root / src / ssl.c @ 1
History | View | Annotate | Download (3.3 kB)
| 1 | /*
|
|---|---|
| 2 | * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client |
| 3 | * Copyright (C) 1999-2002 Hiroyuki Yamamoto |
| 4 | * |
| 5 | * This program is free software; you can redistribute it and/or modify |
| 6 | * it under the terms of the GNU General Public License as published by |
| 7 | * the Free Software Foundation; either version 2 of the License, or |
| 8 | * (at your option) any later version. |
| 9 | * |
| 10 | * This program is distributed in the hope that it will be useful, |
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | * GNU General Public License for more details. |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public License |
| 16 | * along with this program; if not, write to the Free Software |
| 17 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 18 | */ |
| 19 | |
| 20 | #ifdef HAVE_CONFIG_H
|
| 21 | # include "config.h" |
| 22 | #endif
|
| 23 | |
| 24 | #if USE_SSL
|
| 25 | |
| 26 | #include "defs.h" |
| 27 | |
| 28 | #include <glib.h> |
| 29 | |
| 30 | #include "intl.h" |
| 31 | #include "utils.h" |
| 32 | #include "ssl.h" |
| 33 | |
| 34 | static SSL_CTX *ssl_ctx_SSLv23;
|
| 35 | static SSL_CTX *ssl_ctx_TLSv1;
|
| 36 | |
| 37 | void ssl_init(void) |
| 38 | {
|
| 39 | SSL_library_init(); |
| 40 | SSL_load_error_strings(); |
| 41 | |
| 42 | ssl_ctx_SSLv23 = SSL_CTX_new(SSLv23_client_method()); |
| 43 | if (ssl_ctx_SSLv23 == NULL) { |
| 44 | debug_print(_("SSLv23 not available\n"));
|
| 45 | } else {
|
| 46 | debug_print(_("SSLv23 available\n"));
|
| 47 | } |
| 48 | |
| 49 | ssl_ctx_TLSv1 = SSL_CTX_new(TLSv1_client_method()); |
| 50 | if (ssl_ctx_TLSv1 == NULL) { |
| 51 | debug_print(_("TLSv1 not available\n"));
|
| 52 | } else {
|
| 53 | debug_print(_("TLSv1 available\n"));
|
| 54 | } |
| 55 | } |
| 56 | |
| 57 | void ssl_done(void) |
| 58 | {
|
| 59 | if (ssl_ctx_SSLv23) {
|
| 60 | SSL_CTX_free(ssl_ctx_SSLv23); |
| 61 | } |
| 62 | |
| 63 | if (ssl_ctx_TLSv1) {
|
| 64 | SSL_CTX_free(ssl_ctx_TLSv1); |
| 65 | } |
| 66 | } |
| 67 | |
| 68 | gboolean ssl_init_socket(SockInfo *sockinfo) |
| 69 | {
|
| 70 | return ssl_init_socket_with_method(sockinfo, SSL_METHOD_SSLv23);
|
| 71 | } |
| 72 | |
| 73 | gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method) |
| 74 | {
|
| 75 | X509 *server_cert; |
| 76 | gint ret; |
| 77 | |
| 78 | switch (method) {
|
| 79 | case SSL_METHOD_SSLv23:
|
| 80 | if (!ssl_ctx_SSLv23) {
|
| 81 | g_warning(_("SSL method not available\n"));
|
| 82 | return FALSE;
|
| 83 | } |
| 84 | sockinfo->ssl = SSL_new(ssl_ctx_SSLv23); |
| 85 | break;
|
| 86 | case SSL_METHOD_TLSv1:
|
| 87 | if (!ssl_ctx_TLSv1) {
|
| 88 | g_warning(_("SSL method not available\n"));
|
| 89 | return FALSE;
|
| 90 | } |
| 91 | sockinfo->ssl = SSL_new(ssl_ctx_TLSv1); |
| 92 | break;
|
| 93 | default:
|
| 94 | g_warning(_("Unknown SSL method *PROGRAM BUG*\n"));
|
| 95 | return FALSE;
|
| 96 | break;
|
| 97 | } |
| 98 | |
| 99 | if (sockinfo->ssl == NULL) { |
| 100 | g_warning(_("Error creating ssl context\n"));
|
| 101 | return FALSE;
|
| 102 | } |
| 103 | |
| 104 | SSL_set_fd(sockinfo->ssl, sockinfo->sock); |
| 105 | if ((ret = SSL_connect(sockinfo->ssl)) == -1) { |
| 106 | g_warning(_("SSL connect failed (%s)\n"),
|
| 107 | ERR_error_string(ERR_get_error(), NULL));
|
| 108 | return FALSE;
|
| 109 | } |
| 110 | |
| 111 | /* Get the cipher */
|
| 112 | |
| 113 | debug_print(_("SSL connection using %s\n"),
|
| 114 | SSL_get_cipher(sockinfo->ssl)); |
| 115 | |
| 116 | /* Get server's certificate (note: beware of dynamic allocation) */
|
| 117 | |
| 118 | if ((server_cert = SSL_get_peer_certificate(sockinfo->ssl)) != NULL) { |
| 119 | gchar *str; |
| 120 | |
| 121 | debug_print(_("Server certificate:\n"));
|
| 122 | |
| 123 | if ((str = X509_NAME_oneline(X509_get_subject_name(server_cert), 0, 0)) != NULL) { |
| 124 | debug_print(_(" Subject: %s\n"), str);
|
| 125 | free(str); |
| 126 | } |
| 127 | |
| 128 | if ((str = X509_NAME_oneline(X509_get_issuer_name(server_cert), 0, 0)) != NULL) { |
| 129 | debug_print(_(" Issuer: %s\n"), str);
|
| 130 | free(str); |
| 131 | } |
| 132 | |
| 133 | X509_free(server_cert); |
| 134 | } |
| 135 | |
| 136 | return TRUE;
|
| 137 | } |
| 138 | |
| 139 | void ssl_done_socket(SockInfo *sockinfo)
|
| 140 | {
|
| 141 | if (sockinfo->ssl) {
|
| 142 | SSL_free(sockinfo->ssl); |
| 143 | } |
| 144 | } |
| 145 | |
| 146 | #endif /* USE_SSL */ |