diff options
Diffstat (limited to 'nonprism/claws-mail-nonprism/claws-ssl-3.patch')
-rw-r--r-- | nonprism/claws-mail-nonprism/claws-ssl-3.patch | 241 |
1 files changed, 0 insertions, 241 deletions
diff --git a/nonprism/claws-mail-nonprism/claws-ssl-3.patch b/nonprism/claws-mail-nonprism/claws-ssl-3.patch deleted file mode 100644 index cf3306337..000000000 --- a/nonprism/claws-mail-nonprism/claws-ssl-3.patch +++ /dev/null @@ -1,241 +0,0 @@ -From a74e15a5c7185b941a24b0b61bc134397c8d5737 Mon Sep 17 00:00:00 2001 -From: Nepu User <nepu@localhost.localdomain> -Date: Sun, 27 Apr 2014 14:56:01 +0200 -Subject: [PATCH 3/3] upstream commit 4d0f2b9b14819b26fbaa72ad129ec0c03e41400f - ---- - src/common/ssl_certificate.c | 114 +++++++++++++++++++++++++++++-------------- - src/etpan/etpan-ssl.c | 1 + - src/etpan/imap-thread.c | 4 +- - src/etpan/nntp-thread.c | 2 +- - 4 files changed, 82 insertions(+), 39 deletions(-) - -diff --git a/src/common/ssl_certificate.c b/src/common/ssl_certificate.c -index 72f73ac..48e55c9 100644 ---- a/src/common/ssl_certificate.c -+++ b/src/common/ssl_certificate.c -@@ -207,33 +207,73 @@ size_t gnutls_i2d_PrivateKey(gnutls_x509_privkey_t pkey, unsigned char **output) - return key_size; - } - --static gnutls_x509_crt_t gnutls_d2i_X509_fp(FILE *fp, int format) -+static int gnutls_d2i_X509_list_fp(FILE *fp, int format, gnutls_x509_crt_t **cert_list, gint *num_certs) - { -- gnutls_x509_crt_t cert = NULL; -+ gnutls_x509_crt_t *crt_list; -+ unsigned int max = 512; -+ unsigned int flags = 0; - gnutls_datum_t tmp; - struct stat s; - int r; -+ -+ *cert_list = NULL; -+ *num_certs = 0; -+ -+ if (fp == NULL) -+ return -ENOENT; -+ - if (fstat(fileno(fp), &s) < 0) { - perror("fstat"); -- return NULL; -+ return -errno; - } -+ -+ crt_list=(gnutls_x509_crt_t*)malloc(max*sizeof(gnutls_x509_crt_t)); - tmp.data = malloc(s.st_size); - memset(tmp.data, 0, s.st_size); - tmp.size = s.st_size; - if (fread (tmp.data, 1, s.st_size, fp) < s.st_size) { - perror("fread"); - free(tmp.data); -- return NULL; -+ free(crt_list); -+ return -EIO; - } - -- gnutls_x509_crt_init(&cert); -- if ((r = gnutls_x509_crt_import(cert, &tmp, (format == 0)?GNUTLS_X509_FMT_DER:GNUTLS_X509_FMT_PEM)) < 0) { -+ if ((r = gnutls_x509_crt_list_import(crt_list, &max, -+ &tmp, format, flags)) < 0) { - debug_print("cert import failed: %s\n", gnutls_strerror(r)); -- gnutls_x509_crt_deinit(cert); -- cert = NULL; -+ free(tmp.data); -+ free(crt_list); -+ return r; - } - free(tmp.data); -- debug_print("got cert! %p\n", cert); -+ debug_print("got %d certs in crt_list! %p\n", max, &crt_list); -+ -+ *cert_list = crt_list; -+ *num_certs = max; -+ -+ return r; -+} -+ -+/* return one certificate, read from file */ -+static gnutls_x509_crt_t gnutls_d2i_X509_fp(FILE *fp, int format) -+{ -+ gnutls_x509_crt_t *certs = NULL; -+ gnutls_x509_crt_t cert = NULL; -+ int i, ncerts, r; -+ -+ if ((r = gnutls_d2i_X509_list_fp(fp, format, &certs, &ncerts)) < 0) { -+ return NULL; -+ } -+ -+ if (ncerts == 0) -+ return NULL; -+ -+ for (i = 1; i < ncerts; i++) -+ gnutls_x509_crt_deinit(certs[i]); -+ -+ cert = certs[0]; -+ free(certs); -+ - return cert; - } - -@@ -474,8 +514,6 @@ static guint check_cert(gnutls_x509_crt_t cert) - gnutls_x509_crt_t *ca_list; - unsigned int max = 512; - unsigned int flags = 0; -- gnutls_datum_t tmp; -- struct stat s; - int r, i; - unsigned int status; - FILE *fp; -@@ -485,34 +523,12 @@ static guint check_cert(gnutls_x509_crt_t cert) - else - return (guint)-1; - -- if (fstat(fileno(fp), &s) < 0) { -- perror("fstat"); -- fclose(fp); -- return (guint)-1; -- } -- -- ca_list=(gnutls_x509_crt_t*)malloc(max*sizeof(gnutls_x509_crt_t)); -- tmp.data = malloc(s.st_size); -- memset(tmp.data, 0, s.st_size); -- tmp.size = s.st_size; -- if (fread (tmp.data, 1, s.st_size, fp) < s.st_size) { -- perror("fread"); -- free(tmp.data); -- free(ca_list); -- fclose(fp); -- return (guint)-1; -- } -- -- if ((r = gnutls_x509_crt_list_import(ca_list, &max, -- &tmp, GNUTLS_X509_FMT_PEM, flags)) < 0) { -+ if ((r = gnutls_d2i_X509_list_fp(fp, GNUTLS_X509_FMT_PEM, &ca_list, &max)) < 0) { - debug_print("cert import failed: %s\n", gnutls_strerror(r)); -- free(tmp.data); -- free(ca_list); - fclose(fp); - return (guint)-1; - } -- free(tmp.data); -- debug_print("got %d certs in ca_list! %p\n", max, &ca_list); -+ - r = gnutls_x509_crt_verify(cert, ca_list, max, flags, &status); - fclose(fp); - -@@ -649,18 +665,44 @@ gboolean ssl_certificate_check (gnutls_x509_crt_t x509_cert, guint status, const - - gboolean ssl_certificate_check_chain(gnutls_x509_crt_t *certs, gint chain_len, const gchar *host, gushort port) - { -+ int ncas = 0, ncrls = 0; -+ gnutls_x509_crt_t *cas = NULL; -+ gnutls_x509_crl_t *crls = NULL; - gboolean result = FALSE; -+ int i; - gint status; - -+ if (claws_ssl_get_cert_file()) { -+ FILE *fp = g_fopen(claws_ssl_get_cert_file(), "rb"); -+ int r = -errno; -+ -+ if (fp) { -+ r = gnutls_d2i_X509_list_fp(fp, GNUTLS_X509_FMT_PEM, &cas, &ncas); -+ fclose(fp); -+ } -+ -+ if (r < 0) -+ g_warning("Can't read SSL_CERT_FILE %s: %s\n", -+ claws_ssl_get_cert_file(), -+ gnutls_strerror(r)); -+ } else { -+ debug_print("Can't find SSL ca-certificates file\n"); -+ } -+ -+ - gnutls_x509_crt_list_verify (certs, - chain_len, -- NULL, 0, -+ cas, ncas, - NULL, 0, - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, - &status); - - result = ssl_certificate_check(certs[0], status, host, port); - -+ for (i = 0; i < ncas; i++) -+ gnutls_x509_crt_deinit(cas[i]); -+ free(cas); -+ - return result; - } - -diff --git a/src/etpan/etpan-ssl.c b/src/etpan/etpan-ssl.c -index c9dc9d8..f99955b 100644 ---- a/src/etpan/etpan-ssl.c -+++ b/src/etpan/etpan-ssl.c -@@ -125,6 +125,7 @@ gboolean etpan_certificate_check(mailstream *stream, const char *host, gint port - - for (i = 0; i < chain_len; i++) - gnutls_x509_crt_deinit(certs[i]); -+ free(certs); - - return result; - #endif -diff --git a/src/etpan/imap-thread.c b/src/etpan/imap-thread.c -index 4332f59..f0b504e 100644 ---- a/src/etpan/imap-thread.c -+++ b/src/etpan/imap-thread.c -@@ -570,7 +570,7 @@ int imap_threaded_connect_ssl(Folder * folder, const char * server, int port) - - if ((result.error == MAILIMAP_NO_ERROR_AUTHENTICATED || - result.error == MAILIMAP_NO_ERROR_NON_AUTHENTICATED) && !etpan_skip_ssl_cert_check) { -- if (etpan_certificate_check(imap->imap_stream, server, port) < 0) -+ if (etpan_certificate_check(imap->imap_stream, server, port) != TRUE) - result.error = MAILIMAP_ERROR_SSL; - } - debug_print("connect %d with imap %p\n", result.error, imap); -@@ -1107,7 +1107,7 @@ int imap_threaded_starttls(Folder * folder, const gchar *host, int port) - debug_print("imap starttls - end\n"); - - if (result.error == 0 && param.imap && !etpan_skip_ssl_cert_check) { -- if (etpan_certificate_check(param.imap->imap_stream, host, port) < 0) -+ if (etpan_certificate_check(param.imap->imap_stream, host, port) != TRUE) - return MAILIMAP_ERROR_SSL; - } - return result.error; -diff --git a/src/etpan/nntp-thread.c b/src/etpan/nntp-thread.c -index 84a2f83..7708d31 100644 ---- a/src/etpan/nntp-thread.c -+++ b/src/etpan/nntp-thread.c -@@ -423,7 +423,7 @@ int nntp_threaded_connect_ssl(Folder * folder, const char * server, int port) - threaded_run(folder, ¶m, &result, connect_ssl_run); - - if (result.error == NEWSNNTP_NO_ERROR && !etpan_skip_ssl_cert_check) { -- if (etpan_certificate_check(nntp->nntp_stream, server, port) < 0) -+ if (etpan_certificate_check(nntp->nntp_stream, server, port) != TRUE) - return -1; - } - debug_print("connect %d with nntp %p\n", result.error, nntp); --- -1.9.2 - |