summaryrefslogtreecommitdiff
path: root/nonprism/claws-mail-nonprism/claws-ssl-2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'nonprism/claws-mail-nonprism/claws-ssl-2.patch')
-rw-r--r--nonprism/claws-mail-nonprism/claws-ssl-2.patch139
1 files changed, 139 insertions, 0 deletions
diff --git a/nonprism/claws-mail-nonprism/claws-ssl-2.patch b/nonprism/claws-mail-nonprism/claws-ssl-2.patch
new file mode 100644
index 000000000..77186d20b
--- /dev/null
+++ b/nonprism/claws-mail-nonprism/claws-ssl-2.patch
@@ -0,0 +1,139 @@
+From fe50206b4385404c38ad0421bdfb707bb6994d80 Mon Sep 17 00:00:00 2001
+From: Nepu User <nepu@localhost.localdomain>
+Date: Sun, 27 Apr 2014 14:55:18 +0200
+Subject: [PATCH 2/3] upstream commit dda3675203030f329d527c697e14342c9c13a75c
+
+---
+ src/common/ssl_certificate.c | 17 ++++++++++++++
+ src/common/ssl_certificate.h | 1 +
+ src/etpan/etpan-ssl.c | 53 ++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 71 insertions(+)
+
+diff --git a/src/common/ssl_certificate.c b/src/common/ssl_certificate.c
+index 84e017e..72f73ac 100644
+--- a/src/common/ssl_certificate.c
++++ b/src/common/ssl_certificate.c
+@@ -647,6 +647,23 @@ gboolean ssl_certificate_check (gnutls_x509_crt_t x509_cert, guint status, const
+ return TRUE;
+ }
+
++gboolean ssl_certificate_check_chain(gnutls_x509_crt_t *certs, gint chain_len, const gchar *host, gushort port)
++{
++ gboolean result = FALSE;
++ gint status;
++
++ gnutls_x509_crt_list_verify (certs,
++ chain_len,
++ NULL, 0,
++ NULL, 0,
++ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
++ &status);
++
++ result = ssl_certificate_check(certs[0], status, host, port);
++
++ return result;
++}
++
+ gnutls_x509_crt_t ssl_certificate_get_x509_from_pem_file(const gchar *file)
+ {
+ gnutls_x509_crt_t x509 = NULL;
+diff --git a/src/common/ssl_certificate.h b/src/common/ssl_certificate.h
+index 8bbe2ac..fd8822a 100644
+--- a/src/common/ssl_certificate.h
++++ b/src/common/ssl_certificate.h
+@@ -58,6 +58,7 @@ struct _SSLCertHookData
+
+ SSLCertificate *ssl_certificate_find (const gchar *host, gushort port, const gchar *fingerprint);
+ gboolean ssl_certificate_check (gnutls_x509_crt_t x509_cert, guint status, const gchar *host, gushort port);
++gboolean ssl_certificate_check_chain(gnutls_x509_crt_t *certs, gint chain_len, const gchar *host, gushort port);
+ void ssl_certificate_destroy(SSLCertificate *cert);
+ void ssl_certificate_delete_from_disk(SSLCertificate *cert);
+ char * readable_fingerprint(unsigned char *src, int len);
+diff --git a/src/etpan/etpan-ssl.c b/src/etpan/etpan-ssl.c
+index 6642e40..c9dc9d8 100644
+--- a/src/etpan/etpan-ssl.c
++++ b/src/etpan/etpan-ssl.c
+@@ -26,6 +26,7 @@
+ #ifdef USE_GNUTLS
+ #ifdef HAVE_LIBETPAN
+ #include <libetpan/libetpan.h>
++#include <libetpan/libetpan_version.h>
+ #include <gnutls/gnutls.h>
+ #include <gnutls/x509.h>
+ #include <stdlib.h>
+@@ -33,6 +34,7 @@
+ #include <glib/gi18n.h>
+ #include <errno.h>
+
++#include "etpan-ssl.h"
+ #include "ssl_certificate.h"
+ #include "utils.h"
+ #include "log.h"
+@@ -40,6 +42,7 @@
+
+ gboolean etpan_certificate_check(mailstream *stream, const char *host, gint port)
+ {
++#if (!defined LIBETPAN_API_CURRENT || LIBETPAN_API_CURRENT < 18)
+ unsigned char *cert_der = NULL;
+ int len;
+ gnutls_x509_crt_t cert = NULL;
+@@ -75,6 +78,56 @@ gboolean etpan_certificate_check(mailstream *stream, const char *host, gint port
+ gnutls_x509_crt_deinit(cert);
+ return FALSE;
+ }
++#else
++ carray *certs_der = NULL;
++ gint chain_len = 0, i;
++ gnutls_x509_crt_t *certs = NULL;
++ gboolean result;
++
++ if (stream == NULL)
++ return FALSE;
++
++ certs_der = mailstream_get_certificate_chain(stream);
++ if (!certs_der) {
++ g_warning("could not get certs");
++ return FALSE;
++ }
++ chain_len = carray_count(certs_der);
++
++ certs = malloc(sizeof(gnutls_x509_crt_t) * chain_len);
++ if (certs == NULL) {
++ g_warning("could not allocate certs");
++ return FALSE;
++ }
++
++ result = TRUE;
++ for (i = 0; i < chain_len; i++) {
++ MMAPString *cert_str = carray_get(certs_der, i);
++ gnutls_datum_t tmp;
++
++ tmp.data = malloc(cert_str->len);
++ memcpy(tmp.data, cert_str->str, cert_str->len);
++ tmp.size = cert_str->len;
++
++ mmap_string_free(cert_str);
++
++ gnutls_x509_crt_init(&certs[i]);
++ if (gnutls_x509_crt_import(certs[i], &tmp, GNUTLS_X509_FMT_DER) < 0)
++ result = FALSE;
++
++ free(tmp.data);
++ }
++
++ carray_free(certs_der);
++
++ if (result == TRUE)
++ result = ssl_certificate_check_chain(certs, chain_len, host, port);
++
++ for (i = 0; i < chain_len; i++)
++ gnutls_x509_crt_deinit(certs[i]);
++
++ return result;
++#endif
+ }
+
+ void etpan_connect_ssl_context_cb(struct mailstream_ssl_context * ssl_context, void * data)
+--
+1.9.2
+