X-Git-Url: http://git.madism.org/?p=apps%2Fmadmutt.git;a=blobdiff_plain;f=lib-sys%2Fmutt_ssl.cpkg;h=b1816c4d5bbc04265573210fbce4d37684a54704;hp=4495153e893335f795f0a6aa11254dfe062dbfa4;hb=98f62b5fcbd680fd5214ee85e1635b84322cbdd1;hpb=e87df0bb071ba21d6e3d6a47cb797c135605eba5

diff --git a/lib-sys/mutt_ssl.cpkg b/lib-sys/mutt_ssl.cpkg
index 4495153..b1816c4 100644
--- a/lib-sys/mutt_ssl.cpkg
+++ b/lib-sys/mutt_ssl.cpkg
@@ -13,7 +13,7 @@
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
 
-#include <lib-ui/curses.h>
+#include <lib-ui/lib-ui.h>
 #include <lib-ui/menu.h>
 
 #include "mutt.h"
@@ -31,33 +31,12 @@
      ** since it would otherwise have to abort the connection anyway. This
      ** option supersedes ``$$ssl_starttls''.
      */
-    bool starttls = 1;
-    /*
-     ** .pp
-     ** If \fIset\fP (the default), Madmutt will attempt to use STARTTLS on servers
-     ** advertising the capability. When \fIunset\fP, Madmutt will not attempt to
-     ** use STARTTLS regardless of the server's capabilities.
-     */
     bool use_sslv3 = 1;
     /*
      ** .pp
      ** This variables specifies whether to attempt to use SSLv3 in the
      ** SSL authentication process.
      */
-    bool use_tlsv1 = 1;
-    /*
-     ** .pp
-     ** This variables specifies whether to attempt to use TLSv1 in the
-     ** SSL authentication process.
-     */
-
-    int min_dh_prime_bits = 0;
-    /*
-     ** .pp
-     ** This variable specifies the minimum acceptable prime size (in bits)
-     ** for use in any Diffie-Hellman key exchange. A value of 0 will use
-     ** the default from the GNUTLS library.
-     */
 
     path_t cert_file = luaM_pathnew("~/.cache/madmutt/certificates");
     /*
@@ -147,7 +126,7 @@ static int tls_socket_read (CONNECTION * conn, char *buf, ssize_t len)
   }
 
   ret = gnutls_record_recv (data->state, buf, len);
-  if (gnutls_error_is_fatal (ret) == 1) {
+  if (ret < 0 && gnutls_error_is_fatal (ret) == 1) {
     mutt_error (_("tls_socket_read (%s)"), gnutls_strerror (ret));
     mutt_sleep (4);
     return -1;
@@ -167,7 +146,7 @@ static int tls_socket_write (CONNECTION * conn, const char *buf, ssize_t len)
   }
 
   ret = gnutls_record_send (data->state, buf, len);
-  if (gnutls_error_is_fatal (ret) == 1) {
+  if (ret < 0 && gnutls_error_is_fatal (ret) == 1) {
     mutt_error (_("tls_socket_write (%s)"), gnutls_strerror (ret));
     mutt_sleep (4);
     return -1;
@@ -244,15 +223,7 @@ static int tls_negotiate (CONNECTION * conn)
   gnutls_transport_set_ptr (data->state, (gnutls_transport_ptr)(intptr_t)conn->fd);
 
   /* disable TLS/SSL protocols as needed */
-  if (!mod_ssl.use_tlsv1 && !mod_ssl.use_sslv3) {
-    mutt_error (_("All available protocols for TLS/SSL connection disabled"));
-    goto fail;
-  }
-  else if (!mod_ssl.use_tlsv1) {
-    protocol_priority[0] = GNUTLS_SSL3;
-    protocol_priority[1] = 0;
-  }
-  else if (!mod_ssl.use_sslv3) {
+  if (!mod_ssl.use_sslv3) {
     protocol_priority[0] = GNUTLS_TLS1;
     protocol_priority[1] = 0;
   }
@@ -266,10 +237,6 @@ static int tls_negotiate (CONNECTION * conn)
   gnutls_set_default_priority (data->state);
   gnutls_protocol_set_priority (data->state, protocol_priority);
 
-  if (mod_ssl.min_dh_prime_bits > 0) {
-    gnutls_dh_set_prime_bits(data->state, mod_ssl.min_dh_prime_bits);
-  }
-
 /*
   gnutls_set_cred (data->state, GNUTLS_ANON, NULL);
 */
@@ -429,16 +396,18 @@ static void tls_fingerprint (gnutls_digest_algorithm algo,
 
 static char *tls_make_date (time_t t, char *s, ssize_t len)
 {
-  struct tm *l = gmtime (&t);
-
-  if (l)
-    snprintf (s, len, "%s, %d %s %d %02d:%02d:%02d UTC",
-              Weekdays[l->tm_wday], l->tm_mday, Months[l->tm_mon],
-              l->tm_year + 1900, l->tm_hour, l->tm_min, l->tm_sec);
-  else
-    m_strcpy(s, len, _("[invalid date]"));
+    struct tm *l = gmtime(&t);
+
+    if (l) {
+        const char *loc;
+        loc = setlocale(LC_TIME, "C");
+        strftime(s, len, "%a, %d %b %Y %T UTC", l);
+        setlocale(LC_TIME, loc);
+    } else {
+        m_strcpy(s, len, _("[invalid date]"));
+    }
 
-  return (s);
+    return s;
 }
 
 static int tls_check_stored_hostname (const gnutls_datum * cert,
@@ -493,8 +462,6 @@ static int tls_check_certificate (CONNECTION * conn)
 {
   tlssockdata *data = conn->sockdata;
   gnutls_session state = data->state;
-  char helpstr[STRING];
-  char buf[STRING];
   char fpbuf[STRING];
   ssize_t buflen;
   char dn_common_name[STRING];
@@ -788,13 +755,6 @@ static int tls_check_certificate (CONNECTION * conn)
     menu->keys = _("ro");
   }
 
-  helpstr[0] = '\0';
-  mutt_make_help (buf, sizeof (buf), _("Exit  "), MENU_GENERIC, OP_EXIT);
-  strncat (helpstr, buf, sizeof (helpstr));
-  mutt_make_help (buf, sizeof (buf), _("Help"), MENU_GENERIC, OP_HELP);
-  strncat (helpstr, buf, sizeof (helpstr));
-  menu->help = helpstr;
-
   done = 0;
   set_option (OPTUNBUFFEREDINPUT);
   while (!done) {
@@ -842,7 +802,7 @@ static int tls_check_certificate (CONNECTION * conn)
   unset_option (OPTUNBUFFEREDINPUT);
   mutt_menuDestroy (&menu);
   gnutls_x509_crt_deinit (cert);
-  return (done == 2);
+  return done == 2;
 }
 
 /* vim:set ft=c: */