv ("EGDSOCKET")); - snprintf (path, sizeof (path), "%s/.entropy", NONULL (Homedir)); + snprintf (path, sizeof (path), "%s/.entropy", NONULL(MCore.homedir)); add_entropy (path); add_entropy ("/tmp/entropy"); #endif @@ -345,9 +333,6 @@ static int ssl_socket_close (CONNECTION * conn) if (data) { SSL_shutdown (data->ssl); -#if 0 - X509_free (data->cert); -#endif SSL_free (data->ssl); SSL_CTX_free (data->ctx); p_delete(&conn->sockdata); @@ -410,7 +395,7 @@ static int tls_close (CONNECTION * conn) static char *x509_get_part (char *line, const char *ndx) { - static char ret[SHORT_STRING]; + static char ret[STRING]; char *c, *c2; m_strcpy(ret, sizeof(ret), _("Unknown")); @@ -478,14 +463,10 @@ static int check_certificate_by_signer (X509 * peercert) if (option (OPTSSLSYSTEMCERTS)) { if (X509_STORE_set_default_paths (ctx)) pass++; - else - debug_print (2, ("X509_STORE_set_default_paths failed\n")); } if (X509_STORE_load_locations (ctx, SslCertFile, NULL)) pass++; - else - debug_print (2, ("X509_STORE_load_locations_failed\n")); if (pass == 0) { /* nothing to do */ @@ -496,17 +477,6 @@ static int check_certificate_by_signer (X509 * peercert) X509_STORE_CTX_init (&xsc, ctx, peercert, NULL); pass = (X509_verify_cert (&xsc) > 0); -#ifdef DEBUG - if (!pass) { - char buf[SHORT_STRING]; - int err; - - err = X509_STORE_CTX_get_error (&xsc); - snprintf (buf, sizeof (buf), "%s (%d)", - X509_verify_cert_error_string (err), err); - debug_print (2, ("X509_verify_cert: %s\n", buf)); - } -#endif X509_STORE_CTX_cleanup (&xsc); X509_STORE_free (ctx); @@ -523,13 +493,11 @@ static int check_certificate_by_digest (X509 * peercert) /* expiration check */ if (X509_cmp_current_time (X509_get_notBefore (peercert)) >= 0) { - debug_print (2, ("Server certificate is not yet valid\n")); mutt_error (_("Server certificate is not yet valid")); mutt_sleep (2); return 0; } if (X509_cmp_current_time (X509_get_notAfter (peercert)) <= 0) { - debug_print (2, ("Server certificate has expired\n")); mutt_error (_("Server certificate has expired")); mutt_sleep (2); return 0; @@ -539,7 +507,7 @@ static int check_certificate_by_digest (X509 * peercert) return 0; if (!X509_digest (peercert, EVP_sha1 (), peermd, &peermdlen)) { - fclose (fp); + m_fclose(&fp); return 0; } @@ -549,7 +517,7 @@ static int check_certificate_by_digest (X509 * peercert) break; } X509_free (cert); - fclose (fp); + m_fclose(&fp); return pass; } @@ -557,8 +525,8 @@ static int check_certificate_by_digest (X509 * peercert) static int ssl_check_certificate (sslsockdata * data) { char *part[] = { "/CN=", "/Email=", "/O=", "/OU=", "/L=", "/ST=", "/C=" }; - char helpstr[SHORT_STRING]; - char buf[SHORT_STRING]; + char helpstr[STRING]; + char buf[STRING]; MUTTMENU *menu; int done, row, i; FILE *fp; @@ -566,18 +534,15 @@ static int ssl_check_certificate (sslsockdata * data) /* check session cache first */ if (check_certificate_cache (data->cert)) { - debug_print (1, ("ssl_check_certificate: using cached certificate\n")); return 1; } if (check_certificate_by_signer (data->cert)) { - debug_print (1, ("signer check passed\n")); return 1; } /* automatic check from user's database */ if (SslCertFile && check_certificate_by_digest (data->cert)) { - debug_print (1, ("digest check passed\n")); return 1; } @@ -586,42 +551,42 @@ static int ssl_check_certificate (sslsockdata * data) menu->max = 19; menu->dialog = p_new(char *, menu->max); for (i = 0; i < menu->max; i++) - menu->dialog[i] = p_new(char, SHORT_STRING); + menu->dialog[i] = p_new(char, STRING); row = 0; - m_strcpy(menu->dialog[row], SHORT_STRING, + m_strcpy(menu->dialog[row], STRING, _("This certificate belongs to:")); row++; name = X509_NAME_oneline (X509_get_subject_name (data->cert), buf, sizeof (buf)); for (i = 0; i < 5; i++) { c = x509_get_part (name, part[i]); - snprintf (menu->dialog[row++], SHORT_STRING, " %s", c); + snprintf (menu->dialog[row++], STRING, " %s", c); } row++; - m_strcpy(menu->dialog[row], SHORT_STRING, + m_strcpy(menu->dialog[row], STRING, _("This certificate was issued by:")); row++; name = X509_NAME_oneline (X509_get_issuer_name (data->cert), buf, sizeof (buf)); for (i = 0; i < 5; i++) { c = x509_get_part (name, part[i]); - snprintf (menu->dialog[row++], SHORT_STRING, " %s", c); + snprintf (menu->dialog[row++], STRING, " %s", c); } row++; - snprintf (menu->dialog[row++], SHORT_STRING, "%s", + snprintf (menu->dialog[row++], STRING, "%s", _("This certificate is valid")); - snprintf (menu->dialog[row++], SHORT_STRING, _(" from %s"), + snprintf (menu->dialog[row++], STRING, _(" from %s"), asn1time_to_string (X509_get_notBefore (data->cert))); - snprintf (menu->dialog[row++], SHORT_STRING, _(" to %s"), + snprintf (menu->dialog[row++], STRING, _(" to %s"), asn1time_to_string (X509_get_notAfter (data->cert))); row++; buf[0] = '\0'; x509_fingerprint (buf, sizeof (buf), data->cert); - snprintf (menu->dialog[row++], SHORT_STRING, _("Fingerprint: %s"), buf); + snprintf (menu->dialog[row++], STRING, _("Fingerprint: %s"), buf); menu->title = _("SSL Certificate check"); @@ -656,7 +621,7 @@ static int ssl_check_certificate (sslsockdata * data) if ((fp = fopen (SslCertFile, "a"))) { if (PEM_write_X509 (fp, data->cert)) done = 1; - fclose (fp); + m_fclose(&fp); } if (!done) { mutt_error (_("Warning: Couldn't save certificate")); @@ -684,7 +649,6 @@ static int ssl_check_certificate (sslsockdata * data) static void ssl_get_client_cert (sslsockdata * ssldata, CONNECTION * conn) { if (SslClientCert) { - debug_print (2, ("Using client certificate %s\n", SslClientCert)); SSL_CTX_set_default_passwd_cb_userdata (ssldata->ctx, &conn->account); SSL_CTX_set_default_passwd_cb (ssldata->ctx, ssl_passwd_cb); SSL_CTX_use_certificate_file (ssldata->ctx, SslClientCert, @@ -701,9 +665,6 @@ static int ssl_passwd_cb (char *buf, int size, int rwflag, void *userdata) if (mutt_account_getuser (account)) return 0; - debug_print (2, ("getting password for %s@%s:%u\n", - account->user, account->host, account->port)); - if (mutt_account_getpass (account)) return 0;