[pan2/testing: 216/279] - Merge branch 'ssl' - fully working ssl, enjoy. report any errors to me, please.

[Heinrich MÃller <henmull src gnome org>]

commit 21d72c2c11fffcaa4eaa0504c106beb6e6647d24
Merge: 91b5ad5 2c55165
Author: Heinrich MÃller <sphemuel stud informatik uni-erlangen de>
Date:   Sat Oct 22 23:23:49 2011 +0200

    - Merge branch 'ssl'
    - fully working ssl, enjoy. report any errors to me, please.

 pan.cbp                          |    3 +-
 pan/data-impl/add-server.cc      |   17 +-
 pan/data-impl/data-impl.h        |    7 +-
 pan/data-impl/server.cc          |   24 +++-
 pan/data/server-info.h           |    5 +
 pan/general/file-util.cc         |   10 -
 pan/general/file-util.h          |    2 -
 pan/gui/Makefile.am              |    2 +-
 pan/gui/pan.cc                   |    5 +-
 pan/gui/server-ui.cc             |   52 +++++-
 pan/tasks/Makefile.am            |    6 +-
 pan/tasks/nntp-pool.cc           |    7 +-
 pan/tasks/nntp-pool.h            |    5 +-
 pan/tasks/queue.cc               |    2 +-
 pan/tasks/queue.h                |    5 +-
 pan/tasks/socket-impl-gio.cc     |  116 +-----------
 pan/tasks/socket-impl-gio.h      |   11 -
 pan/tasks/socket-impl-main.cc    |  156 +++++++++++++++
 pan/tasks/socket-impl-main.h     |   70 +++++++
 pan/tasks/socket-impl-openssl.cc |  397 +++++++++++++++-----------------------
 pan/tasks/socket-impl-openssl.h  |   20 +--
 pan/tasks/socket.h               |    2 +-
 22 files changed, 511 insertions(+), 413 deletions(-)
---
diff --cc pan/gui/pan.cc
index 23967fe,42899f6..e8a37a4
--- a/pan/gui/pan.cc
+++ b/pan/gui/pan.cc
@@@ -34,6 -34,8 +34,7 @@@ extern "C" 
  #include <pan/general/file-util.h>
  #include <pan/general/worker-pool.h>
  #include <pan/tasks/socket-impl-gio.h>
 -#include <pan/tasks/socket-impl-openssl.h>
+ #include <pan/tasks/socket-impl-main.h>
  #include <pan/tasks/task-groups.h>
  #include <pan/tasks/task-xover.h>
  #include <pan/tasks/nzb.h>
diff --cc pan/tasks/Makefile.am
index 7339eb2,1a696bc..8baff78
--- a/pan/tasks/Makefile.am
+++ b/pan/tasks/Makefile.am
@@@ -17,6 -17,8 +17,8 @@@ libtasks_a_SOURCES = 
    queue.cc \
    upload-queue.cc \
    socket.cc \
 -  socket-impl-main.cc \
+   socket-impl-openssl.cc \
++  socket-impl-main.cc \
    socket-impl-gio.cc \
    socket-impl-scripted.cc \
    nntp-pool.cc
@@@ -40,7 -42,9 +42,9 @@@ noinst_HEADERS = 
    queue.h  \
    upload-queue.h \
    socket.h \
+   socket-impl-main.h \
++  socket-impl-openssl.cc \
    socket-impl-gio.h \
 -  socket-impl-openssl.h \
    socket-impl-scripted.h \
    nntp-pool.h
  
diff --cc pan/tasks/socket-impl-openssl.cc
index af19eca,0c18bec..2c8f544
--- a/pan/tasks/socket-impl-openssl.cc
+++ b/pan/tasks/socket-impl-openssl.cc
@@@ -316,6 -254,103 +252,103 @@@ namespac
    }
  }
  
+ namespace
+ {
+ 
+   typedef struct
+   {
+     GIOChannel pad;
+     gint fd;
+     GIOChannel *giochan;
+     SSL *ssl;
+     SSL_CTX *ctx;
+     unsigned int verify:1;
+   } GIOSSLChannel;
+ 
+   static pthread_mutex_t *lock_cs;
+ 
+   void gio_lock(int mode, int type, const char *file, int line)
+   {
+     if (mode & CRYPTO_LOCK)
+       pthread_mutex_lock(&(lock_cs[type]));
+     else
+       pthread_mutex_unlock(&(lock_cs[type]));
+   }
+ 
+   void thread_setup(void) {
+ 
+     lock_cs = (pthread_mutex_t*)malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+     for (int i=0; i<CRYPTO_num_locks(); i++)
+       if (pthread_mutex_init(&(lock_cs[i]),0) != 0)
+         g_warning("error initialing mutex!");
+ 
+     // CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+     CRYPTO_set_locking_callback(gio_lock);
+   }
+ 
+   void thread_cleanup(void) {
+ 
+     CRYPTO_set_locking_callback(0);
+     if (lock_cs)
+     {
+       for (int i=0; i<CRYPTO_num_locks(); i++)
+         if (&lock_cs[i]) pthread_mutex_destroy(&lock_cs[i]);
+       free(lock_cs);
+     }
+   }
+ 
 -  /* todo: real verify + UI ! */
++  /* FIXME todo: real verify + UI ! */
+   gboolean ssl_verify(SSL *ssl, SSL_CTX *ctx, X509 *cert)
+   {
+ //    if (SSL_get_verify_result(ssl) != X509_V_OK) {
+       unsigned char md[EVP_MAX_MD_SIZE];
+       unsigned int n;
+       char *str;
+ 
+       if ((str = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0)) == NULL)
+         g_warning("  Could not get subject-name from peer certificate");
+       else {
+         g_warning("  Subject : %s", str);
+         free(str);
+       }
+       if ((str = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0)) == NULL)
+         g_warning("  Could not get issuer-name from peer certificate");
+       else {
+         g_warning("  Issuer  : %s", str);
+         free(str);
+       }
+       if (! X509_digest(cert, EVP_md5(), md, &n))
+         g_warning("  Could not get fingerprint from peer certificate");
+       else {
+         char hex[] = "0123456789ABCDEF";
+         char fp[EVP_MAX_MD_SIZE*3];
+         if (n < sizeof(fp)) {
+           unsigned int i;
+           for (i = 0; i < n; i++) {
+             fp[i*3+0] = hex[(md[i] >> 4) & 0xF];
+             fp[i*3+1] = hex[(md[i] >> 0) & 0xF];
+             fp[i*3+2] = i == n - 1 ? '\0' : ':';
+           }
+           g_warning("  MD5 Fingerprint : %s", fp);
+         }
+       }
+ //      return FALSE;
+ //    }
+     return TRUE;
+   }
+ 
+ 
+   void ssl_free(GIOChannel *handle)
+   {
+     GIOSSLChannel *chan = (GIOSSLChannel *)handle;
+     g_io_channel_unref(chan->giochan);
+     SSL_free(chan->ssl);
+     SSL_CTX_free(chan->ctx);
+     thread_cleanup();
+     g_free(chan);
+   }
+ }
+ 
  GIOChannelSocketSSL :: ~GIOChannelSocketSSL ()
  {
  //std::cerr << LINE_ID << " destroying socket " << this << std::endl;