X-Git-Url: http://git.madism.org/?p=apps%2Fmadmutt.git;a=blobdiff_plain;f=mutt_ssl.c;h=020cd1da8bf1ba484ff8bd2e1e16ca8ffaaad264;hp=317728c1adc786faf33a7a38fdb64b48fad4d5f5;hb=5251a17c26fadd6559295f6962f831a97eeeefdb;hpb=df70e07e24add1869bcc9b7af2277d9d0c09a281 diff --git a/mutt_ssl.c b/mutt_ssl.c index 317728c..020cd1d 100644 --- a/mutt_ssl.c +++ b/mutt_ssl.c @@ -1,19 +1,10 @@ /* + * Copyright notice from original mutt: * Copyright (C) 1999-2001 Tommi Komulainen - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. + * + * This file is part of mutt-ng, see http://www.muttng.org/. + * It's licensed under the GNU General Public License, + * please see the file GPL in the top level source directory. */ #if HAVE_CONFIG_H @@ -35,6 +26,11 @@ #include "mutt_curses.h" #include "mutt_ssl.h" +#include "lib/mem.h" +#include "lib/intl.h" +#include "lib/str.h" +#include "lib/debug.h" + #if OPENSSL_VERSION_NUMBER >= 0x00904000L #define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL, NULL) #else @@ -91,19 +87,19 @@ int mutt_ssl_starttls (CONNECTION * conn) ssldata = (sslsockdata *) safe_calloc (1, sizeof (sslsockdata)); /* the ssl_use_xxx protocol options don't apply. We must use TLS in TLS. */ if (!(ssldata->ctx = SSL_CTX_new (TLSv1_client_method ()))) { - dprint (1, (debugfile, "mutt_ssl_starttls: Error allocating SSL_CTX\n")); + debug_print (1, ("Error allocating SSL_CTX\n")); goto bail_ssldata; } ssl_get_client_cert (ssldata, conn); if (!(ssldata->ssl = SSL_new (ssldata->ctx))) { - dprint (1, (debugfile, "mutt_ssl_starttls: Error allocating SSL\n")); + debug_print (1, ("Error allocating SSL\n")); goto bail_ctx; } if (SSL_set_fd (ssldata->ssl, conn->fd) != 1) { - dprint (1, (debugfile, "mutt_ssl_starttls: Error setting fd\n")); + debug_print (1, ("Error setting fd\n")); goto bail_ssl; } @@ -378,7 +374,7 @@ static char *x509_get_part (char *line, const char *ndx) c = strstr (line, ndx); if (c) { - c += strlen (ndx); + c += mutt_strlen (ndx); c2 = strchr (c, '/'); if (c2) *c2 = '\0'; @@ -440,13 +436,13 @@ static int check_certificate_by_signer (X509 * peercert) if (X509_STORE_set_default_paths (ctx)) pass++; else - dprint (2, (debugfile, "X509_STORE_set_default_paths failed\n")); + debug_print (2, ("X509_STORE_set_default_paths failed\n")); } if (X509_STORE_load_locations (ctx, SslCertFile, NULL)) pass++; else - dprint (2, (debugfile, "X509_STORE_load_locations_failed\n")); + debug_print (2, ("X509_STORE_load_locations_failed\n")); if (pass == 0) { /* nothing to do */ @@ -465,7 +461,7 @@ static int check_certificate_by_signer (X509 * peercert) err = X509_STORE_CTX_get_error (&xsc); snprintf (buf, sizeof (buf), "%s (%d)", X509_verify_cert_error_string (err), err); - dprint (2, (debugfile, "X509_verify_cert: %s\n", buf)); + debug_print (2, ("X509_verify_cert: %s\n", buf)); } #endif X509_STORE_CTX_cleanup (&xsc); @@ -484,13 +480,13 @@ static int check_certificate_by_digest (X509 * peercert) /* expiration check */ if (X509_cmp_current_time (X509_get_notBefore (peercert)) >= 0) { - dprint (2, (debugfile, "Server certificate is not yet valid\n")); + debug_print (2, ("Server certificate is not yet valid\n")); mutt_error (_("Server certificate is not yet valid")); mutt_sleep (2); return 0; } if (X509_cmp_current_time (X509_get_notAfter (peercert)) <= 0) { - dprint (2, (debugfile, "Server certificate has expired")); + debug_print (2, ("Server certificate has expired\n")); mutt_error (_("Server certificate has expired")); mutt_sleep (2); return 0; @@ -541,13 +537,13 @@ static int ssl_check_certificate (sslsockdata * data) char *name = NULL, *c; if (check_certificate_by_signer (data->cert)) { - dprint (1, (debugfile, "ssl_check_certificate: signer check passed\n")); + debug_print (1, ("signer check passed\n")); return 1; } /* automatic check from user's database */ if (SslCertFile && check_certificate_by_digest (data->cert)) { - dprint (1, (debugfile, "ssl_check_certificate: digest check passed\n")); + debug_print (1, ("digest check passed\n")); return 1; } @@ -594,7 +590,9 @@ static int ssl_check_certificate (sslsockdata * data) snprintf (menu->dialog[row++], SHORT_STRING, _("Fingerprint: %s"), buf); menu->title = _("SSL Certificate check"); - if (SslCertFile) { + + if (SslCertFile && X509_cmp_current_time (X509_get_notAfter (data->cert)) >= 0 + && X509_cmp_current_time (X509_get_notBefore (data->cert)) < 0) { menu->prompt = _("(r)eject, accept (o)nce, (a)ccept always"); menu->keys = _("roa"); } @@ -648,7 +646,7 @@ static int ssl_check_certificate (sslsockdata * data) static void ssl_get_client_cert (sslsockdata * ssldata, CONNECTION * conn) { if (SslClientCert) { - dprint (2, (debugfile, "Using client certificate %s\n", SslClientCert)); + debug_print (2, ("Using client certificate %s\n", SslClientCert)); SSL_CTX_set_default_passwd_cb_userdata (ssldata->ctx, &conn->account); SSL_CTX_set_default_passwd_cb (ssldata->ctx, ssl_passwd_cb); SSL_CTX_use_certificate_file (ssldata->ctx, SslClientCert, @@ -665,7 +663,7 @@ static int ssl_passwd_cb (char *buf, int size, int rwflag, void *userdata) if (mutt_account_getuser (account)) return 0; - dprint (2, (debugfile, "ssl_passwd_cb: getting password for %s@%s:%u\n", + debug_print (2, ("getting password for %s@%s:%u\n", account->user, account->host, account->port)); if (mutt_account_getpass (account))