[pan2] * gkr fix - handling of cert only if cert isn't already in store
- From: Heinrich MÃller <henmull src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [pan2] * gkr fix - handling of cert only if cert isn't already in store
- Date: Mon, 28 May 2012 08:42:11 +0000 (UTC)
commit f14bb5375a722d9c4f773bdd58c6d88f6a1b9fce
Author: Heinrich MÃller <henmull src gnome org>
Date: Mon May 28 10:41:44 2012 +0200
* gkr fix - handling of cert only if cert isn't already in store
pan/data-impl/server.cc | 6 ++--
pan/data/cert-store.cc | 54 ++++++++++++++++++++++++++++------------------
pan/gui/gui.cc | 9 +++++++-
pan/gui/gui.h | 6 +----
pan/gui/prefs-ui.cc | 2 +-
pan/gui/server-ui.cc | 2 +
6 files changed, 48 insertions(+), 31 deletions(-)
---
diff --git a/pan/data-impl/server.cc b/pan/data-impl/server.cc
index 525278d..c549c45 100644
--- a/pan/data-impl/server.cc
+++ b/pan/data-impl/server.cc
@@ -535,11 +535,11 @@ DataImpl :: save_server_properties (DataIO& data_io, Prefs& prefs)
if (prefs.get_flag("use-gnome-keyring", false))
*out << indent(depth) << "<password>" << "HANDLED_BY_GNOME_KEYRING" << "</password>\n";
else
- *out << indent(depth) << "<password>" << escaped(pass) << "</password>\n"
+ *out << indent(depth) << "<password>" << escaped(pass) << "</password>\n";
#else
- *out << indent(depth) << "<password>" << escaped(pass) << "</password>\n"
+ *out << indent(depth) << "<password>" << escaped(pass) << "</password>\n";
#endif
- << indent(depth) << "<expire-articles-n-days-old>" << s->article_expiration_age << "</expire-articles-n-days-old>\n"
+ *out << indent(depth) << "<expire-articles-n-days-old>" << s->article_expiration_age << "</expire-articles-n-days-old>\n"
<< indent(depth) << "<connection-limit>" << s->max_connections << "</connection-limit>\n"
<< indent(depth) << "<newsrc>" << s->newsrc_filename << "</newsrc>\n"
<< indent(depth) << "<rank>" << s->rank << "</rank>\n"
diff --git a/pan/data/cert-store.cc b/pan/data/cert-store.cc
index 677efc8..8fa872a 100644
--- a/pan/data/cert-store.cc
+++ b/pan/data/cert-store.cc
@@ -97,36 +97,46 @@ namespace pan
if (status & GNUTLS_CERT_INVALID)
{
if (!mydata->always_trust)
+ {
g_warning ("The certificate is not trusted.\n");
- fail = true;
+ fail = true;
+ }
}
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
{
- fail = true;
if (!mydata->always_trust)
+ {
g_warning ("The certificate hasn't got a known issuer.\n");
+ fail = true;
+ }
}
if (status & GNUTLS_CERT_REVOKED)
{
if (!mydata->always_trust)
+ {
g_warning ("The certificate has been revoked.\n");
- fail = true;
+ fail = true;
+ }
}
if (status & GNUTLS_CERT_EXPIRED)
{
if (!mydata->always_trust)
+ {
g_warning ("The certificate has expired\n");
- fail = true;
+ fail = true;
+ }
}
if (status & GNUTLS_CERT_NOT_ACTIVATED)
{
if (!mydata->always_trust)
+ {
g_warning ("The certificate is not yet activated\n");
- fail = true;
+ fail = true;
+ }
}
/* Up to here the process is the same for X.509 certificates and
@@ -168,12 +178,17 @@ namespace pan
if (!gnutls_x509_crt_check_hostname (cert, mydata->hostname_full.c_str()))
{
if (!mydata->always_trust)
+ {
g_warning ("The certificate's owner does not match hostname '%s' !\n", mydata->hostname_full.c_str());
- fail = true;
+ fail = true;
+ }
}
- /* auto-add new cert if we always trust this server , no matter what */
- if (mydata->always_trust)
+ std::cerr<<mydata->always_trust<<" "<<ret<<" "<<fail<<"\n";
+
+ /* auto-add new cert if we always trust this server and the cert isn't already stored in the store */
+ /* fail is only set if we don't always trust this server and a critical condition occurred, e.g. hostname mismatch */
+ if (mydata->always_trust && ret < 0)
mydata->cs->add(cert, mydata->host);
else if (fail) goto _fail;
@@ -223,20 +238,16 @@ namespace pan
int ret = gnutls_certificate_set_x509_trust(_creds, &cert, 1);
- if (ret < 0) goto fail;
-
- _cert_to_server[server] = cert;
-
- return true;
-
- fail:
+ if (ret < 0)
+ {
s->cert.clear();
gnutls_x509_crt_deinit (cert);
- SaveCBStruct* cbstruct = new SaveCBStruct(*this, server, _data);
- g_idle_add (save_server_props_cb, cbstruct);
+ return false;
+ }
- return false;
+ _cert_to_server[server] = cert;
+ return true;
}
int
@@ -316,8 +327,8 @@ namespace pan
_path = buf;
if (!file::ensure_dir_exists (buf))
{
- std::cerr<<"Error initializing certstore. Check your permissions for the pan2 subfolder \"ssl-certs\" and "
- "the pan2 folder in your Home directory! Fatal, exiting.";
+ std::cerr<<_("Error initializing Certstore. Check your permissions for the pan2 subfolder \"ssl-certs\" and "
+ "the pan2 folder in your Home directory! Fatal, exiting.");
file::print_file_info(std::cerr, buf);
exit(EXIT_FAILURE);
}
@@ -339,7 +350,6 @@ namespace pan
bool
CertStore :: add (gnutls_x509_crt_t cert, const Quark& server)
{
- debug("adding server cert "<<server<<" "<<cert);
if (!cert || server.empty()) return false;
std::string addr; int port;
@@ -375,6 +385,8 @@ namespace pan
gnutls_certificate_set_x509_trust(_creds, &cert, 1); // for now, only 1 is saved
valid_cert_added(cert, server.c_str());
+ debug("adding server cert "<<server<<" "<<cert);
+
return true;
}
diff --git a/pan/gui/gui.cc b/pan/gui/gui.cc
index 737ae4a..1f0804f 100644
--- a/pan/gui/gui.cc
+++ b/pan/gui/gui.cc
@@ -2290,11 +2290,18 @@ void
GUI :: do_show_cert_failed_dialog(VerifyData* data)
{
debug("do show cert failed dialog");
- const VerifyData& d(*data);
+ VerifyData& d(*data);
+ bool delete_cert = false;
if (GUI::confirm_accept_new_cert_dialog(get_window(_root),d.cert,d.server))
+ {
if (!_certstore.add(d.cert, d.server))
+ {
Log::add_urgent_va("Error adding certificate of server '%s' to Certificate Store",d.server.c_str());
+ delete_cert = true;
+ }
+ }
+ if (delete_cert) d.deinit_cert();
delete data;
}
diff --git a/pan/gui/gui.h b/pan/gui/gui.h
index 0a529ea..5a96e5f 100644
--- a/pan/gui/gui.h
+++ b/pan/gui/gui.h
@@ -74,11 +74,7 @@ namespace pan
std::string cert_name;
int nr;
GUI* gui;
- ~VerifyData() {
-#ifdef HAVE_GNUTLS
- gnutls_x509_crt_deinit(cert);
-#endif
- }
+ void deinit_cert() { gnutls_x509_crt_deinit(cert); }
};
public: // ActionManager
diff --git a/pan/gui/prefs-ui.cc b/pan/gui/prefs-ui.cc
index b160d24..3bf8dee 100644
--- a/pan/gui/prefs-ui.cc
+++ b/pan/gui/prefs-ui.cc
@@ -1173,7 +1173,7 @@ PrefsDialog :: PrefsDialog (Prefs& prefs, GtkWindow* parent):
pan_box_pack_start_defaults (GTK_BOX(h), new_color_button ("color-read-fg", TANGO_ORANGE, prefs));
pan_box_pack_start_defaults (GTK_BOX(h), gtk_label_new (_("Background:")));
pan_box_pack_start_defaults (GTK_BOX(h), new_color_button ("color-read-bg", def_color_bg_str.c_str(), prefs));
- HIG :: workarea_add_row (t, &row, _("Read collapsed thread:"), h);
+ HIG :: workarea_add_row (t, &row, _("Collapsed thread with unread messages:"), h);
HIG :: workarea_add_section_divider (t, &row);
HIG :: workarea_add_section_title (t, &row, _("Body Pane"));
HIG :: workarea_add_section_spacer (t, row, 3);
diff --git a/pan/gui/server-ui.cc b/pan/gui/server-ui.cc
index 9eb7ff9..e0d9c8b 100644
--- a/pan/gui/server-ui.cc
+++ b/pan/gui/server-ui.cc
@@ -245,7 +245,9 @@ namespace
d->data.set_server_ssl_support(d->server, ssl);
d->data.set_server_cert(d->server,cert);
d->data.set_server_trust(d->server,trust);
+
d->data.save_server_info(d->server);
+
d->queue.upkeep ();
}
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
