Update of /cvsroot/simplemail/simplemail
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv24285
Modified Files:
tcp.c
Log Message:
The user can now decide if connection should be continued if cert check failed.
Index: tcp.c
===================================================================
RCS file: /cvsroot/simplemail/simplemail/tcp.c,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -d -r1.58 -r1.59
--- tcp.c 23 Feb 2014 13:21:54 -0000 1.58
+++ tcp.c 23 Feb 2014 13:23:04 -0000 1.59
@@ -53,6 +53,7 @@
#include "smintl.h"
#include "tcp.h"
+#include "subthreads.h"
#include "support.h"
#define MIN(a,b) (((a)<(b))?(a):(b))
@@ -249,6 +250,7 @@
SSL *ssl = X509_STORE_CTX_get_ex_data(x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
int *failed = SSL_get_app_data(ssl);
*failed = 1;
+ preverify_ok = 1;
}
return preverify_ok;
}
@@ -282,13 +284,37 @@
if ((rc = SSL_connect(conn->ssl)) >= 0)
{
X509 *server_cert;
+
+ if (!failed)
+ {
+ SM_DEBUGF(5,("Connection is secure\n"));
+ return 1;
+ }
+
if ((server_cert = SSL_get_peer_certificate(conn->ssl)))
{
+ int i, rc;
+ unsigned int sha1_size;
+ unsigned char sha1[EVP_MAX_MD_SIZE];
+ char sha1_ascii[EVP_MAX_MD_SIZE*3+1];
+
+ X509_digest(server_cert, EVP_sha1(), sha1, &sha1_size);
+
+ for (i=0; i<sha1_size; i++)
+ sm_snprintf(&sha1_ascii[i*3], 4, "%02X ", sha1[i]);
+ sha1_ascii[sha1_size*3] = 0;
+
+ /* TODO: Use callbacks for proper decoupling */
+ rc = thread_call_function_sync(thread_get_main(), sm_request, 4, NULL, _("Certificate verification error\n\nSHA1: %s"), _("Connect anyway|Abort"), sha1_ascii);
+
/* Add some checks here */
X509_free(server_cert);
- SM_DEBUGF(5,("Connection is secure\n"));
- return 1;
+ if (rc == 1)
+ {
+ SM_DEBUGF(5,("Connection is assumed to be secure\n"));
+ return 1;
+ }
}
} else
{
|
