283412fa01
* README * README.jp * configure.ac * config/config.rpath * doc/manual/en/sylpheed-20.html * doc/manual/es/sylpheed-20.html * po/bg.po * po/ca.po * po/de.po * po/es.po * po/fr.po * po/it.po * po/pt_BR.po * po/sk.po * po/zh_TW.po * src/account.c * src/account.h * src/action.c * src/action.h * src/adbookbase.h * src/addr_compl.c * src/addr_compl.h * src/addrbook.c * src/addrbook.h * src/addrcache.c * src/addrcache.h * src/addrcindex.c * src/addrcindex.h * src/addrclip.c * src/addrclip.h * src/addrdefs.h * src/addressadd.c * src/addressadd.h * src/addressbook.c * src/addressbook.h * src/addressitem.h * src/addrgather.c * src/addrgather.h * src/addrharvest.c * src/addrharvest.h * src/addrindex.c * src/addrindex.h * src/addritem.c * src/addritem.h * src/addrquery.c * src/addrquery.h * src/addrselect.c * src/addrselect.h * src/alertpanel.c * src/alertpanel.h * src/browseldap.c * src/browseldap.h * src/codeconv.c * src/codeconv.h * src/compose.c * src/compose.h * src/crash.c * src/crash.h * src/customheader.c * src/customheader.h * src/displayheader.c * src/displayheader.h * src/editaddress.c * src/editaddress.h * src/editbook.c * src/editbook.h * src/editgroup.c * src/editgroup.h * src/editjpilot.c * src/editjpilot.h * src/editldap.c * src/editldap.h * src/editldap_basedn.c * src/editldap_basedn.h * src/editvcard.c * src/editvcard.h * src/enriched.c * src/enriched.h * src/exphtmldlg.c * src/exphtmldlg.h * src/expldifdlg.c * src/expldifdlg.h * src/export.c * src/export.h * src/exporthtml.c * src/exporthtml.h * src/exportldif.c * src/exportldif.h * src/filtering.c * src/filtering.h * src/folder.c * src/folder.h * src/folder_item_prefs.c * src/folder_item_prefs.h * src/foldersel.c * src/foldersel.h * src/folderutils.c * src/folderutils.h * src/folderview.c * src/folderview.h * src/grouplistdialog.c * src/grouplistdialog.h * src/headerview.c * src/headerview.h * src/html.c * src/html.h * src/image_viewer.c * src/image_viewer.h * src/imap.c * src/imap.h * src/imap_gtk.c * src/imap_gtk.h * src/import.c * src/import.h * src/importldif.c * src/importldif.h * src/importmutt.c * src/importmutt.h * src/importpine.c * src/importpine.h * src/inc.c * src/inc.h * src/jpilot.c * src/jpilot.h * src/ldapctrl.c * src/ldapctrl.h * src/ldaplocate.c * src/ldaplocate.h * src/ldapquery.c * src/ldapquery.h * src/ldapserver.c * src/ldapserver.h * src/ldaputil.c * src/ldaputil.h * src/ldif.c * src/ldif.h * src/localfolder.c * src/localfolder.h * src/main.c * src/main.h * src/mainwindow.c * src/mainwindow.h * src/manual.c * src/manual.h * src/matcher.c * src/matcher.h * src/matcher_parser.h * src/matcher_parser_lex.l * src/matcher_parser_parse.y * src/mbox.c * src/mbox.h * src/message_search.c * src/message_search.h * src/messageview.c * src/messageview.h * src/mh.c * src/mh.h * src/mh_gtk.c * src/mh_gtk.h * src/mimeview.c * src/mimeview.h * src/msgcache.c * src/msgcache.h * src/mutt.c * src/mutt.h * src/news.c * src/news.h * src/news_gtk.c * src/news_gtk.h * src/noticeview.c * src/noticeview.h * src/partial_download.c * src/partial_download.h * src/pine.c * src/pine.h * src/pop.c * src/pop.h * src/prefs_account.c * src/prefs_account.h * src/prefs_actions.c * src/prefs_actions.h * src/prefs_common.c * src/prefs_common.h * src/prefs_compose_writing.c * src/prefs_compose_writing.h * src/prefs_customheader.c * src/prefs_customheader.h * src/prefs_display_header.c * src/prefs_display_header.h * src/prefs_ext_prog.c * src/prefs_ext_prog.h * src/prefs_filtering.c * src/prefs_filtering.h * src/prefs_filtering_action.c * src/prefs_filtering_action.h * src/prefs_folder_column.c * src/prefs_folder_column.h * src/prefs_folder_item.c * src/prefs_folder_item.h * src/prefs_fonts.c * src/prefs_fonts.h * src/prefs_gtk.c * src/prefs_gtk.h * src/prefs_image_viewer.c * src/prefs_image_viewer.h * src/prefs_matcher.c * src/prefs_matcher.h * src/prefs_message.c * src/prefs_message.h * src/prefs_msg_colors.c * src/prefs_msg_colors.h * src/prefs_other.c * src/prefs_other.h * src/prefs_quote.c * src/prefs_quote.h * src/prefs_receive.c * src/prefs_receive.h * src/prefs_send.c * src/prefs_send.h * src/prefs_spelling.c * src/prefs_spelling.h * src/prefs_summaries.c * src/prefs_summaries.h * src/prefs_summary_column.c * src/prefs_summary_column.h * src/prefs_template.c * src/prefs_template.h * src/prefs_themes.c * src/prefs_themes.h * src/prefs_toolbar.c * src/prefs_toolbar.h * src/prefs_wrapping.c * src/prefs_wrapping.h * src/privacy.c * src/privacy.h * src/procheader.c * src/procheader.h * src/procmime.c * src/procmime.h * src/procmsg.c * src/procmsg.h * src/quote_fmt.c * src/quote_fmt_parse.y * src/recv.c * src/recv.h * src/remotefolder.c * src/remotefolder.h * src/send_message.c * src/send_message.h * src/setup.c * src/setup.h * src/simple-gettext.c * src/sourcewindow.c * src/sourcewindow.h * src/ssl_manager.c * src/ssl_manager.h * src/statusbar.c * src/statusbar.h * src/stock_pixmap.c * src/stock_pixmap.h * src/summary_search.c * src/summary_search.h * src/summaryview.c * src/summaryview.h * src/syldap.c * src/syldap.h * src/textview.c * src/textview.h * src/toolbar.c * src/toolbar.h * src/undo.c * src/undo.h * src/unmime.c * src/unmime.h * src/vcard.c * src/vcard.h * src/wizard.c * src/wizard.h * src/common/base64.c * src/common/base64.h * src/common/defs.h * src/common/hooks.c * src/common/hooks.h * src/common/log.c * src/common/log.h * src/common/md5.c * src/common/md5.h * src/common/mgutils.c * src/common/mgutils.h * src/common/nntp.c * src/common/nntp.h * src/common/passcrypt.c * src/common/passcrypt.h.in * src/common/plugin.c * src/common/plugin.h * src/common/prefs.c * src/common/prefs.h * src/common/progressindicator.c * src/common/progressindicator.h * src/common/quoted-printable.c * src/common/quoted-printable.h * src/common/session.c * src/common/session.h * src/common/smtp.c * src/common/smtp.h * src/common/socket.c * src/common/socket.h * src/common/ssl.c * src/common/ssl.h * src/common/ssl_certificate.c * src/common/ssl_certificate.h * src/common/string_match.c * src/common/string_match.h * src/common/stringtable.c * src/common/sylpheed.c * src/common/sylpheed.h * src/common/template.c * src/common/template.h * src/common/timing.h * src/common/utils.c * src/common/utils.h * src/common/uuencode.c * src/common/uuencode.h * src/common/version.h.in * src/common/xml.c * src/common/xml.h * src/common/xmlprops.c * src/common/xmlprops.h * src/gtk/about.c * src/gtk/about.h * src/gtk/colorlabel.c * src/gtk/colorlabel.h * src/gtk/colorsel.c * src/gtk/colorsel.h * src/gtk/description_window.c * src/gtk/description_window.h * src/gtk/filesel.c * src/gtk/filesel.h * src/gtk/foldersort.c * src/gtk/foldersort.h * src/gtk/gtkutils.c * src/gtk/gtkutils.h * src/gtk/inputdialog.c * src/gtk/inputdialog.h * src/gtk/logwindow.c * src/gtk/logwindow.h * src/gtk/manage_window.c * src/gtk/manage_window.h * src/gtk/menu.c * src/gtk/menu.h * src/gtk/pluginwindow.c * src/gtk/pluginwindow.h * src/gtk/prefswindow.c * src/gtk/prefswindow.h * src/gtk/progressdialog.c * src/gtk/progressdialog.h * src/gtk/quicksearch.c * src/gtk/quicksearch.h * src/gtk/sslcertwindow.c * src/gtk/sslcertwindow.h * src/plugins/clamav/clamav_plugin.c * src/plugins/clamav/clamav_plugin.h * src/plugins/clamav/clamav_plugin_gtk.c * src/plugins/demo/demo.c * src/plugins/dillo_viewer/dillo_prefs.c * src/plugins/dillo_viewer/dillo_prefs.h * src/plugins/dillo_viewer/dillo_viewer.c * src/plugins/mathml_viewer/mathml_viewer.c * src/plugins/pgpcore/passphrase.c * src/plugins/pgpcore/passphrase.h * src/plugins/pgpcore/plugin.c * src/plugins/pgpcore/prefs_gpg.c * src/plugins/pgpcore/prefs_gpg.h * src/plugins/pgpcore/select-keys.c * src/plugins/pgpcore/select-keys.h * src/plugins/pgpcore/sgpgme.c * src/plugins/pgpcore/sgpgme.h * src/plugins/pgpinline/pgpinline.c * src/plugins/pgpinline/pgpinline.h * src/plugins/pgpinline/plugin.c * src/plugins/pgpmime/pgpmime.c * src/plugins/pgpmime/pgpmime.h * src/plugins/pgpmime/plugin.c * src/plugins/spamassassin/spamassassin.c * src/plugins/spamassassin/spamassassin.h * src/plugins/spamassassin/spamassassin_gtk.c * src/plugins/trayicon/trayicon.c * tools/OOo2sylpheed.pl * tools/acroread2sylpheed.pl * tools/asus_mailled.sh * tools/filter_conv.pl * tools/freshmeat_search.pl * tools/google_search.pl * tools/kmail2sylpheed.pl * tools/kmail2sylpheed_v2.pl * tools/maildir2sylpheed.pl * tools/multiwebsearch.pl * tools/newscache_clean.pl * tools/outlook2sylpheed.pl * tools/sylpheed-switcher * tools/update-po * tools/vcard2xml.py * tools/kdeservicemenu/sylpheed-kdeservicemenu.pl update FSF address
193 lines
4.2 KiB
C
193 lines
4.2 KiB
C
/*
|
|
* Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
|
|
* Copyright (C) 1999-2002 Hiroyuki Yamamoto
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
# include "config.h"
|
|
#endif
|
|
|
|
#if USE_OPENSSL
|
|
|
|
#include "defs.h"
|
|
|
|
#include <glib.h>
|
|
#include <glib/gi18n.h>
|
|
|
|
#include "sylpheed.h"
|
|
#include "utils.h"
|
|
#include "ssl.h"
|
|
#include "ssl_certificate.h"
|
|
|
|
#ifdef USE_PTHREAD
|
|
#include <pthread.h>
|
|
#endif
|
|
|
|
#ifdef USE_PTHREAD
|
|
typedef struct _thread_data {
|
|
SSL *ssl;
|
|
gboolean done;
|
|
} thread_data;
|
|
#endif
|
|
|
|
|
|
static SSL_CTX *ssl_ctx;
|
|
|
|
void ssl_init(void)
|
|
{
|
|
SSL_METHOD *meth;
|
|
|
|
/* Global system initialization*/
|
|
SSL_library_init();
|
|
SSL_load_error_strings();
|
|
|
|
/* Create our context*/
|
|
meth = SSLv23_client_method();
|
|
ssl_ctx = SSL_CTX_new(meth);
|
|
|
|
/* Set default certificate paths */
|
|
SSL_CTX_set_default_verify_paths(ssl_ctx);
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x0090600fL)
|
|
SSL_CTX_set_verify_depth(ssl_ctx,1);
|
|
#endif
|
|
}
|
|
|
|
void ssl_done(void)
|
|
{
|
|
if (!ssl_ctx)
|
|
return;
|
|
|
|
SSL_CTX_free(ssl_ctx);
|
|
}
|
|
|
|
#ifdef USE_PTHREAD
|
|
void *SSL_connect_thread(void *data)
|
|
{
|
|
thread_data *td = (thread_data *)data;
|
|
int result = SSL_connect(td->ssl);
|
|
td->done = TRUE; /* let the caller thread join() */
|
|
return GINT_TO_POINTER(result);
|
|
}
|
|
#endif
|
|
|
|
gint SSL_connect_nb(SSL *ssl)
|
|
{
|
|
#if (defined USE_PTHREAD && defined __GLIBC__ && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3)))
|
|
thread_data *td = g_new0(thread_data, 1);
|
|
pthread_t pt;
|
|
void *res = NULL;
|
|
|
|
td->ssl = ssl;
|
|
td->done = FALSE;
|
|
|
|
/* try to create a thread to initialize the SSL connection,
|
|
* fallback to blocking method in case of problem
|
|
*/
|
|
if (pthread_create(&pt, PTHREAD_CREATE_JOINABLE,
|
|
SSL_connect_thread, td) != 0)
|
|
return SSL_connect(ssl);
|
|
|
|
debug_print("waiting for SSL_connect thread...\n");
|
|
while(!td->done) {
|
|
/* don't let the interface freeze while waiting */
|
|
sylpheed_do_idle();
|
|
}
|
|
|
|
/* get the thread's return value and clean its resources */
|
|
pthread_join(pt, &res);
|
|
g_free(td);
|
|
|
|
debug_print("SSL_connect thread returned %d\n",
|
|
GPOINTER_TO_INT(res));
|
|
|
|
return GPOINTER_TO_INT(res);
|
|
#else
|
|
return SSL_connect(ssl);
|
|
#endif
|
|
}
|
|
|
|
gboolean ssl_init_socket(SockInfo *sockinfo)
|
|
{
|
|
return ssl_init_socket_with_method(sockinfo, SSL_METHOD_SSLv23);
|
|
}
|
|
|
|
gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
|
|
{
|
|
X509 *server_cert;
|
|
SSL *ssl;
|
|
|
|
ssl = SSL_new(ssl_ctx);
|
|
if (ssl == NULL) {
|
|
g_warning(_("Error creating ssl context\n"));
|
|
return FALSE;
|
|
}
|
|
|
|
switch (method) {
|
|
case SSL_METHOD_SSLv23:
|
|
debug_print("Setting SSLv23 client method\n");
|
|
SSL_set_ssl_method(ssl, SSLv23_client_method());
|
|
break;
|
|
case SSL_METHOD_TLSv1:
|
|
debug_print("Setting TLSv1 client method\n");
|
|
SSL_set_ssl_method(ssl, TLSv1_client_method());
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
SSL_set_fd(ssl, sockinfo->sock);
|
|
if (SSL_connect_nb(ssl) == -1) {
|
|
g_warning(_("SSL connect failed (%s)\n"),
|
|
ERR_error_string(ERR_get_error(), NULL));
|
|
SSL_free(ssl);
|
|
return FALSE;
|
|
}
|
|
|
|
/* Get the cipher */
|
|
|
|
debug_print("SSL connection using %s\n", SSL_get_cipher(ssl));
|
|
|
|
/* Get server's certificate (note: beware of dynamic allocation) */
|
|
if ((server_cert = SSL_get_peer_certificate(ssl)) == NULL) {
|
|
debug_print("server_cert is NULL ! this _should_not_ happen !\n");
|
|
SSL_free(ssl);
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
if (!ssl_certificate_check(server_cert, sockinfo->hostname, sockinfo->port)) {
|
|
X509_free(server_cert);
|
|
SSL_free(ssl);
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
X509_free(server_cert);
|
|
sockinfo->ssl = ssl;
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
void ssl_done_socket(SockInfo *sockinfo)
|
|
{
|
|
if (sockinfo->ssl) {
|
|
SSL_free(sockinfo->ssl);
|
|
}
|
|
}
|
|
|
|
#endif /* USE_OPENSSL */
|