GNOME.org
 

[evolution-data-server/gnome-2-28] BUG#270893 Support client certificates for IMAP

commit 87238717ceb0a158a00c76fc07c6e27c769c2cf0
Author: Craig Ringer <craig postnewspapers com au>
Date:   Fri Sep 25 12:50:07 2009 +0530

    BUG#270893 Support client certificates for IMAP

 camel/camel-tcp-stream-ssl.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)
---
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index 339812f..41f9936 100644
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -1067,8 +1067,13 @@ enable_ssl (CamelTcpStreamSSL *ssl, PRFileDesc *fd)
 
 	SSL_SetURL (ssl_fd, ssl->priv->expected_host);
 
-	/*SSL_GetClientAuthDataHook (sslSocket, ssl_get_client_auth, (gpointer) certNickname);*/
-	/*SSL_AuthCertificateHook (ssl_fd, ssl_auth_cert, (gpointer) CERT_GetDefaultCertDB ());*/
+ 	/* NSS provides a default implementation for the SSL_GetClientAuthDataHook callback
+ 	 * but does not enable it by default. It must be explicltly requested by the application.
+ 	 * See: http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1126622 */
+ 	SSL_GetClientAuthDataHook (ssl_fd, (SSLGetClientAuthData)&NSS_GetClientAuthData, NULL );
+ 
+ 	/* NSS provides _and_ installs a default implementation for the
+ 	 * SSL_AuthCertificateHook callback so we _don't_ need to install one. */
 	SSL_BadCertHook (ssl_fd, ssl_bad_cert, ssl);
 
 	ssl->priv->ssl_mode = TRUE;
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]