[Commits] [SCM] claws branch, master, updated. 3.9.3-78-ge31ec07

colin at claws-mail.org colin at claws-mail.org
Mon Apr 21 14:47:47 CEST 2014 

The branch master of project "claws" (Claws Mail) has been updated
       via  e31ec07076724b7674db10da03ff959312ff7129 (commit)
      from  e664b676602274aa7e7056444de88fa8f5684185 (commit)


- Log -----------------------------------------------------------------
commit e31ec07076724b7674db10da03ff959312ff7129
Author: Colin Leroy <colin at colino.net>
Date:   Mon Apr 21 14:46:29 2014 +0200

    Fix bug #3105, "vCal plugin via https does not check SSL peer certificates or host"
    Add a preference to disable SSL certificate verification.

diff --git a/src/plugins/vcalendar/vcal_folder.c b/src/plugins/vcalendar/vcal_folder.c
index 63245b0..59718b6 100644
--- a/src/plugins/vcalendar/vcal_folder.c
+++ b/src/plugins/vcalendar/vcal_folder.c
@@ -1567,8 +1567,10 @@ void *url_read_thread(void *data)
 	curl_easy_setopt(curl_ctx, CURLOPT_TIMEOUT, prefs_common_get_prefs()->io_timeout_secs);
 	curl_easy_setopt(curl_ctx, CURLOPT_NOSIGNAL, 1);
 #if LIBCURL_VERSION_NUM >= 0x070a00
-	curl_easy_setopt(curl_ctx, CURLOPT_SSL_VERIFYPEER, 0);
-	curl_easy_setopt(curl_ctx, CURLOPT_SSL_VERIFYHOST, 0);
+	if(vcalprefs.ssl_verify_peer == FALSE) {
+		curl_easy_setopt(curl_ctx, CURLOPT_SSL_VERIFYPEER, 0);
+		curl_easy_setopt(curl_ctx, CURLOPT_SSL_VERIFYHOST, 0);
+	}
 #endif
 	curl_easy_setopt(curl_ctx, CURLOPT_USERAGENT, 
 		"Claws Mail vCalendar plugin "
@@ -1694,8 +1696,10 @@ gboolean vcal_curl_put(gchar *url, FILE *fp, gint filesize, const gchar *user, c
 	curl_easy_setopt(curl_ctx, CURLOPT_READDATA, fp);
 	curl_easy_setopt(curl_ctx, CURLOPT_HTTPHEADER, headers);
 #if LIBCURL_VERSION_NUM >= 0x070a00
-	curl_easy_setopt(curl_ctx, CURLOPT_SSL_VERIFYPEER, 0);
-	curl_easy_setopt(curl_ctx, CURLOPT_SSL_VERIFYHOST, 0);
+	if(vcalprefs.ssl_verify_peer == FALSE) {
+		curl_easy_setopt(curl_ctx, CURLOPT_SSL_VERIFYPEER, 0);
+		curl_easy_setopt(curl_ctx, CURLOPT_SSL_VERIFYHOST, 0);
+	}
 #endif
 	curl_easy_setopt(curl_ctx, CURLOPT_USERAGENT, 
 		"Claws Mail vCalendar plugin "
diff --git a/src/plugins/vcalendar/vcal_prefs.c b/src/plugins/vcalendar/vcal_prefs.c
index 936c820..554c3bc 100644
--- a/src/plugins/vcalendar/vcal_prefs.c
+++ b/src/plugins/vcalendar/vcal_prefs.c
@@ -68,6 +68,8 @@ struct VcalendarPage
 	GtkWidget *export_freebusy_pass_entry;
 
 	GtkWidget *freebusy_get_url_entry;
+	
+	GtkWidget *ssl_verify_peer_checkbtn;
 };
 
 VcalendarPrefs vcalprefs;
@@ -110,6 +112,9 @@ static PrefParam param[] = {
 	{"export_freebusy_pass", "", &vcalprefs.export_freebusy_pass, P_PASSWORD,
 	 NULL, NULL, NULL},
 
+	{"ssl_verify_peer", "TRUE", &vcalprefs.ssl_verify_peer, P_BOOL,
+	 NULL, NULL, NULL},
+
 	{NULL, NULL, NULL, P_OTHER, NULL, NULL, NULL}
 };
 
@@ -245,6 +250,9 @@ static void vcal_prefs_create_widget_func(PrefsPage * _page,
 	GtkWidget *freebusy_get_url_label;
 	GtkWidget *freebusy_get_url_entry;
 
+	GtkWidget *frame_ssl_options;
+	GtkWidget *ssl_verify_peer_checkbtn;
+
 	vbox1 = gtk_vbox_new (FALSE, VSPACING);
 	gtk_widget_show (vbox1);
 	gtk_container_set_border_width (GTK_CONTAINER (vbox1), VBOX_BORDER);
@@ -494,6 +502,25 @@ static void vcal_prefs_create_widget_func(PrefsPage * _page,
 	gtk_entry_set_text(GTK_ENTRY(freebusy_get_url_entry), 
 			vcalprefs.freebusy_get_url);
 
+/* SSL frame */
+	PACK_FRAME(vbox2, frame_ssl_options, _("SSL options"));
+	vbox3 = gtk_vbox_new (FALSE, 8);
+	gtk_widget_show (vbox3);
+	gtk_container_add (GTK_CONTAINER (frame_ssl_options), vbox3);
+	gtk_container_set_border_width (GTK_CONTAINER (vbox3), VBOX_BORDER);
+
+/* SSL peer verification */
+	hbox2 = gtk_hbox_new (FALSE, 8);
+	gtk_widget_show (hbox2);
+	gtk_box_pack_start(GTK_BOX (vbox3), hbox2, TRUE, TRUE, 0);
+
+	ssl_verify_peer_checkbtn = gtk_check_button_new_with_label(
+		_("Verify SSL certificate validity"));
+	gtk_widget_show(ssl_verify_peer_checkbtn);
+	gtk_box_pack_start(GTK_BOX (hbox2), ssl_verify_peer_checkbtn, FALSE, FALSE, 0);
+	gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(ssl_verify_peer_checkbtn), 
+			vcalprefs.ssl_verify_peer);
+
 	if (!vcalprefs.export_user)
 		vcalprefs.export_user = g_strdup("");
 	if (!vcalprefs.export_pass)
@@ -539,6 +566,8 @@ static void vcal_prefs_create_widget_func(PrefsPage * _page,
 	page->export_freebusy_pass_label = export_freebusy_pass_label;
 	page->export_freebusy_pass_entry = export_freebusy_pass_entry;
 
+	page->ssl_verify_peer_checkbtn = ssl_verify_peer_checkbtn;
+
 	set_auth_sensitivity(page);
 
 	page->freebusy_get_url_entry = freebusy_get_url_entry;
@@ -634,6 +663,10 @@ static void vcal_prefs_save_func(PrefsPage * _page)
 	vcalprefs.freebusy_get_url =
 	    gtk_editable_get_chars(GTK_EDITABLE(page->freebusy_get_url_entry), 0, -1);
 
+/* SSL */
+	vcalprefs.ssl_verify_peer = 
+	    gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON
+					 (page->ssl_verify_peer_checkbtn));
 
 	vcal_prefs_save();
 	vcal_folder_export(NULL);
diff --git a/src/plugins/vcalendar/vcal_prefs.h b/src/plugins/vcalendar/vcal_prefs.h
index 66b493f..fd4637a 100644
--- a/src/plugins/vcalendar/vcal_prefs.h
+++ b/src/plugins/vcalendar/vcal_prefs.h
@@ -42,6 +42,7 @@ struct _VcalendarPrefs
 	gchar		*export_freebusy_user;
 	gchar		*export_freebusy_pass;
 	gboolean	 orage_registered;
+	gboolean	 ssl_verify_peer;
 };
 
 extern VcalendarPrefs vcalprefs;

-----------------------------------------------------------------------

Summary of changes:
 src/plugins/vcalendar/vcal_folder.c |   12 ++++++++----
 src/plugins/vcalendar/vcal_prefs.c  |   33 +++++++++++++++++++++++++++++++++
 src/plugins/vcalendar/vcal_prefs.h  |    1 +
 3 files changed, 42 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
Claws Mail

More information about the Commits mailing list