[Commits] ssl.c 1.9.2.53 1.9.2.54 ssl_certificate.c 1.4.2.43 1.4.2.44 ssl_certificate.h 1.1.4.19 1.1.4.20

Thu Aug 9 13:32:28 CEST 2012

Update of /home/claws-mail/claws/src/common
In directory srv:/tmp/cvs-serv16131/src/common

Modified Files:
      Tag: gtk2
	ssl.c ssl_certificate.c ssl_certificate.h 
Log Message:
2012-08-09 [colin]	3.8.1cvs26

	* src/common/ssl.c
	* src/common/ssl_certificate.c
	* src/common/ssl_certificate.h
	* src/gtk/sslcertwindow.c
		Fix bug 2718, "Failure to check peer hostname
		when checking certificate"

Index: ssl.c
===================================================================
RCS file: /home/claws-mail/claws/src/common/ssl.c,v
retrieving revision 1.9.2.53
retrieving revision 1.9.2.54
diff -u -d -r1.9.2.53 -r1.9.2.54

--- ssl.c	7 Jul 2012 07:09:31 -0000	1.9.2.53
+++ ssl.c	9 Aug 2012 11:32:26 -0000	1.9.2.54
@@ -105,6 +105,7 @@
 	const char *cert_files[]={
 		"/etc/pki/tls/certs/ca-bundle.crt",
 		"/etc/certs/ca-bundle.crt",
+		"/etc/ssl/ca-bundle.pem",
 		"/usr/share/ssl/certs/ca-bundle.crt",
 		"/etc/ssl/certs/ca-certificates.crt",
 		"/usr/local/ssl/certs/ca-bundle.crt",

Index: ssl_certificate.h
===================================================================
RCS file: /home/claws-mail/claws/src/common/ssl_certificate.h,v
retrieving revision 1.1.4.19
retrieving revision 1.1.4.20
diff -u -d -r1.1.4.19 -r1.1.4.20
--- ssl_certificate.h	7 Jul 2012 07:30:56 -0000	1.1.4.19
+++ ssl_certificate.h	9 Aug 2012 11:32:26 -0000	1.1.4.20
@@ -63,13 +63,13 @@
 char * readable_fingerprint(unsigned char *src, int len);
 char *ssl_certificate_check_signer (gnutls_x509_crt cert, guint status);
 
-#ifdef USE_GNUTLS
 gnutls_x509_crt ssl_certificate_get_x509_from_pem_file(const gchar *file);
 gnutls_x509_privkey ssl_certificate_get_pkey_from_pem_file(const gchar *file);
 void ssl_certificate_get_x509_and_pkey_from_p12_file(const gchar *file, 
 			const gchar *password, gnutls_x509_crt *crt, gnutls_x509_privkey *key);
 size_t gnutls_i2d_X509(gnutls_x509_crt x509_cert, unsigned char **output);
 size_t gnutls_i2d_PrivateKey(gnutls_x509_privkey pkey, unsigned char **output);
-#endif
+gboolean ssl_certificate_check_subject_cn(SSLCertificate *cert);
+gchar *ssl_certificate_get_subject_cn(SSLCertificate *cert);
 #endif /* USE_GNUTLS */
 #endif /* SSL_CERTIFICATE_H */

Index: ssl_certificate.c
===================================================================
RCS file: /home/claws-mail/claws/src/common/ssl_certificate.c,v
retrieving revision 1.4.2.43
retrieving revision 1.4.2.44
diff -u -d -r1.4.2.43 -r1.4.2.44
--- ssl_certificate.c	7 Jul 2012 07:09:31 -0000	1.4.2.43
+++ ssl_certificate.c	9 Aug 2012 11:32:26 -0000	1.4.2.44
@@ -834,4 +834,22 @@
 		gnutls_pkcs12_deinit(p12);
 	}
 }
+
+gboolean ssl_certificate_check_subject_cn(SSLCertificate *cert)
+{
+	return gnutls_x509_crt_check_hostname(cert->x509_cert, cert->host) != 0;
+}
+
+gchar *ssl_certificate_get_subject_cn(SSLCertificate *cert)
+{
+	gchar subject_cn[BUFFSIZE];
+	size_t n = BUFFSIZE;
+
+	if(gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
+		GNUTLS_OID_X520_COMMON_NAME, 0, 0, subject_cn, &n))
+		strncpy(subject_cn, _("<not in certificate>"), BUFFSIZE);
+
+	return g_strdup(subject_cn);
+}
+
 #endif /* USE_GNUTLS */

