diff --git a/ChangeLog.claws b/ChangeLog.claws index 2b872b8f8..56166e825 100644 --- a/ChangeLog.claws +++ b/ChangeLog.claws @@ -1,3 +1,14 @@ +2002-12-09 [colin] 0.8.6claws83 + + * src/gtk/sslcertwindow.[ch] + Implement hook for certificate acception + * src/ssl_certificate.[ch] + Implement hook for certificate acception + * src/common/ssl.c + Reenable certificate acception check + * src/mainwindow.c + Register sslcertwindow's hook + 2002-12-08 [christoph] 0.8.6claws82 * src/about.c diff --git a/configure.in b/configure.in index e2b3410e2..5bb93150f 100644 --- a/configure.in +++ b/configure.in @@ -11,7 +11,7 @@ MINOR_VERSION=8 MICRO_VERSION=6 INTERFACE_AGE=0 BINARY_AGE=0 -EXTRA_VERSION=claws82 +EXTRA_VERSION=claws83 VERSION=$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION$EXTRA_VERSION dnl set $target diff --git a/src/common/ssl.c b/src/common/ssl.c index c93e4b79a..ed639a04c 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -109,17 +109,12 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method) return FALSE; } -/* FIXME - - gui independant certificate check and callback for - gui for user accepted certificates - if (!ssl_certificate_check(server_cert, sockinfo->hostname, sockinfo->port)) { X509_free(server_cert); SSL_free(ssl); return FALSE; } -*/ + X509_free(server_cert); sockinfo->ssl = ssl; diff --git a/src/gtk/sslcertwindow.c b/src/gtk/sslcertwindow.c index d7d2d17d3..f56f82095 100644 --- a/src/gtk/sslcertwindow.c +++ b/src/gtk/sslcertwindow.c @@ -199,6 +199,25 @@ GtkWidget *cert_presenter(SSLCertificate *cert) return vbox; } +static gboolean sslcert_ask_hook(gpointer source, gpointer data) +{ + SSLCertHookData *hookdata = (SSLCertHookData *)source; + if (hookdata == NULL) { + return FALSE; + } + if (hookdata->old_cert == NULL) + hookdata->accept = sslcertwindow_ask_new_cert(hookdata->cert); + else + hookdata->accept = sslcertwindow_ask_changed_cert(hookdata->old_cert, hookdata->cert); + + return TRUE; +} + +void sslcertwindow_register_hook(void) +{ + hooks_register_hook(SSLCERT_ASK_HOOKLIST, sslcert_ask_hook, NULL); +} + void sslcertwindow_show_cert(SSLCertificate *cert) { GtkWidget *cert_widget = cert_presenter(cert); diff --git a/src/gtk/sslcertwindow.h b/src/gtk/sslcertwindow.h index a1fbdf427..0b0914add 100644 --- a/src/gtk/sslcertwindow.h +++ b/src/gtk/sslcertwindow.h @@ -34,6 +34,7 @@ GtkWidget *cert_presenter(SSLCertificate *cert); void sslcertwindow_show_cert(SSLCertificate *cert); +void sslcertwindow_register_hook(void); gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert); gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert); diff --git a/src/mainwindow.c b/src/mainwindow.c index d6fb53558..6677d7b62 100644 --- a/src/mainwindow.c +++ b/src/mainwindow.c @@ -83,6 +83,7 @@ #include "version.h" #include "selective_download.h" #include "ssl_manager.h" +#include "sslcertwindow.h" #define AC_LABEL_WIDTH 240 @@ -1103,7 +1104,9 @@ MainWindow *main_window_create(SeparateType type) summary_init(summaryview); messageview_init(messageview); log_window_init(mainwin->logwin); - +#ifdef USE_OPENSSL + sslcertwindow_register_hook(); +#endif mainwin->lock_count = 0; mainwin->menu_lock_count = 0; mainwin->cursor_count = 0; diff --git a/src/ssl_certificate.c b/src/ssl_certificate.c index a3676ce14..194e4e193 100644 --- a/src/ssl_certificate.c +++ b/src/ssl_certificate.c @@ -26,11 +26,11 @@ #include #include #include "ssl_certificate.h" -#include "sslcertwindow.h" #include "utils.h" #include "intl.h" #include "log.h" #include "socket.h" +#include "hooks.h" static SSLCertificate *ssl_certificate_new_lookup(X509 *x509_cert, gchar *host, gushort port, gboolean lookup); @@ -335,7 +335,8 @@ gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port) { SSLCertificate *current_cert = ssl_certificate_new(x509_cert, host, port); SSLCertificate *known_cert; - + SSLCertHookData cert_hook_data; + if (current_cert == NULL) { debug_print("Buggy certificate !\n"); return FALSE; @@ -381,11 +382,15 @@ gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port) return FALSE; } #endif - /* FIXME: replace this with a hook, then uncomment the check in ssl.c */ - val = sslcertwindow_ask_new_cert(current_cert); + cert_hook_data.cert = current_cert; + cert_hook_data.old_cert = NULL; + cert_hook_data.accept = FALSE; + + hooks_invoke(SSLCERT_ASK_HOOKLIST, &cert_hook_data); + g_free(err_msg); - if (!val) { + if (!cert_hook_data.accept) { ssl_certificate_destroy(current_cert); return FALSE; } else { @@ -416,12 +421,15 @@ gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port) return FALSE; } #endif + cert_hook_data.cert = current_cert; + cert_hook_data.old_cert = known_cert; + cert_hook_data.accept = FALSE; + + hooks_invoke(SSLCERT_ASK_HOOKLIST, &cert_hook_data); - /* FIXME: replace this with a hook, then uncomment the check in ssl.c */ - val = sslcertwindow_ask_changed_cert(known_cert, current_cert); g_free(err_msg); - if (!val) { + if (!cert_hook_data.accept) { ssl_certificate_destroy(current_cert); ssl_certificate_destroy(known_cert); return FALSE; diff --git a/src/ssl_certificate.h b/src/ssl_certificate.h index 237807275..c85010a7f 100644 --- a/src/ssl_certificate.h +++ b/src/ssl_certificate.h @@ -30,6 +30,8 @@ #include #include +#define SSLCERT_ASK_HOOKLIST "sslcert_ask" + typedef struct _SSLCertificate SSLCertificate; struct _SSLCertificate @@ -39,6 +41,15 @@ struct _SSLCertificate gushort port; }; +typedef struct _SSLCertHookData SSLCertHookData; + +struct _SSLCertHookData +{ + SSLCertificate *cert; + SSLCertificate *old_cert; + gboolean accept; +}; + SSLCertificate *ssl_certificate_find (gchar *host, gushort port); SSLCertificate *ssl_certificate_find_lookup (gchar *host, gushort port, gboolean lookup); gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port);