summaryrefslogtreecommitdiff
path: root/camel/camel-tcp-stream-ssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'camel/camel-tcp-stream-ssl.c')
-rw-r--r--camel/camel-tcp-stream-ssl.c48
1 files changed, 28 insertions, 20 deletions
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index 3a3f23454..1c8f1b34d 100644
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -60,6 +60,7 @@
#include "camel-stream-fs.h"
#include "camel-session.h"
#include "camel-certdb.h"
+#include "camel-operation.h"
/* from md5-utils.h */
void md5_get_digest (const char *buffer, int buffer_size, unsigned char digest[16]);
@@ -86,7 +87,7 @@ static CamelTcpAddress *stream_get_remote_address (CamelTcpStream *stream);
struct _CamelTcpStreamSSLPrivate {
PRFileDesc *sockfd;
- CamelService *service;
+ struct _CamelSession *session;
char *expected_host;
gboolean ssl_mode;
guint32 flags;
@@ -130,7 +131,10 @@ camel_tcp_stream_ssl_finalize (CamelObject *object)
if (stream->priv->sockfd != NULL)
PR_Close (stream->priv->sockfd);
-
+
+ if (stream->priv->session)
+ camel_object_unref(stream->priv->session);
+
g_free (stream->priv->expected_host);
g_free (stream->priv);
@@ -159,24 +163,27 @@ camel_tcp_stream_ssl_get_type (void)
/**
* camel_tcp_stream_ssl_new:
- * @service: camel service
+ * @session: active session
* @expected_host: host that the stream is expected to connect with.
* @flags: ENABLE_SSL2, ENABLE_SSL3 and/or ENABLE_TLS
*
* Since the SSL certificate authenticator may need to prompt the
- * user, a CamelService is needed. @expected_host is needed as a
+ * user, a CamelSession is needed. @expected_host is needed as a
* protection against an MITM attack.
*
* Return value: a ssl stream (in ssl mode)
**/
CamelStream *
-camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host, guint32 flags)
+camel_tcp_stream_ssl_new (CamelSession *session, const char *expected_host, guint32 flags)
{
CamelTcpStreamSSL *stream;
-
+
+ g_assert(CAMEL_IS_SESSION(session));
+
stream = CAMEL_TCP_STREAM_SSL (camel_object_new (camel_tcp_stream_ssl_get_type ()));
- stream->priv->service = service;
+ stream->priv->session = session;
+ camel_object_ref(session);
stream->priv->expected_host = g_strdup (expected_host);
stream->priv->ssl_mode = TRUE;
stream->priv->flags = flags;
@@ -187,24 +194,27 @@ camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host, guin
/**
* camel_tcp_stream_ssl_new_raw:
- * @service: camel service
+ * @session: active session
* @expected_host: host that the stream is expected to connect with.
* @flags: ENABLE_SSL2, ENABLE_SSL3 and/or ENABLE_TLS
*
* Since the SSL certificate authenticator may need to prompt the
- * user, a CamelService is needed. @expected_host is needed as a
+ * user, a CamelSession is needed. @expected_host is needed as a
* protection against an MITM attack.
*
* Return value: a ssl-capable stream (in non ssl mode)
**/
CamelStream *
-camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host, guint32 flags)
+camel_tcp_stream_ssl_new_raw (CamelSession *session, const char *expected_host, guint32 flags)
{
CamelTcpStreamSSL *stream;
+
+ g_assert(CAMEL_IS_SESSION(session));
stream = CAMEL_TCP_STREAM_SSL (camel_object_new (camel_tcp_stream_ssl_get_type ()));
- stream->priv->service = service;
+ stream->priv->session = session;
+ camel_object_ref(session);
stream->priv->expected_host = g_strdup (expected_host);
stream->priv->ssl_mode = FALSE;
stream->priv->flags = flags;
@@ -797,14 +807,12 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
char *prompt, *cert_str, *fingerprint;
CamelTcpStreamSSL *ssl;
CERTCertificate *cert;
- CamelService *service;
SECStatus status = SECFailure;
g_return_val_if_fail (data != NULL, SECFailure);
g_return_val_if_fail (CAMEL_IS_TCP_STREAM_SSL (data), SECFailure);
- ssl = CAMEL_TCP_STREAM_SSL (data);
- service = ssl->priv->service;
+ ssl = data;
cert = SSL_PeerCertificate (sockfd);
if (cert == NULL)
@@ -831,11 +839,11 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
/* construct our user prompt */
prompt = g_strdup_printf (_("SSL Certificate check for %s:\n\n%s\n\nDo you wish to accept?"),
- service->url->host, cert_str);
+ ssl->priv->expected_host, cert_str);
g_free (cert_str);
/* query the user to find out if we want to accept this certificate */
- accept = camel_session_alert_user (service->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE);
+ accept = camel_session_alert_user (ssl->priv->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE);
g_free(prompt);
if (accept) {
camel_certdb_nss_cert_set(certdb, ccert, cert);
@@ -876,7 +884,7 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
printf("unknown issuer, adding ... \n");
prompt = g_strdup_printf(_("Certificate problem: %s\nIssuer: %s"), cert->subjectName, cert->issuerName);
- if (camel_session_alert_user(service->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE)) {
+ if (camel_session_alert_user(ssl->priv->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE)) {
nick = get_nickname(cert);
if (NULL == nick) {
@@ -928,7 +936,7 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
prompt = g_strdup_printf(_("Bad certificate domain: %s\nIssuer: %s"), cert->subjectName, cert->issuerName);
- if (camel_session_alert_user (service->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE)) {
+ if (camel_session_alert_user (ssl->priv->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE)) {
host = SSL_RevealURL(sockfd);
status = CERT_AddOKDomainName(cert, host);
printf("add ok domain name : %s\n", status == SECFailure?"fail":"ok");
@@ -946,7 +954,7 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
prompt = g_strdup_printf(_("Certificate expired: %s\nIssuer: %s"), cert->subjectName, cert->issuerName);
- if (camel_session_alert_user(service->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE)) {
+ if (camel_session_alert_user(ssl->priv->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE)) {
cert->timeOK = PR_TRUE;
status = CERT_VerifyCertNow(cert->dbhandle, cert, TRUE, certUsageSSLClient, NULL);
error = PR_GetError();
@@ -963,7 +971,7 @@ ssl_bad_cert (void *data, PRFileDesc *sockfd)
prompt = g_strdup_printf(_("Certificate revocation list expired: %s\nIssuer: %s"), cert->subjectName, cert->issuerName);
- if (camel_session_alert_user(service->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE)) {
+ if (camel_session_alert_user(ssl->priv->session, CAMEL_SESSION_ALERT_WARNING, prompt, TRUE)) {
host = SSL_RevealURL(sockfd);
status = CERT_AddOKDomainName(cert, host);
}
View Lorry Controller Status