Revision 2366

libsylph/ssl.c (revision 2366)
273 273 

  		





  274
  274
  
    
	if ((server_cert = SSL_get_peer_certificate(sockinfo->ssl)) != NULL) {


  		





  275
  275
  
    
		glong verify_result;


  		





  
  276
  
    
		gboolean expired = FALSE;


  		





  276
  277
  
    

  		





  277
  278
  
    
		if (get_debug_mode()) {


  		





  278
  279
  
    
			gchar *str;


  		





  ......




  311
  312
  
    
			debug_print("SSL verify OK\n");


  		





  312
  313
  
    
			X509_free(server_cert);


  		





  313
  314
  
    
			return TRUE;


  		





  
  315
  
    
		} else if (verify_result == X509_V_ERR_CERT_HAS_EXPIRED) {


  		





  
  316
  
    
			log_message("SSL certificate of %s has expired\n", sockinfo->hostname);


  		





  
  317
  
    
			expired = TRUE;


  		





  314
  318
  
    
		} else if (g_slist_find_custom(trust_list, server_cert,


  		





  315
  319
  
    
					       x509_cmp_func) ||


  		





  316
  320
  
    
			   g_slist_find_custom(tmp_trust_list, server_cert,


  		





  ......




  346
  350
  
    
				return FALSE;


  		





  347
  351
  
    
			} else if (res > 0) {


  		





  348
  352
  
    
				debug_print("Temporarily accept SSL certificate of %s\n", sockinfo->hostname);


  		





  349
  
  
    
				tmp_trust_list = g_slist_prepend


  		





  350
  
  
    
					(tmp_trust_list, X509_dup(server_cert));


  		





  
  353
  
    
				if (!expired)


  		





  
  354
  
    
					tmp_trust_list = g_slist_prepend(tmp_trust_list, X509_dup(server_cert));


  		





  351
  355
  
    
			} else {


  		





  352
  356
  
    
				debug_print("Permanently accept SSL certificate of %s\n", sockinfo->hostname);


  		





  353
  
  
    
				trust_list = g_slist_prepend


  		





  354
  
  
    
					(trust_list, X509_dup(server_cert));


  		





  
  357
  
    
				if (!expired)


  		





  
  358
  
    
					trust_list = g_slist_prepend(trust_list, X509_dup(server_cert));


  		





  355
  359
  
    
			}


  		





  356
  360
  
    
		}


  		





  357
  361
  
    

  		













src/sslmanager.c	(revision 2366)






  59
  59
  
    
	gchar not_before[64] = "", not_after[64] = "";


  		





  60
  60
  
    
	gint i;


  		





  61
  61
  
    
	gint result;


  		





  
  62
  
    
	gboolean disable_always = FALSE;


  		





  62
  63
  
    

  		





  63
  64
  
    
	if (verify_result == X509_V_OK)


  		





  64
  65
  
    
		return 0;


  		





  ......




  174
  175
  
    
	}


  		





  175
  176
  
    
#endif


  		





  176
  177
  
    

  		





  
  178
  
    
	/* prohibit acception of expired certificates */


  		





  
  179
  
    
	if (verify_result == X509_V_ERR_CERT_HAS_EXPIRED)


  		





  
  180
  
    
		disable_always = TRUE;


  		





  
  181
  
    

  		





  177
  182
  
    
	if (prefs_common.comply_gnome_hig)


  		





  178
  183
  
    
		gtk_dialog_add_buttons(GTK_DIALOG(dialog),


  		





  179
  184
  
    
				       _("_Reject"), GTK_RESPONSE_REJECT,


  		





  ......




  187
  192
  
    
				       _("_Reject"), GTK_RESPONSE_REJECT,


  		





  188
  193
  
    
				       NULL);


  		





  189
  194
  
    
	gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);


  		





  
  195
  
    
	if (disable_always)


  		





  
  196
  
    
		gtk_dialog_set_response_sensitive(GTK_DIALOG(dialog),


  		





  
  197
  
    
						  GTK_RESPONSE_ACCEPT, FALSE);


  		





  190
  198
  
    

  		





  191
  199
  
    
	gtk_widget_show_all(dialog);


  		





  192
  200
  
    

  		













ChangeLog	(revision 2366)






  1
  1
  
    
2009-12-08


  		





  2
  2
  
    

  		





  
  3
  
    
	* libsylph/ssl.c


  		





  
  4
  
    
	  src/sslmanager.c: prohibit acception of expired certificates.


  		





  
  5
  
    

  		





  
  6
  
    
2009-12-08


  		





  
  7
  
    

  		





  3
  8
  
    
	* src/compose.c: compose_close_cb(): modified button order on win32.


  		





  4
  9
  
    

  		





  5
  10
  
    
2009-12-04


  		












Also available in:
	Unified diff