summaryrefslogtreecommitdiff
path: root/nonprism/claws-mail-nonprism/claws-ssl-3.patch
diff options
context:
space:
mode:
Diffstat (limited to 'nonprism/claws-mail-nonprism/claws-ssl-3.patch')
-rw-r--r--nonprism/claws-mail-nonprism/claws-ssl-3.patch241
1 files changed, 241 insertions, 0 deletions
diff --git a/nonprism/claws-mail-nonprism/claws-ssl-3.patch b/nonprism/claws-mail-nonprism/claws-ssl-3.patch
new file mode 100644
index 000000000..cf3306337
--- /dev/null
+++ b/nonprism/claws-mail-nonprism/claws-ssl-3.patch
@@ -0,0 +1,241 @@
+From a74e15a5c7185b941a24b0b61bc134397c8d5737 Mon Sep 17 00:00:00 2001
+From: Nepu User <nepu@localhost.localdomain>
+Date: Sun, 27 Apr 2014 14:56:01 +0200
+Subject: [PATCH 3/3] upstream commit 4d0f2b9b14819b26fbaa72ad129ec0c03e41400f
+
+---
+ src/common/ssl_certificate.c | 114 +++++++++++++++++++++++++++++--------------
+ src/etpan/etpan-ssl.c | 1 +
+ src/etpan/imap-thread.c | 4 +-
+ src/etpan/nntp-thread.c | 2 +-
+ 4 files changed, 82 insertions(+), 39 deletions(-)
+
+diff --git a/src/common/ssl_certificate.c b/src/common/ssl_certificate.c
+index 72f73ac..48e55c9 100644
+--- a/src/common/ssl_certificate.c
++++ b/src/common/ssl_certificate.c
+@@ -207,33 +207,73 @@ size_t gnutls_i2d_PrivateKey(gnutls_x509_privkey_t pkey, unsigned char **output)
+ return key_size;
+ }
+
+-static gnutls_x509_crt_t gnutls_d2i_X509_fp(FILE *fp, int format)
++static int gnutls_d2i_X509_list_fp(FILE *fp, int format, gnutls_x509_crt_t **cert_list, gint *num_certs)
+ {
+- gnutls_x509_crt_t cert = NULL;
++ gnutls_x509_crt_t *crt_list;
++ unsigned int max = 512;
++ unsigned int flags = 0;
+ gnutls_datum_t tmp;
+ struct stat s;
+ int r;
++
++ *cert_list = NULL;
++ *num_certs = 0;
++
++ if (fp == NULL)
++ return -ENOENT;
++
+ if (fstat(fileno(fp), &s) < 0) {
+ perror("fstat");
+- return NULL;
++ return -errno;
+ }
++
++ crt_list=(gnutls_x509_crt_t*)malloc(max*sizeof(gnutls_x509_crt_t));
+ tmp.data = malloc(s.st_size);
+ memset(tmp.data, 0, s.st_size);
+ tmp.size = s.st_size;
+ if (fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
+ perror("fread");
+ free(tmp.data);
+- return NULL;
++ free(crt_list);
++ return -EIO;
+ }
+
+- gnutls_x509_crt_init(&cert);
+- if ((r = gnutls_x509_crt_import(cert, &tmp, (format == 0)?GNUTLS_X509_FMT_DER:GNUTLS_X509_FMT_PEM)) < 0) {
++ if ((r = gnutls_x509_crt_list_import(crt_list, &max,
++ &tmp, format, flags)) < 0) {
+ debug_print("cert import failed: %s\n", gnutls_strerror(r));
+- gnutls_x509_crt_deinit(cert);
+- cert = NULL;
++ free(tmp.data);
++ free(crt_list);
++ return r;
+ }
+ free(tmp.data);
+- debug_print("got cert! %p\n", cert);
++ debug_print("got %d certs in crt_list! %p\n", max, &crt_list);
++
++ *cert_list = crt_list;
++ *num_certs = max;
++
++ return r;
++}
++
++/* return one certificate, read from file */
++static gnutls_x509_crt_t gnutls_d2i_X509_fp(FILE *fp, int format)
++{
++ gnutls_x509_crt_t *certs = NULL;
++ gnutls_x509_crt_t cert = NULL;
++ int i, ncerts, r;
++
++ if ((r = gnutls_d2i_X509_list_fp(fp, format, &certs, &ncerts)) < 0) {
++ return NULL;
++ }
++
++ if (ncerts == 0)
++ return NULL;
++
++ for (i = 1; i < ncerts; i++)
++ gnutls_x509_crt_deinit(certs[i]);
++
++ cert = certs[0];
++ free(certs);
++
+ return cert;
+ }
+
+@@ -474,8 +514,6 @@ static guint check_cert(gnutls_x509_crt_t cert)
+ gnutls_x509_crt_t *ca_list;
+ unsigned int max = 512;
+ unsigned int flags = 0;
+- gnutls_datum_t tmp;
+- struct stat s;
+ int r, i;
+ unsigned int status;
+ FILE *fp;
+@@ -485,34 +523,12 @@ static guint check_cert(gnutls_x509_crt_t cert)
+ else
+ return (guint)-1;
+
+- if (fstat(fileno(fp), &s) < 0) {
+- perror("fstat");
+- fclose(fp);
+- return (guint)-1;
+- }
+-
+- ca_list=(gnutls_x509_crt_t*)malloc(max*sizeof(gnutls_x509_crt_t));
+- tmp.data = malloc(s.st_size);
+- memset(tmp.data, 0, s.st_size);
+- tmp.size = s.st_size;
+- if (fread (tmp.data, 1, s.st_size, fp) < s.st_size) {
+- perror("fread");
+- free(tmp.data);
+- free(ca_list);
+- fclose(fp);
+- return (guint)-1;
+- }
+-
+- if ((r = gnutls_x509_crt_list_import(ca_list, &max,
+- &tmp, GNUTLS_X509_FMT_PEM, flags)) < 0) {
++ if ((r = gnutls_d2i_X509_list_fp(fp, GNUTLS_X509_FMT_PEM, &ca_list, &max)) < 0) {
+ debug_print("cert import failed: %s\n", gnutls_strerror(r));
+- free(tmp.data);
+- free(ca_list);
+ fclose(fp);
+ return (guint)-1;
+ }
+- free(tmp.data);
+- debug_print("got %d certs in ca_list! %p\n", max, &ca_list);
++
+ r = gnutls_x509_crt_verify(cert, ca_list, max, flags, &status);
+ fclose(fp);
+
+@@ -649,18 +665,44 @@ gboolean ssl_certificate_check (gnutls_x509_crt_t x509_cert, guint status, const
+
+ gboolean ssl_certificate_check_chain(gnutls_x509_crt_t *certs, gint chain_len, const gchar *host, gushort port)
+ {
++ int ncas = 0, ncrls = 0;
++ gnutls_x509_crt_t *cas = NULL;
++ gnutls_x509_crl_t *crls = NULL;
+ gboolean result = FALSE;
++ int i;
+ gint status;
+
++ if (claws_ssl_get_cert_file()) {
++ FILE *fp = g_fopen(claws_ssl_get_cert_file(), "rb");
++ int r = -errno;
++
++ if (fp) {
++ r = gnutls_d2i_X509_list_fp(fp, GNUTLS_X509_FMT_PEM, &cas, &ncas);
++ fclose(fp);
++ }
++
++ if (r < 0)
++ g_warning("Can't read SSL_CERT_FILE %s: %s\n",
++ claws_ssl_get_cert_file(),
++ gnutls_strerror(r));
++ } else {
++ debug_print("Can't find SSL ca-certificates file\n");
++ }
++
++
+ gnutls_x509_crt_list_verify (certs,
+ chain_len,
+- NULL, 0,
++ cas, ncas,
+ NULL, 0,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ &status);
+
+ result = ssl_certificate_check(certs[0], status, host, port);
+
++ for (i = 0; i < ncas; i++)
++ gnutls_x509_crt_deinit(cas[i]);
++ free(cas);
++
+ return result;
+ }
+
+diff --git a/src/etpan/etpan-ssl.c b/src/etpan/etpan-ssl.c
+index c9dc9d8..f99955b 100644
+--- a/src/etpan/etpan-ssl.c
++++ b/src/etpan/etpan-ssl.c
+@@ -125,6 +125,7 @@ gboolean etpan_certificate_check(mailstream *stream, const char *host, gint port
+
+ for (i = 0; i < chain_len; i++)
+ gnutls_x509_crt_deinit(certs[i]);
++ free(certs);
+
+ return result;
+ #endif
+diff --git a/src/etpan/imap-thread.c b/src/etpan/imap-thread.c
+index 4332f59..f0b504e 100644
+--- a/src/etpan/imap-thread.c
++++ b/src/etpan/imap-thread.c
+@@ -570,7 +570,7 @@ int imap_threaded_connect_ssl(Folder * folder, const char * server, int port)
+
+ if ((result.error == MAILIMAP_NO_ERROR_AUTHENTICATED ||
+ result.error == MAILIMAP_NO_ERROR_NON_AUTHENTICATED) && !etpan_skip_ssl_cert_check) {
+- if (etpan_certificate_check(imap->imap_stream, server, port) < 0)
++ if (etpan_certificate_check(imap->imap_stream, server, port) != TRUE)
+ result.error = MAILIMAP_ERROR_SSL;
+ }
+ debug_print("connect %d with imap %p\n", result.error, imap);
+@@ -1107,7 +1107,7 @@ int imap_threaded_starttls(Folder * folder, const gchar *host, int port)
+ debug_print("imap starttls - end\n");
+
+ if (result.error == 0 && param.imap && !etpan_skip_ssl_cert_check) {
+- if (etpan_certificate_check(param.imap->imap_stream, host, port) < 0)
++ if (etpan_certificate_check(param.imap->imap_stream, host, port) != TRUE)
+ return MAILIMAP_ERROR_SSL;
+ }
+ return result.error;
+diff --git a/src/etpan/nntp-thread.c b/src/etpan/nntp-thread.c
+index 84a2f83..7708d31 100644
+--- a/src/etpan/nntp-thread.c
++++ b/src/etpan/nntp-thread.c
+@@ -423,7 +423,7 @@ int nntp_threaded_connect_ssl(Folder * folder, const char * server, int port)
+ threaded_run(folder, &param, &result, connect_ssl_run);
+
+ if (result.error == NEWSNNTP_NO_ERROR && !etpan_skip_ssl_cert_check) {
+- if (etpan_certificate_check(nntp->nntp_stream, server, port) < 0)
++ if (etpan_certificate_check(nntp->nntp_stream, server, port) != TRUE)
+ return -1;
+ }
+ debug_print("connect %d with nntp %p\n", result.error, nntp);
+--
+1.9.2
+