Patch: NSS certificates storage fixes
- From: Jose Dapena Paz <jdapena igalia com>
- To: tinymail-devel-list <tinymail-devel-list gnome org>
- Subject: Patch: NSS certificates storage fixes
- Date: Tue, 05 Feb 2008 13:32:56 +0100
Hi,
This patch implements some changes required to store properly
certificate db's when we use tinymail-camel initialized in a DLL.
They are basically two changes:
* One is exporting functionality of camel_shutdown method. This way we
can call it from outside if required. This can be needed in the case of
being loaded with a DLL as we'll never get atexit call.
* Another one is the way we calculate the certificates fingerprint. I
modified the implementation, as the old one was not getting consistent
fingerprints in different calls to cert_fingerprint.
Changelog entry:
* libtinymail-camel/camel-lite/camel/camel.[ch]:
Make camel_shutdown method be public, for the cases we cannot
rely on g_atexit.
* libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c:
Modified method to calculate the fingerprint of a certificate.
Now we use Mozilla NSS api for this as the old method was not
reliable in some cases.
--
Jose Dapena Paz <jdapena igalia com>
Igalia
Index: ChangeLog
===================================================================
--- ChangeLog (revision 3364)
+++ ChangeLog (working copy)
@@ -1,3 +1,13 @@
+2008-02-05 Jose Dapena Paz <jdapena igalia com>
+
+ * libtinymail-camel/camel-lite/camel/camel.[ch]:
+ Make camel_shutdown method be public, for the cases we cannot
+ rely on g_atexit.
+ * libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c:
+ Modified method to calculate the fingerprint of a certificate.
+ Now we use Mozilla NSS api for this as the old method was not
+ reliable in some cases.
+
2008-02-03 Philip Van Hoof <pvanhoof gnome org>
* Crashfix when retrieving a large message while expunging it from
Index: libtinymail-camel/camel-lite/camel/camel.c
===================================================================
--- libtinymail-camel/camel-lite/camel/camel.c (revision 3364)
+++ libtinymail-camel/camel-lite/camel/camel.c (working copy)
@@ -46,16 +46,18 @@
static int initialised = FALSE;
-static void
+void
camel_shutdown (void)
{
CamelCertDB *certdb;
+ g_print ("RUNNING SHUTDOWN");
if (!initialised)
return;
certdb = camel_certdb_get_default ();
if (certdb) {
+ g_print ("SHUTTING CAMEL DOWN");
camel_certdb_save (certdb);
camel_object_unref (certdb);
}
Index: libtinymail-camel/camel-lite/camel/camel.h
===================================================================
--- libtinymail-camel/camel-lite/camel/camel.h (revision 3364)
+++ libtinymail-camel/camel-lite/camel/camel.h (working copy)
@@ -142,6 +142,7 @@
G_BEGIN_DECLS
int camel_init (const char *certdb_dir, gboolean nss_init);
+void camel_shutdown (void);
G_END_DECLS
Index: libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c
===================================================================
--- libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c (revision 3364)
+++ libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c (working copy)
@@ -829,29 +829,25 @@
static char *
cert_fingerprint(CERTCertificate *cert)
{
- unsigned char md5sum[16], fingerprint[50], *f;
- int i;
- const char tohex[16] = "0123456789abcdef";
+ unsigned char fp[16];
+ SECItem fpitem;
+ char *fpstr;
+ char *c;
- md5_get_digest ((const char *) cert->derCert.data, cert->derCert.len, md5sum);
- for (i=0,f = fingerprint; i<16; i++) {
- unsigned int c = md5sum[i];
+ PK11_HashBuf (SEC_OID_MD5, fp, cert->derCert.data, cert->derCert.len);
+ fpitem.data = fp;
+ fpitem.len = sizeof (fp);
+ fpstr = CERT_Hexify (&fpitem, 1);
- *f++ = tohex[(c >> 4) & 0xf];
- *f++ = tohex[c & 0xf];
-#ifndef G_OS_WIN32
- *f++ = ':';
-#else
- /* The fingerprint is used as a file name, can't have
- * colons in file names. Use underscore instead.
- */
- *f++ = '_';
+ for (c = fpstr; *c != 0; c++) {
+#ifdef G_OS_WIN32
+ if (*c == ':')
+ *c = '_';
#endif
+ *c = g_ascii_tolower (*c);
}
- fingerprint[47] = 0;
-
- return g_strdup((char*) fingerprint);
+ return fpstr;
}
/* lookup a cert uses fingerprint to index an on-disk file */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]