[pan2] * added requirement info for glib-2.0 * change behaviour of auto-adding of new cert to ignore _any_
- From: Heinrich MÃller <henmull src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [pan2] * added requirement info for glib-2.0 * change behaviour of auto-adding of new cert to ignore _any_
- Date: Wed, 2 May 2012 01:07:25 +0000 (UTC)
commit aef94fbab22410f10930d0f48c77163a1511fe0a
Author: Heinrich MÃlller <henmull src gnome org>
Date: Tue May 1 21:31:03 2012 +0200
* added requirement info for glib-2.0
* change behaviour of auto-adding of new cert to ignore _any_ non-fatal errors
* small changes to crt_deinit routines
* make dependencies flags auto-off in configure.in
* compile fixes for glib
README | 3 +-
configure.in | 12 ++++------
pan/data/cert-store.cc | 50 ++++++++++++++++++++++++++----------------
pan/gui/gui.cc | 1 -
pan/gui/gui.h | 1 +
pan/gui/server-ui.cc | 4 +-
pan/usenet-utils/ssl-utils.h | 2 +-
7 files changed, 42 insertions(+), 31 deletions(-)
---
diff --git a/README b/README
index 432ba6f..18c6535 100644
--- a/README
+++ b/README
@@ -7,6 +7,7 @@
REQUIREMENTS
Pan requires these libraries:
+ * GLib 2.26.0 or higher <http://developer.gnome.org/glib/>
* GTK+ 2.16.0 or higher (optionally GTK+ 3.0.0 or higher)
<http://www.gtk.org/>
* GMime 2.4.0 or higher <http://spruce.sourceforge.net/gmime/>
@@ -138,7 +139,7 @@ RELEASE NOTES
server instead of creating a new entry. If you create a new entry, Pan will see this as a new
server entirely even though you may be connecting to the same account as before.
Your subscribed groups will be lost!
- By editing the existing the localhost:119 server entry, your subscriptions will be preserved.
+ By editing the existing 'localhost:119' server entry, your subscriptions will be preserved.
* For SSL support, remember to do a
'./configure --with-gnutls', or a respective 'sh autogen.sh --with-gnutls'
diff --git a/configure.in b/configure.in
index 4ef7c9a..24b718f 100644
--- a/configure.in
+++ b/configure.in
@@ -41,7 +41,7 @@ AM_MAINTAINER_MODE([enable])
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
dnl glib, gmime, and gtk are mandatory prerequisites.
-GLIB_REQUIRED=2.17.6
+GLIB_REQUIRED=2.26.0
GMIME24_REQUIRED=2.4.0
GMIME26_REQUIRED=2.5.5
GTK_REQUIRED=2.16.0
@@ -52,7 +52,6 @@ ENCHANT_REQUIRED=1.6.0
GNUTLS_REQUIRED=2.12.10
LIBNOTIFY_REQUIRED=0.4.1
LIBGKR_REQUIRED=3.2.0
-LIBGIO_REQUIRED=2.26.0
AC_SUBST(GLIB_REQUIRED)
AC_SUBST(GMIME_REQUIRED)
AC_SUBST(GTK_REQUIRED)
@@ -60,7 +59,6 @@ AC_SUBST(GTKSPELL_REQUIRED)
AC_SUBST(GNUTLS_REQUIRED)
AC_SUBST(LIBNOTIFY_REQUIRED)
AC_SUBST(LIBGKR_REQUIRED)
-AC_SUBST(LIBGIO_REQUIRED)
dnl LIBGSASL_REQUIRED=1.6.1
dnl AC_SUBST(LIBGSASL_REQUIRED)
@@ -107,9 +105,9 @@ if test "x$have_gmime26" = "xyes" ; then
fi
dnl D-Bus support
-AC_ARG_WITH(dbus, AS_HELP_STRING([--with-dbus],[enable D-Bus support (normally: yes)]), [want_dbus=$withval], [want_dbus=yes])
+AC_ARG_WITH(dbus, AS_HELP_STRING([--with-dbus],[enable D-Bus support (normally: yes)]), [want_dbus=$withval], [want_dbus=no])
if test "x$want_dbus" = "xyes" ; then
- PKG_CHECK_MODULES([LIBGIO],[gio-2.0 >= $LIBGIO_REQUIRED],AC_DEFINE(HAVE_DBUS,[1],[D-Bus support for multiple Pan instances]),[])
+ PKG_CHECK_MODULES([LIBGIO],[gio-2.0 >= $GLIB_REQUIRED],AC_DEFINE(HAVE_DBUS,[1],[D-Bus support for multiple Pan instances]),[])
fi
dnl GtkSpell support
@@ -173,7 +171,7 @@ fi
dnl Check for libnotify if user-enabled for popup notifications
AC_ARG_ENABLE([libnotify],
-AS_HELP_STRING([--enable-libnotify],[enable libnotify support (normally: yes)]),[enable_libnotify=$enableval],[enable_libnotify=yes])
+AS_HELP_STRING([--enable-libnotify],[enable libnotify support (normally: yes)]),[enable_libnotify=$enableval],[enable_libnotify=no])
if test "x$enable_libnotify" = "xyes" ; then
PKG_CHECK_MODULES([LIBNOTIFY],[libnotify >= $LIBNOTIFY_REQUIRED],[HAVE_LIBNOTIFY="yes"],[HAVE_LIBNOTIFY="no"])
AC_SUBST([LIBNOTIFY_CFLAGS])
@@ -185,7 +183,7 @@ fi
dnl Check for gnome-keyring if user-enabled for password storage
AC_ARG_ENABLE([gkr],
-AS_HELP_STRING([--enable-gkr],[enable gnome-keyring support (normally: yes)]),[enable_gkr=$enableval],[enable_gkr=yes])
+AS_HELP_STRING([--enable-gkr],[enable gnome-keyring support (normally: yes)]),[enable_gkr=$enableval],[enable_gkr=no])
if test "x$enable_gkr" = "xyes" ; then
PKG_CHECK_MODULES([LIBGNOME_KEYRING_1],[gnome-keyring-1 >= $LIBGKR_REQUIRED],[HAVE_GKR="yes"],[HAVE_GKR="no"])
AC_SUBST([LIBGNOME_KEYRING_1_CFLAGS])
diff --git a/pan/data/cert-store.cc b/pan/data/cert-store.cc
index 35df7f3..10ec153 100644
--- a/pan/data/cert-store.cc
+++ b/pan/data/cert-store.cc
@@ -64,6 +64,7 @@ namespace pan
const Quark server;
Data& data;
SaveCBStruct(CertStore& store, const Quark& s, Data& d) : cs(store), server(s), data(d) {}
+ ~SaveCBStruct() { delete server; }
};
gboolean
@@ -87,6 +88,7 @@ namespace pan
int ret;
gnutls_x509_crt_t cert;
bool fail(false);
+ bool fatal(false);
ret = gnutls_certificate_verify_peers2 (session, &status);
@@ -95,32 +97,37 @@ namespace pan
if (status & GNUTLS_CERT_INVALID)
{
- g_warning ("The certificate is not trusted.\n");
- fail = !mydata->always_trust;
+ if (!mydata->always_trust)
+ g_warning ("The certificate is not trusted.\n");
+ fail = true;
}
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
{
- fail = !mydata->always_trust;
- g_warning ("The certificate hasn't got a known issuer.\n");
+ fail = true;
+ if (!mydata->always_trust)
+ g_warning ("The certificate hasn't got a known issuer.\n");
}
if (status & GNUTLS_CERT_REVOKED)
{
- g_warning ("The certificate has been revoked.\n");
- fail = !mydata->always_trust;
+ if (!mydata->always_trust)
+ g_warning ("The certificate has been revoked.\n");
+ fail = true;
}
if (status & GNUTLS_CERT_EXPIRED)
{
- g_warning ("The certificate has expired\n");
- fail = !mydata->always_trust;
+ if (!mydata->always_trust)
+ g_warning ("The certificate has expired\n");
+ fail = true;
}
if (status & GNUTLS_CERT_NOT_ACTIVATED)
{
- g_warning ("The certificate is not yet activated\n");
- fail = !mydata->always_trust;
+ if (!mydata->always_trust)
+ g_warning ("The certificate is not yet activated\n");
+ fail = true;
}
/* Up to here the process is the same for X.509 certificates and
@@ -130,20 +137,23 @@ namespace pan
if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
{
g_warning ("The certificate is not a X509 certificate!\n");
- goto _fail;
+ fail = true;
+ fatal = true;
}
if (gnutls_x509_crt_init (&cert) < 0)
{
g_warning ("Error in initialization\n");
- goto _fail;
+ fail = true;
+ fatal = true;
}
cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
if (cert_list == NULL)
{
g_warning ("No certificate found!\n");
- goto _fail;
+ fail = true;
+ fatal = true;
}
/* TODO verify whole chain perhaps?
@@ -151,23 +161,25 @@ namespace pan
if (gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0)
{
g_warning ("Error parsing certificate!\n");
- goto _fail;
+ fail = true;
+ fatal = true;
}
if (!gnutls_x509_crt_check_hostname (cert, mydata->hostname_full.c_str()))
{
if (!mydata->always_trust)
g_warning ("The certificate's owner does not match hostname '%s' !\n", mydata->hostname_full.c_str());
- goto _fail;
+ fail = true;
}
- if (fail) goto _fail;
+ if (fatal) goto _fail;
- /* auto-add new cert if we always trust this server */
+ /* auto-add new cert if we always trust this server , no matter what */
if (mydata->always_trust)
mydata->cs->add(cert, mydata->host);
- else
- gnutls_x509_crt_deinit(cert);
+ else if (fail) goto _fail;
+
+ gnutls_x509_crt_deinit(cert);
/* notify gnutls to continue handshake normally */
return 0;
diff --git a/pan/gui/gui.cc b/pan/gui/gui.cc
index b0abeb7..395b11c 100644
--- a/pan/gui/gui.cc
+++ b/pan/gui/gui.cc
@@ -2320,7 +2320,6 @@ GUI :: on_verify_cert_failed(gnutls_x509_crt_t cert, std::string server, int nr)
data->nr = nr;
data->gui = this;
g_idle_add(show_cert_failed_cb, data);
-
}
void
diff --git a/pan/gui/gui.h b/pan/gui/gui.h
index 984b8fd..8e11675 100644
--- a/pan/gui/gui.h
+++ b/pan/gui/gui.h
@@ -74,6 +74,7 @@ namespace pan
std::string cert_name;
int nr;
GUI* gui;
+ ~VerifyData() { gnutls_x509_crt_deinit(cert); }
};
public: // ActionManager
diff --git a/pan/gui/server-ui.cc b/pan/gui/server-ui.cc
index cbfa00a..1974d21 100644
--- a/pan/gui/server-ui.cc
+++ b/pan/gui/server-ui.cc
@@ -229,7 +229,7 @@ namespace
GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_CLOSE,
- err_msg));
+ "%s",err_msg));
g_signal_connect_swapped (dialog, "response", G_CALLBACK(gtk_widget_destroy), dialog);
gtk_widget_show (dialog);
destroy = false;
@@ -698,7 +698,7 @@ namespace
0,
GTK_DIALOG_MODAL,
GTK_MESSAGE_INFO,
- GTK_BUTTONS_CLOSE, buf);
+ GTK_BUTTONS_CLOSE, "%s",buf);
g_snprintf(buf,sizeof(buf), _("Server Certificate for '%s'"), addr.c_str());
gtk_window_set_title(GTK_WINDOW(w), buf);
gtk_widget_show_all (w);
diff --git a/pan/usenet-utils/ssl-utils.h b/pan/usenet-utils/ssl-utils.h
index d834ba1..a97a66a 100644
--- a/pan/usenet-utils/ssl-utils.h
+++ b/pan/usenet-utils/ssl-utils.h
@@ -89,7 +89,7 @@ namespace pan
CertParser(gnutls_x509_crt_t c) : cert(c), delim(','), pos1(0), pos2(0), idx(0), num_tags(G_N_ELEMENTS(tags_idx))
{
- gnutls_x509_crt_get_issuer_dn(cert,NULL, &size);
+ gnutls_x509_crt_get_issuer_dn(cert, NULL, &size);
dn_buf = new char[size];
gnutls_x509_crt_get_issuer_dn(cert,dn_buf, &size);
iss = dn_buf;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
