[Simplemail-cvs] simplemail tcp.c,1.58,1.59

[Sebastian B. <sb...@us...>]

Update of /cvsroot/simplemail/simplemail
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv24285

Modified Files:
	tcp.c 
Log Message:
The user can now decide if connection should be continued if cert check failed.


Index: tcp.c
===================================================================
RCS file: /cvsroot/simplemail/simplemail/tcp.c,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -d -r1.58 -r1.59
--- tcp.c	23 Feb 2014 13:21:54 -0000	1.58
+++ tcp.c	23 Feb 2014 13:23:04 -0000	1.59
@@ -53,6 +53,7 @@
 #include "smintl.h"
 #include "tcp.h"
 
+#include "subthreads.h"
 #include "support.h"
 
 #define MIN(a,b) (((a)<(b))?(a):(b))
@@ -249,6 +250,7 @@
 		SSL *ssl = X509_STORE_CTX_get_ex_data(x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
 		int *failed = SSL_get_app_data(ssl);
 		*failed = 1;
+		preverify_ok = 1;
 	}
 	return preverify_ok;
 }
@@ -282,13 +284,37 @@
 	if ((rc = SSL_connect(conn->ssl)) >= 0)
 	{
 		X509 *server_cert;
+
+		if (!failed)
+		{
+			SM_DEBUGF(5,("Connection is secure\n"));
+			return 1;
+		}
+
 		if ((server_cert = SSL_get_peer_certificate(conn->ssl)))
 		{
+			int i, rc;
+			unsigned int sha1_size;
+			unsigned char sha1[EVP_MAX_MD_SIZE];
+			char sha1_ascii[EVP_MAX_MD_SIZE*3+1];
+
+			X509_digest(server_cert, EVP_sha1(), sha1, &sha1_size);
+
+			for (i=0; i<sha1_size; i++)
+				sm_snprintf(&sha1_ascii[i*3], 4, "%02X  ", sha1[i]);
+			sha1_ascii[sha1_size*3] = 0;
+
+			/* TODO: Use callbacks for proper decoupling */
+			rc = thread_call_function_sync(thread_get_main(), sm_request, 4, NULL, _("Certificate verification error\n\nSHA1: %s"), _("Connect anyway|Abort"), sha1_ascii);
+
 			/* Add some checks here */
 			X509_free(server_cert);
 
-			SM_DEBUGF(5,("Connection is secure\n"));
-			return 1;
+			if (rc == 1)
+			{
+				SM_DEBUGF(5,("Connection is assumed to be secure\n"));
+				return 1;
+			}
 		}
 	} else
 	{