mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2024-09-19 22:08:32 +00:00
495 lines
16 KiB
Diff
495 lines
16 KiB
Diff
From 35da14ea91d4d32527fbe3293d2ffd26cd642710 Mon Sep 17 00:00:00 2001
|
|
From: Nepu User <nepu@localhost.localdomain>
|
|
Date: Sun, 27 Apr 2014 14:50:36 +0200
|
|
Subject: [PATCH 1/3] upstream commit b0c17cd08e482dbda407dabdc952dfcf5d8fdb6e
|
|
|
|
---
|
|
src/etpan/Makefile.am | 6 ++-
|
|
src/etpan/etpan-ssl.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++
|
|
src/etpan/etpan-ssl.h | 40 ++++++++++++++++
|
|
src/etpan/imap-thread.c | 96 +++-----------------------------------
|
|
src/etpan/nntp-thread.c | 83 ++-------------------------------
|
|
5 files changed, 175 insertions(+), 171 deletions(-)
|
|
create mode 100644 src/etpan/etpan-ssl.c
|
|
create mode 100644 src/etpan/etpan-ssl.h
|
|
|
|
diff --git a/src/etpan/Makefile.am b/src/etpan/Makefile.am
|
|
index b4bfe62..eb343b2 100644
|
|
--- a/src/etpan/Makefile.am
|
|
+++ b/src/etpan/Makefile.am
|
|
@@ -5,7 +5,8 @@ noinst_LTLIBRARIES = libclawsetpan.la
|
|
libclawsetpan_la_SOURCES = \
|
|
etpan-thread-manager.c \
|
|
imap-thread.c \
|
|
- nntp-thread.c
|
|
+ nntp-thread.c \
|
|
+ etpan-ssl.c
|
|
|
|
clawsetpanincludedir = $(pkgincludedir)/etpan
|
|
clawsetpaninclude_HEADERS = \
|
|
@@ -13,7 +14,8 @@ clawsetpaninclude_HEADERS = \
|
|
etpan-thread-manager.h \
|
|
etpan-errors.h \
|
|
imap-thread.h \
|
|
- nntp-thread.h
|
|
+ nntp-thread.h \
|
|
+ etpan-ssl.h
|
|
|
|
INCLUDES = \
|
|
-I$(top_srcdir)/src \
|
|
diff --git a/src/etpan/etpan-ssl.c b/src/etpan/etpan-ssl.c
|
|
new file mode 100644
|
|
index 0000000..6642e40
|
|
--- /dev/null
|
|
+++ b/src/etpan/etpan-ssl.c
|
|
@@ -0,0 +1,121 @@
|
|
+/*
|
|
+ * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
|
|
+ * Copyright (C) 1999-2012 Colin Leroy <colin@colino.net>
|
|
+ * and the Claws Mail team
|
|
+ *
|
|
+ * This program is free software; you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation; either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * This program is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
+ *
|
|
+ */
|
|
+
|
|
+#ifdef HAVE_CONFIG_H
|
|
+# include "config.h"
|
|
+#include "claws-features.h"
|
|
+#endif
|
|
+
|
|
+#ifdef USE_GNUTLS
|
|
+#ifdef HAVE_LIBETPAN
|
|
+#include <libetpan/libetpan.h>
|
|
+#include <gnutls/gnutls.h>
|
|
+#include <gnutls/x509.h>
|
|
+#include <stdlib.h>
|
|
+#include <glib.h>
|
|
+#include <glib/gi18n.h>
|
|
+#include <errno.h>
|
|
+
|
|
+#include "ssl_certificate.h"
|
|
+#include "utils.h"
|
|
+#include "log.h"
|
|
+#include "prefs_account.h"
|
|
+
|
|
+gboolean etpan_certificate_check(mailstream *stream, const char *host, gint port)
|
|
+{
|
|
+ unsigned char *cert_der = NULL;
|
|
+ int len;
|
|
+ gnutls_x509_crt_t cert = NULL;
|
|
+ gnutls_datum_t tmp;
|
|
+
|
|
+ if (stream == NULL)
|
|
+ return FALSE;
|
|
+
|
|
+ len = (int)mailstream_ssl_get_certificate(stream, &cert_der);
|
|
+
|
|
+ if (cert_der == NULL || len < 0) {
|
|
+ g_warning("no cert presented.\n");
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
+ tmp.data = malloc(len);
|
|
+ memcpy(tmp.data, cert_der, len);
|
|
+ tmp.size = len;
|
|
+ gnutls_x509_crt_init(&cert);
|
|
+
|
|
+ free(cert_der);
|
|
+
|
|
+ if (gnutls_x509_crt_import(cert, &tmp, GNUTLS_X509_FMT_DER) < 0) {
|
|
+ free(tmp.data);
|
|
+ g_warning("IMAP: can't get cert\n");
|
|
+ return FALSE;
|
|
+ } else if (ssl_certificate_check(cert, (guint)-1, host, port) == TRUE) {
|
|
+ free(tmp.data);
|
|
+ gnutls_x509_crt_deinit(cert);
|
|
+ return TRUE;
|
|
+ } else {
|
|
+ free(tmp.data);
|
|
+ gnutls_x509_crt_deinit(cert);
|
|
+ return FALSE;
|
|
+ }
|
|
+}
|
|
+
|
|
+void etpan_connect_ssl_context_cb(struct mailstream_ssl_context * ssl_context, void * data)
|
|
+{
|
|
+ PrefsAccount *account = (PrefsAccount *)data;
|
|
+ const gchar *cert_path = NULL;
|
|
+ const gchar *password = NULL;
|
|
+ gnutls_x509_crt_t x509 = NULL;
|
|
+ gnutls_x509_privkey_t pkey = NULL;
|
|
+
|
|
+ if (account->in_ssl_client_cert_file && *account->in_ssl_client_cert_file)
|
|
+ cert_path = account->in_ssl_client_cert_file;
|
|
+ if (account->in_ssl_client_cert_pass && *account->in_ssl_client_cert_pass)
|
|
+ password = account->in_ssl_client_cert_pass;
|
|
+
|
|
+ if (mailstream_ssl_set_client_certificate_data(ssl_context, NULL, 0) < 0 ||
|
|
+ mailstream_ssl_set_client_private_key_data(ssl_context, NULL, 0) < 0)
|
|
+ debug_print("Impossible to set the client certificate.\n");
|
|
+ x509 = ssl_certificate_get_x509_from_pem_file(cert_path);
|
|
+ pkey = ssl_certificate_get_pkey_from_pem_file(cert_path);
|
|
+ if (!(x509 && pkey)) {
|
|
+ /* try pkcs12 format */
|
|
+ ssl_certificate_get_x509_and_pkey_from_p12_file(cert_path, password, &x509, &pkey);
|
|
+ }
|
|
+ if (x509 && pkey) {
|
|
+ unsigned char *x509_der = NULL, *pkey_der = NULL;
|
|
+ size_t x509_len, pkey_len;
|
|
+
|
|
+ x509_len = (size_t)gnutls_i2d_X509(x509, &x509_der);
|
|
+ pkey_len = (size_t)gnutls_i2d_PrivateKey(pkey, &pkey_der);
|
|
+ if (x509_len > 0 && pkey_len > 0) {
|
|
+ if (mailstream_ssl_set_client_certificate_data(ssl_context, x509_der, x509_len) < 0 ||
|
|
+ mailstream_ssl_set_client_private_key_data(ssl_context, pkey_der, pkey_len) < 0)
|
|
+ log_error(LOG_PROTOCOL, _("Impossible to set the client certificate.\n"));
|
|
+ g_free(x509_der);
|
|
+ g_free(pkey_der);
|
|
+ }
|
|
+ gnutls_x509_crt_deinit(x509);
|
|
+ gnutls_x509_privkey_deinit(pkey);
|
|
+ }
|
|
+}
|
|
+
|
|
+#endif /* USE_GNUTLS */
|
|
+#endif /* HAVE_LIBETPAN */
|
|
diff --git a/src/etpan/etpan-ssl.h b/src/etpan/etpan-ssl.h
|
|
new file mode 100644
|
|
index 0000000..5607d1a
|
|
--- /dev/null
|
|
+++ b/src/etpan/etpan-ssl.h
|
|
@@ -0,0 +1,40 @@
|
|
+/*
|
|
+ * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
|
|
+ * Copyright (C) 1999-2012 Colin Leroy <colin@colino.net>
|
|
+ * and the Claws Mail team
|
|
+ *
|
|
+ * This program is free software; you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation; either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * This program is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
+ *
|
|
+ */
|
|
+
|
|
+#ifndef __ETPAN_SSL_H__
|
|
+#define __ETPAN_SSL_H__
|
|
+
|
|
+#ifdef HAVE_CONFIG_H
|
|
+# include "config.h"
|
|
+#include "claws-features.h"
|
|
+#endif
|
|
+
|
|
+#ifdef USE_GNUTLS
|
|
+#ifdef HAVE_LIBETPAN
|
|
+
|
|
+#include <libetpan/libetpan.h>
|
|
+
|
|
+gboolean etpan_certificate_check(mailstream *imap_stream, const char *host, gint port);
|
|
+void etpan_connect_ssl_context_cb(struct mailstream_ssl_context * ssl_context, void * data);
|
|
+
|
|
+#endif /* USE_GNUTLS */
|
|
+#endif /* HAVE_LIBETPAN */
|
|
+
|
|
+#endif /* __ETPAN_SSL_H__ */
|
|
diff --git a/src/etpan/imap-thread.c b/src/etpan/imap-thread.c
|
|
index b71e4d7..4332f59 100644
|
|
--- a/src/etpan/imap-thread.c
|
|
+++ b/src/etpan/imap-thread.c
|
|
@@ -41,6 +41,7 @@
|
|
#include <gtk/gtk.h>
|
|
#include <log.h>
|
|
#include "etpan-thread-manager.h"
|
|
+#include "etpan-ssl.h"
|
|
#include "utils.h"
|
|
#include "mainwindow.h"
|
|
#include "ssl.h"
|
|
@@ -519,79 +520,6 @@ int imap_threaded_connect(Folder * folder, const char * server, int port)
|
|
return result.error;
|
|
}
|
|
|
|
-static int etpan_certificate_check(const unsigned char *certificate, int len, void *data)
|
|
-{
|
|
-#ifdef USE_GNUTLS
|
|
- struct connect_param *param = (struct connect_param *)data;
|
|
- gnutls_x509_crt_t cert = NULL;
|
|
- gnutls_datum_t tmp;
|
|
-
|
|
- if (certificate == NULL || len < 0) {
|
|
- g_warning("no cert presented.\n");
|
|
- return 0;
|
|
- }
|
|
-
|
|
- tmp.data = malloc(len);
|
|
- memcpy(tmp.data, certificate, len);
|
|
- tmp.size = len;
|
|
- gnutls_x509_crt_init(&cert);
|
|
- if (gnutls_x509_crt_import(cert, &tmp, GNUTLS_X509_FMT_DER) < 0) {
|
|
- g_warning("IMAP: can't get cert\n");
|
|
- return 0;
|
|
- } else if (ssl_certificate_check(cert, (guint)-1, (gchar *)param->server,
|
|
- (gushort)param->port) == TRUE) {
|
|
- gnutls_x509_crt_deinit(cert);
|
|
- return 0;
|
|
- } else {
|
|
- gnutls_x509_crt_deinit(cert);
|
|
- return -1;
|
|
- }
|
|
-#endif
|
|
- return 0;
|
|
-}
|
|
-
|
|
-static void connect_ssl_context_cb(struct mailstream_ssl_context * ssl_context, void * data)
|
|
-{
|
|
-#ifdef USE_GNUTLS
|
|
- PrefsAccount *account = (PrefsAccount *)data;
|
|
- const gchar *cert_path = NULL;
|
|
- const gchar *password = NULL;
|
|
- gnutls_x509_crt_t x509 = NULL;
|
|
- gnutls_x509_privkey_t pkey = NULL;
|
|
-
|
|
- if (account->in_ssl_client_cert_file && *account->in_ssl_client_cert_file)
|
|
- cert_path = account->in_ssl_client_cert_file;
|
|
- if (account->in_ssl_client_cert_pass && *account->in_ssl_client_cert_pass)
|
|
- password = account->in_ssl_client_cert_pass;
|
|
-
|
|
- if (mailstream_ssl_set_client_certificate_data(ssl_context, NULL, 0) < 0 ||
|
|
- mailstream_ssl_set_client_private_key_data(ssl_context, NULL, 0) < 0)
|
|
- debug_print("Impossible to set the client certificate.\n");
|
|
- x509 = ssl_certificate_get_x509_from_pem_file(cert_path);
|
|
- pkey = ssl_certificate_get_pkey_from_pem_file(cert_path);
|
|
- if (!(x509 && pkey)) {
|
|
- /* try pkcs12 format */
|
|
- ssl_certificate_get_x509_and_pkey_from_p12_file(cert_path, password, &x509, &pkey);
|
|
- }
|
|
- if (x509 && pkey) {
|
|
- unsigned char *x509_der = NULL, *pkey_der = NULL;
|
|
- size_t x509_len, pkey_len;
|
|
-
|
|
- x509_len = (size_t)gnutls_i2d_X509(x509, &x509_der);
|
|
- pkey_len = (size_t)gnutls_i2d_PrivateKey(pkey, &pkey_der);
|
|
- if (x509_len > 0 && pkey_len > 0) {
|
|
- if (mailstream_ssl_set_client_certificate_data(ssl_context, x509_der, x509_len) < 0 ||
|
|
- mailstream_ssl_set_client_private_key_data(ssl_context, pkey_der, pkey_len) < 0)
|
|
- log_error(LOG_PROTOCOL, _("Impossible to set the client certificate.\n"));
|
|
- g_free(x509_der);
|
|
- g_free(pkey_der);
|
|
- }
|
|
- gnutls_x509_crt_deinit(x509);
|
|
- gnutls_x509_privkey_deinit(pkey);
|
|
- }
|
|
-#endif
|
|
-}
|
|
-
|
|
static void connect_ssl_run(struct etpan_thread_op * op)
|
|
{
|
|
int r;
|
|
@@ -605,7 +533,7 @@ static void connect_ssl_run(struct etpan_thread_op * op)
|
|
|
|
r = mailimap_ssl_connect_with_callback(param->imap,
|
|
param->server, param->port,
|
|
- connect_ssl_context_cb, param->account);
|
|
+ etpan_connect_ssl_context_cb, param->account);
|
|
result->error = r;
|
|
}
|
|
|
|
@@ -616,8 +544,6 @@ int imap_threaded_connect_ssl(Folder * folder, const char * server, int port)
|
|
chashdatum key;
|
|
chashdatum value;
|
|
mailimap * imap, * oldimap;
|
|
- unsigned char *certificate = NULL;
|
|
- int cert_len;
|
|
|
|
oldimap = get_imap(folder);
|
|
|
|
@@ -644,11 +570,8 @@ int imap_threaded_connect_ssl(Folder * folder, const char * server, int port)
|
|
|
|
if ((result.error == MAILIMAP_NO_ERROR_AUTHENTICATED ||
|
|
result.error == MAILIMAP_NO_ERROR_NON_AUTHENTICATED) && !etpan_skip_ssl_cert_check) {
|
|
- cert_len = (int)mailstream_ssl_get_certificate(imap->imap_stream, &certificate);
|
|
- if (etpan_certificate_check(certificate, cert_len, ¶m) < 0)
|
|
- return -1;
|
|
- if (certificate)
|
|
- free(certificate);
|
|
+ if (etpan_certificate_check(imap->imap_stream, server, port) < 0)
|
|
+ result.error = MAILIMAP_ERROR_SSL;
|
|
}
|
|
debug_print("connect %d with imap %p\n", result.error, imap);
|
|
|
|
@@ -1156,7 +1079,7 @@ static void starttls_run(struct etpan_thread_op * op)
|
|
return;
|
|
}
|
|
|
|
- tls_low = mailstream_low_tls_open_with_callback(fd, connect_ssl_context_cb, param->account);
|
|
+ tls_low = mailstream_low_tls_open_with_callback(fd, etpan_connect_ssl_context_cb, param->account);
|
|
if (tls_low == NULL) {
|
|
debug_print("imap starttls run - can't tls_open\n");
|
|
result->error = MAILIMAP_ERROR_STREAM;
|
|
@@ -1171,8 +1094,6 @@ int imap_threaded_starttls(Folder * folder, const gchar *host, int port)
|
|
{
|
|
struct connect_param param;
|
|
struct starttls_result result;
|
|
- int cert_len;
|
|
- unsigned char *certificate = NULL;
|
|
|
|
debug_print("imap starttls - begin\n");
|
|
|
|
@@ -1186,11 +1107,8 @@ int imap_threaded_starttls(Folder * folder, const gchar *host, int port)
|
|
debug_print("imap starttls - end\n");
|
|
|
|
if (result.error == 0 && param.imap && !etpan_skip_ssl_cert_check) {
|
|
- cert_len = (int)mailstream_ssl_get_certificate(param.imap->imap_stream, &certificate);
|
|
- if (etpan_certificate_check(certificate, cert_len, ¶m) < 0)
|
|
- result.error = MAILIMAP_ERROR_STREAM;
|
|
- if (certificate)
|
|
- free(certificate);
|
|
+ if (etpan_certificate_check(param.imap->imap_stream, host, port) < 0)
|
|
+ return MAILIMAP_ERROR_SSL;
|
|
}
|
|
return result.error;
|
|
}
|
|
diff --git a/src/etpan/nntp-thread.c b/src/etpan/nntp-thread.c
|
|
index 6d76e7a..84a2f83 100644
|
|
--- a/src/etpan/nntp-thread.c
|
|
+++ b/src/etpan/nntp-thread.c
|
|
@@ -41,6 +41,7 @@
|
|
#include <gtk/gtk.h>
|
|
#include <log.h>
|
|
#include "etpan-thread-manager.h"
|
|
+#include "etpan-ssl.h"
|
|
#include "utils.h"
|
|
#include "mainwindow.h"
|
|
#include "ssl_certificate.h"
|
|
@@ -373,79 +374,6 @@ int nntp_threaded_connect(Folder * folder, const char * server, int port)
|
|
return result.error;
|
|
}
|
|
|
|
-static int etpan_certificate_check(const unsigned char *certificate, int len, void *data)
|
|
-{
|
|
-#ifdef USE_GNUTLS
|
|
- struct connect_param *param = (struct connect_param *)data;
|
|
- gnutls_x509_crt_t cert = NULL;
|
|
- gnutls_datum_t tmp;
|
|
-
|
|
- if (certificate == NULL || len < 0) {
|
|
- g_warning("no cert presented.\n");
|
|
- return 0;
|
|
- }
|
|
-
|
|
- tmp.data = malloc(len);
|
|
- memcpy(tmp.data, certificate, len);
|
|
- tmp.size = len;
|
|
- gnutls_x509_crt_init(&cert);
|
|
- if (gnutls_x509_crt_import(cert, &tmp, GNUTLS_X509_FMT_DER) < 0) {
|
|
- g_warning("nntp: can't get cert\n");
|
|
- return 0;
|
|
- } else if (ssl_certificate_check(cert, (guint)-1,
|
|
- (gchar *)param->server, (gushort)param->port) == TRUE) {
|
|
- gnutls_x509_crt_deinit(cert);
|
|
- return 0;
|
|
- } else {
|
|
- gnutls_x509_crt_deinit(cert);
|
|
- return -1;
|
|
- }
|
|
-#endif
|
|
- return 0;
|
|
-}
|
|
-
|
|
-static void connect_ssl_context_cb(struct mailstream_ssl_context * ssl_context, void * data)
|
|
-{
|
|
-#ifdef USE_GNUTLS
|
|
- PrefsAccount *account = (PrefsAccount *)data;
|
|
- const gchar *cert_path = NULL;
|
|
- const gchar *password = NULL;
|
|
- gnutls_x509_crt_t x509 = NULL;
|
|
- gnutls_x509_privkey_t pkey = NULL;
|
|
-
|
|
- if (account->in_ssl_client_cert_file && *account->in_ssl_client_cert_file)
|
|
- cert_path = account->in_ssl_client_cert_file;
|
|
- if (account->in_ssl_client_cert_pass && *account->in_ssl_client_cert_pass)
|
|
- password = account->in_ssl_client_cert_pass;
|
|
-
|
|
- if (mailstream_ssl_set_client_certificate_data(ssl_context, NULL, 0) < 0 ||
|
|
- mailstream_ssl_set_client_private_key_data(ssl_context, NULL, 0) < 0)
|
|
- debug_print("Impossible to set the client certificate.\n");
|
|
- x509 = ssl_certificate_get_x509_from_pem_file(cert_path);
|
|
- pkey = ssl_certificate_get_pkey_from_pem_file(cert_path);
|
|
- if (!(x509 && pkey)) {
|
|
- /* try pkcs12 format */
|
|
- ssl_certificate_get_x509_and_pkey_from_p12_file(cert_path, password, &x509, &pkey);
|
|
- }
|
|
- if (x509 && pkey) {
|
|
- unsigned char *x509_der = NULL, *pkey_der = NULL;
|
|
- size_t x509_len, pkey_len;
|
|
-
|
|
- x509_len = (size_t)gnutls_i2d_X509(x509, &x509_der);
|
|
- pkey_len = (size_t)gnutls_i2d_PrivateKey(pkey, &pkey_der);
|
|
- if (x509_len > 0 && pkey_len > 0) {
|
|
- if (mailstream_ssl_set_client_certificate_data(ssl_context, x509_der, x509_len) < 0 ||
|
|
- mailstream_ssl_set_client_private_key_data(ssl_context, pkey_der, pkey_len) < 0)
|
|
- log_error(LOG_PROTOCOL, _("Impossible to set the client certificate.\n"));
|
|
- g_free(x509_der);
|
|
- g_free(pkey_der);
|
|
- }
|
|
- gnutls_x509_crt_deinit(x509);
|
|
- gnutls_x509_privkey_deinit(pkey);
|
|
- }
|
|
-#endif
|
|
-}
|
|
-
|
|
static void connect_ssl_run(struct etpan_thread_op * op)
|
|
{
|
|
int r;
|
|
@@ -459,7 +387,7 @@ static void connect_ssl_run(struct etpan_thread_op * op)
|
|
|
|
r = newsnntp_ssl_connect_with_callback(param->nntp,
|
|
param->server, param->port,
|
|
- connect_ssl_context_cb, param->account);
|
|
+ etpan_connect_ssl_context_cb, param->account);
|
|
result->error = r;
|
|
}
|
|
|
|
@@ -470,8 +398,6 @@ int nntp_threaded_connect_ssl(Folder * folder, const char * server, int port)
|
|
chashdatum key;
|
|
chashdatum value;
|
|
newsnntp * nntp, * oldnntp;
|
|
- unsigned char *certificate = NULL;
|
|
- int cert_len;
|
|
|
|
oldnntp = get_nntp(folder);
|
|
|
|
@@ -497,11 +423,8 @@ int nntp_threaded_connect_ssl(Folder * folder, const char * server, int port)
|
|
threaded_run(folder, ¶m, &result, connect_ssl_run);
|
|
|
|
if (result.error == NEWSNNTP_NO_ERROR && !etpan_skip_ssl_cert_check) {
|
|
- cert_len = (int)mailstream_ssl_get_certificate(nntp->nntp_stream, &certificate);
|
|
- if (etpan_certificate_check(certificate, cert_len, ¶m) < 0)
|
|
+ if (etpan_certificate_check(nntp->nntp_stream, server, port) < 0)
|
|
return -1;
|
|
- if (certificate)
|
|
- free(certificate);
|
|
}
|
|
debug_print("connect %d with nntp %p\n", result.error, nntp);
|
|
|
|
--
|
|
1.9.2
|
|
|