PKGBUILDs/extra/claws-mail/claws-ssl-2.patch

140 lines
4.1 KiB
Diff
Raw Normal View History

2014-04-29 13:10:12 +00:00
From fe50206b4385404c38ad0421bdfb707bb6994d80 Mon Sep 17 00:00:00 2001
From: Nepu User <nepu@localhost.localdomain>
Date: Sun, 27 Apr 2014 14:55:18 +0200
Subject: [PATCH 2/3] upstream commit dda3675203030f329d527c697e14342c9c13a75c
---
src/common/ssl_certificate.c | 17 ++++++++++++++
src/common/ssl_certificate.h | 1 +
src/etpan/etpan-ssl.c | 53 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 71 insertions(+)
diff --git a/src/common/ssl_certificate.c b/src/common/ssl_certificate.c
index 84e017e..72f73ac 100644
--- a/src/common/ssl_certificate.c
+++ b/src/common/ssl_certificate.c
@@ -647,6 +647,23 @@ gboolean ssl_certificate_check (gnutls_x509_crt_t x509_cert, guint status, const
return TRUE;
}
+gboolean ssl_certificate_check_chain(gnutls_x509_crt_t *certs, gint chain_len, const gchar *host, gushort port)
+{
+ gboolean result = FALSE;
+ gint status;
+
+ gnutls_x509_crt_list_verify (certs,
+ chain_len,
+ NULL, 0,
+ NULL, 0,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ &status);
+
+ result = ssl_certificate_check(certs[0], status, host, port);
+
+ return result;
+}
+
gnutls_x509_crt_t ssl_certificate_get_x509_from_pem_file(const gchar *file)
{
gnutls_x509_crt_t x509 = NULL;
diff --git a/src/common/ssl_certificate.h b/src/common/ssl_certificate.h
index 8bbe2ac..fd8822a 100644
--- a/src/common/ssl_certificate.h
+++ b/src/common/ssl_certificate.h
@@ -58,6 +58,7 @@ struct _SSLCertHookData
SSLCertificate *ssl_certificate_find (const gchar *host, gushort port, const gchar *fingerprint);
gboolean ssl_certificate_check (gnutls_x509_crt_t x509_cert, guint status, const gchar *host, gushort port);
+gboolean ssl_certificate_check_chain(gnutls_x509_crt_t *certs, gint chain_len, const gchar *host, gushort port);
void ssl_certificate_destroy(SSLCertificate *cert);
void ssl_certificate_delete_from_disk(SSLCertificate *cert);
char * readable_fingerprint(unsigned char *src, int len);
diff --git a/src/etpan/etpan-ssl.c b/src/etpan/etpan-ssl.c
index 6642e40..c9dc9d8 100644
--- a/src/etpan/etpan-ssl.c
+++ b/src/etpan/etpan-ssl.c
@@ -26,6 +26,7 @@
#ifdef USE_GNUTLS
#ifdef HAVE_LIBETPAN
#include <libetpan/libetpan.h>
+#include <libetpan/libetpan_version.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <stdlib.h>
@@ -33,6 +34,7 @@
#include <glib/gi18n.h>
#include <errno.h>
+#include "etpan-ssl.h"
#include "ssl_certificate.h"
#include "utils.h"
#include "log.h"
@@ -40,6 +42,7 @@
gboolean etpan_certificate_check(mailstream *stream, const char *host, gint port)
{
+#if (!defined LIBETPAN_API_CURRENT || LIBETPAN_API_CURRENT < 18)
unsigned char *cert_der = NULL;
int len;
gnutls_x509_crt_t cert = NULL;
@@ -75,6 +78,56 @@ gboolean etpan_certificate_check(mailstream *stream, const char *host, gint port
gnutls_x509_crt_deinit(cert);
return FALSE;
}
+#else
+ carray *certs_der = NULL;
+ gint chain_len = 0, i;
+ gnutls_x509_crt_t *certs = NULL;
+ gboolean result;
+
+ if (stream == NULL)
+ return FALSE;
+
+ certs_der = mailstream_get_certificate_chain(stream);
+ if (!certs_der) {
+ g_warning("could not get certs");
+ return FALSE;
+ }
+ chain_len = carray_count(certs_der);
+
+ certs = malloc(sizeof(gnutls_x509_crt_t) * chain_len);
+ if (certs == NULL) {
+ g_warning("could not allocate certs");
+ return FALSE;
+ }
+
+ result = TRUE;
+ for (i = 0; i < chain_len; i++) {
+ MMAPString *cert_str = carray_get(certs_der, i);
+ gnutls_datum_t tmp;
+
+ tmp.data = malloc(cert_str->len);
+ memcpy(tmp.data, cert_str->str, cert_str->len);
+ tmp.size = cert_str->len;
+
+ mmap_string_free(cert_str);
+
+ gnutls_x509_crt_init(&certs[i]);
+ if (gnutls_x509_crt_import(certs[i], &tmp, GNUTLS_X509_FMT_DER) < 0)
+ result = FALSE;
+
+ free(tmp.data);
+ }
+
+ carray_free(certs_der);
+
+ if (result == TRUE)
+ result = ssl_certificate_check_chain(certs, chain_len, host, port);
+
+ for (i = 0; i < chain_len; i++)
+ gnutls_x509_crt_deinit(certs[i]);
+
+ return result;
+#endif
}
void etpan_connect_ssl_context_cb(struct mailstream_ssl_context * ssl_context, void * data)
--
1.9.2