[geary/wip/713247-tls] Working w/ faked code path
- From: Jim Nelson <jnelson src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [geary/wip/713247-tls] Working w/ faked code path
- Date: Wed, 27 Aug 2014 01:20:17 +0000 (UTC)
commit 2072df42ae5810704ca6309ea9a859d090c150ce
Author: Jim Nelson <jim yorba org>
Date: Tue Aug 26 18:20:21 2014 -0700
Working w/ faked code path
debian/control | 6 +-
po/POTFILES.in | 1 +
src/CMakeLists.txt | 4 +-
src/client/application/geary-controller.vala | 22 +++
src/client/dialogs/certificate-warning-dialog.vala | 58 ++++++++
src/engine/api/geary-endpoint.vala | 6 +-
ui/CMakeLists.txt | 1 +
ui/certificate_warning_dialog.glade | 154 ++++++++++++++++++++
8 files changed, 247 insertions(+), 5 deletions(-)
---
diff --git a/debian/control b/debian/control
index 9896e11..894b506 100644
--- a/debian/control
+++ b/debian/control
@@ -20,7 +20,8 @@ Build-Depends: debhelper (>= 8),
intltool,
libgirepository1.0-dev (>= 1.32.0),
desktop-file-utils,
- gnome-doc-utils
+ gnome-doc-utils,
+ libgcr-3-dev
Standards-Version: 3.8.3
Homepage: http://www.yorba.org
@@ -38,7 +39,8 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
libgmime-2.6-0 (>= 2.6.0),
libsecret-1-0 (>= 0.11),
libmessaging-menu0 (>= 12.10.2),
- libunity9 (>= 5.12.0)
+ libunity9 (>= 5.12.0),
+ libgcr-3-1
Description: Email client
Geary is an email client built for the GNOME desktop environment. It
allows you to read and send email with a simple, modern interface.
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 5983043..b770d1a 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -48,6 +48,7 @@ src/client/conversation-viewer/conversation-viewer.vala
src/client/conversation-viewer/conversation-web-view.vala
src/client/dialogs/alert-dialog.vala
src/client/dialogs/attachment-dialog.vala
+src/client/dialogs/certificate-warning-dialog.vala
src/client/dialogs/password-dialog.vala
src/client/dialogs/preferences-dialog.vala
src/client/dialogs/upgrade-dialog.vala
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 9330c53..cc3a5d9 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -347,6 +347,7 @@ client/conversation-viewer/conversation-web-view.vala
client/dialogs/alert-dialog.vala
client/dialogs/attachment-dialog.vala
+client/dialogs/certificate-warning-dialog.vala
client/dialogs/password-dialog.vala
client/dialogs/preferences-dialog.vala
client/dialogs/upgrade-dialog.vala
@@ -531,6 +532,7 @@ pkg_check_modules(DEPS REQUIRED
gmime-2.6>=2.6.0
libsecret-1>=0.11
libxml-2.0>=2.7.8
+ gcr-3
${EXTRA_CLIENT_PKG_CONFIG}
)
@@ -541,7 +543,7 @@ set(ENGINE_PACKAGES
# webkitgtk-3.0 is listed as a custom VAPI (below) to ensure it's treated as a dependency and
# built before compilation
set(CLIENT_PACKAGES
- gtk+-3.0 libsecret-1 libsoup-2.4 libnotify libcanberra ${EXTRA_CLIENT_PACKAGES}
+ gtk+-3.0 libsecret-1 libsoup-2.4 libnotify libcanberra gcr-3 ${EXTRA_CLIENT_PACKAGES}
)
set(CONSOLE_PACKAGES
diff --git a/src/client/application/geary-controller.vala b/src/client/application/geary-controller.vala
index b6b3446..60b3379 100644
--- a/src/client/application/geary-controller.vala
+++ b/src/client/application/geary-controller.vala
@@ -503,6 +503,28 @@ public class GearyController : Geary.BaseObject {
private void on_tls_warnings_detected(Geary.AccountInformation account_information,
Geary.Endpoint endpoint, Geary.Endpoint.SecurityType security, TlsConnection cx,
Geary.Service service, TlsCertificateFlags warnings) {
+ prompt_tls_warning_async.begin(account_information, endpoint, security, cx, service, warnings);
+ }
+
+ private Geary.Nonblocking.Mutex tls_prompt_mutex = new Geary.Nonblocking.Mutex();
+
+ private async void prompt_tls_warning_async(Geary.AccountInformation account_information,
+ Geary.Endpoint endpoint, Geary.Endpoint.SecurityType security, TlsConnection cx,
+ Geary.Service service, TlsCertificateFlags warnings) {
+ try {
+ int token = yield tls_prompt_mutex.claim_async();
+
+ if (endpoint.trust_host)
+ return;
+
+ CertificateWarningDialog dialog = new CertificateWarningDialog(main_window, warnings);
+ if (dialog.run())
+ endpoint.trust_host = true;
+
+ tls_prompt_mutex.release(ref token);
+ } catch (Error err) {
+ warning("Unable to prompt for certificate security warning: %s", err.message);
+ }
}
private void create_account() {
diff --git a/src/client/dialogs/certificate-warning-dialog.vala
b/src/client/dialogs/certificate-warning-dialog.vala
new file mode 100644
index 0000000..d4a0bf1
--- /dev/null
+++ b/src/client/dialogs/certificate-warning-dialog.vala
@@ -0,0 +1,58 @@
+/* Copyright 2014 Yorba Foundation
+ *
+ * This software is licensed under the GNU Lesser General Public License
+ * (version 2.1 or later). See the COPYING file in this distribution.
+ */
+
+public class CertificateWarningDialog {
+ private const string BULLET = "• ";
+
+ private Gtk.Dialog dialog;
+ private Gtk.Label warnings_label;
+
+ public CertificateWarningDialog(Gtk.Window? parent, TlsCertificateFlags warnings) {
+ Gtk.Builder builder = GearyApplication.instance.create_builder("certificate_warning_dialog.glade");
+
+ dialog = (Gtk.Dialog) builder.get_object("CertificateWarningDialog");
+ warnings_label = (Gtk.Label) builder.get_object("warnings_label");
+
+ dialog.transient_for = parent;
+ dialog.modal = true;
+
+ warnings_label.label = generate_warning_list(warnings);
+ warnings_label.use_markup = true;
+ }
+
+ private static string generate_warning_list(TlsCertificateFlags warnings) {
+ StringBuilder builder = new StringBuilder();
+
+ if ((warnings & TlsCertificateFlags.UNKNOWN_CA) != 0)
+ builder.append(BULLET + _("The server's signing certificate authority is unknown.\n"));
+
+ if ((warnings & TlsCertificateFlags.BAD_IDENTITY) != 0)
+ builder.append(BULLET + _("The server's identity does not match the identity in the
certificate.\n"));
+
+ if ((warnings & TlsCertificateFlags.EXPIRED) != 0)
+ builder.append(BULLET + _("The server's certificate has expired.\n"));
+
+ if ((warnings & TlsCertificateFlags.REVOKED) != 0)
+ builder.append(BULLET + _("The server's certificate has been revoked and is now invalid.\n"));
+
+ if ((warnings & TlsCertificateFlags.INSECURE) != 0)
+ builder.append(BULLET + _("The server's certificate is considered insecure.\n"));
+
+ if ((warnings & TlsCertificateFlags.GENERIC_ERROR) != 0)
+ builder.append(BULLET + _("An error has occurred processing the server's certificate.\n"));
+
+ return builder.str;
+ }
+
+ public bool run() {
+ dialog.show_all();
+ int response = dialog.run();
+ dialog.destroy();
+
+ return response == 1;
+ }
+}
+
diff --git a/src/engine/api/geary-endpoint.vala b/src/engine/api/geary-endpoint.vala
index c8226d7..876e1fd 100644
--- a/src/engine/api/geary-endpoint.vala
+++ b/src/engine/api/geary-endpoint.vala
@@ -44,6 +44,7 @@ public class Geary.Endpoint : BaseObject {
public TlsCertificateFlags tls_validation_flags { get; set; default = TlsCertificateFlags.VALIDATE_ALL; }
public TlsCertificateFlags tls_validation_warnings { get; private set; default = 0; }
public bool force_ssl3 { get; set; default = false; }
+ public bool trust_host { get; set; default = false; }
public bool is_ssl { get {
return flags.is_all_set(Flags.SSL);
@@ -54,7 +55,6 @@ public class Geary.Endpoint : BaseObject {
} }
private SocketClient? socket_client = null;
- private bool tls_warnings_accepted = false;
public signal void tls_warnings_detected(SecurityType security, TlsConnection cx,
TlsCertificateFlags tls_warnings);
@@ -118,6 +118,8 @@ public class Geary.Endpoint : BaseObject {
tls_cx.accept_certificate.connect(on_accept_starttls_certificate);
else
tls_cx.accept_certificate.connect(on_accept_ssl_certificate);
+
+ tls_warnings_detected(SecurityType.SSL, tls_cx, TlsCertificateFlags.UNKNOWN_CA);
}
private bool on_accept_starttls_certificate(TlsConnection cx, TlsCertificate cert, TlsCertificateFlags
flags) {
@@ -136,7 +138,7 @@ public class Geary.Endpoint : BaseObject {
tls_validation_warnings = warnings;
- if (tls_warnings_accepted)
+ if (trust_host)
return true;
tls_warnings_detected(security, cx, warnings);
diff --git a/ui/CMakeLists.txt b/ui/CMakeLists.txt
index b04dbe2..cdf0f7b 100644
--- a/ui/CMakeLists.txt
+++ b/ui/CMakeLists.txt
@@ -5,6 +5,7 @@ install(FILES account_list.glade DESTINATION ${UI_DEST})
install(FILES account_cannot_remove.glade DESTINATION ${UI_DEST})
install(FILES account_spinner.glade DESTINATION ${UI_DEST})
install(FILES app_menu.interface DESTINATION ${UI_DEST})
+install(FILES certificate_warning_dialog.glade DESTINATION ${UI_DEST})
install(FILES composer.glade DESTINATION ${UI_DEST})
install(FILES composer_accelerators.ui DESTINATION ${UI_DEST})
install(FILES find_bar.glade DESTINATION ${UI_DEST})
diff --git a/ui/certificate_warning_dialog.glade b/ui/certificate_warning_dialog.glade
new file mode 100644
index 0000000..da2cfaa
--- /dev/null
+++ b/ui/certificate_warning_dialog.glade
@@ -0,0 +1,154 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.16.1 -->
+<interface>
+ <requires lib="gtk+" version="3.10"/>
+ <object class="GtkDialog" id="CertificateWarningDialog">
+ <property name="can_focus">False</property>
+ <property name="title" translatable="yes">Certificate Security Warning</property>
+ <property name="modal">True</property>
+ <property name="destroy_with_parent">True</property>
+ <property name="type_hint">dialog</property>
+ <property name="urgency_hint">True</property>
+ <child internal-child="vbox">
+ <object class="GtkBox" id="dialog-vbox1">
+ <property name="can_focus">False</property>
+ <property name="margin_left">8</property>
+ <property name="margin_right">8</property>
+ <property name="margin_top">8</property>
+ <property name="margin_bottom">8</property>
+ <property name="orientation">vertical</property>
+ <property name="spacing">2</property>
+ <child internal-child="action_area">
+ <object class="GtkButtonBox" id="dialog-action_area1">
+ <property name="can_focus">False</property>
+ <property name="valign">end</property>
+ <property name="margin_top">8</property>
+ <property name="layout_style">end</property>
+ <child>
+ <object class="GtkButton" id="dont_trust_button">
+ <property name="label" translatable="yes">_Don't trust this host</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">True</property>
+ <property name="use_underline">True</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkButton" id="trust_button">
+ <property name="label" translatable="yes">_Trust this host</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">True</property>
+ <property name="use_underline">True</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">1</property>
+ </packing>
+ </child>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="pack_type">end</property>
+ <property name="position">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkBox" id="box1">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="orientation">vertical</property>
+ <property name="spacing">4</property>
+ <child>
+ <object class="GtkBox" id="box2">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="spacing">6</property>
+ <child>
+ <object class="GtkImage" id="image1">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="icon_name">security-high-symbolic</property>
+ <property name="icon_size">6</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="label1">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Security Warning</property>
+ <attributes>
+ <attribute name="weight" value="bold"/>
+ </attributes>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">1</property>
+ </packing>
+ </child>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="label2">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="margin_top">8</property>
+ <property name="xalign">0</property>
+ <property name="label" translatable="yes">The following security warnings were detected
attempting to verify the server's identity:</property>
+ <property name="wrap">True</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="warnings_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="margin_left">16</property>
+ <property name="xalign">0</property>
+ <property name="label">(empty)</property>
+ <property name="wrap">True</property>
+ <property name="max_width_chars">80</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">2</property>
+ </packing>
+ </child>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">1</property>
+ </packing>
+ </child>
+ </object>
+ </child>
+ <action-widgets>
+ <action-widget response="0">dont_trust_button</action-widget>
+ <action-widget response="1">trust_button</action-widget>
+ </action-widgets>
+ </object>
+</interface>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
