Patch: NSS certificates storage fixes

[Jose Dapena Paz <jdapena igalia com>]

	Hi,

	This patch implements some changes required to store properly
certificate db's when we use tinymail-camel initialized in a DLL.

	They are basically two changes:
	* One is exporting functionality of camel_shutdown method. This way we
can call it from outside if required. This can be needed in the case of
being loaded with a DLL as we'll never get atexit call.
	* Another one is the way we calculate the certificates fingerprint. I
modified the implementation, as the old one was not getting consistent
fingerprints in different calls to cert_fingerprint.

	Changelog entry:

* libtinymail-camel/camel-lite/camel/camel.[ch]:
Make camel_shutdown method be public, for the cases we cannot
rely on g_atexit.
* libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c:
Modified method to calculate the fingerprint of a certificate.
Now we use Mozilla NSS api for this as the old method was not
reliable in some cases.
-- 
Jose Dapena Paz <jdapena igalia com>
Igalia

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 3364)
+++ ChangeLog	(working copy)
@@ -1,3 +1,13 @@
+2008-02-05  Jose Dapena Paz  <jdapena igalia com>
+
+	* libtinymail-camel/camel-lite/camel/camel.[ch]:
+	Make camel_shutdown method be public, for the cases we cannot
+	rely on g_atexit.
+	* libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c:
+	Modified method to calculate the fingerprint of a certificate.
+	Now we use Mozilla NSS api for this as the old method was not
+	reliable in some cases.
+
 2008-02-03  Philip Van Hoof <pvanhoof gnome org>
 
 	* Crashfix when retrieving a large message while expunging it from
Index: libtinymail-camel/camel-lite/camel/camel.c
===================================================================
--- libtinymail-camel/camel-lite/camel/camel.c	(revision 3364)
+++ libtinymail-camel/camel-lite/camel/camel.c	(working copy)
@@ -46,16 +46,18 @@
 
 static int initialised = FALSE;
 
-static void
+void
 camel_shutdown (void)
 {
 	CamelCertDB *certdb;
 
+	g_print ("RUNNING SHUTDOWN");
 	if (!initialised)
 		return;
 
 	certdb = camel_certdb_get_default ();
 	if (certdb) {
+		g_print ("SHUTTING CAMEL DOWN");
 		camel_certdb_save (certdb);
 		camel_object_unref (certdb);
 	}
Index: libtinymail-camel/camel-lite/camel/camel.h
===================================================================
--- libtinymail-camel/camel-lite/camel/camel.h	(revision 3364)
+++ libtinymail-camel/camel-lite/camel/camel.h	(working copy)
@@ -142,6 +142,7 @@
 G_BEGIN_DECLS
 
 int camel_init (const char *certdb_dir, gboolean nss_init);
+void camel_shutdown (void);
 
 G_END_DECLS
 
Index: libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c
===================================================================
--- libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c	(revision 3364)
+++ libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c	(working copy)
@@ -829,29 +829,25 @@
 static char *
 cert_fingerprint(CERTCertificate *cert)
 {
-	unsigned char md5sum[16], fingerprint[50], *f;
-	int i;
-	const char tohex[16] = "0123456789abcdef";
+	unsigned char fp[16];
+	SECItem fpitem;
+	char *fpstr;
+	char *c;
 
-	md5_get_digest ((const char *) cert->derCert.data, cert->derCert.len, md5sum);
-	for (i=0,f = fingerprint; i<16; i++) {
-		unsigned int c = md5sum[i];
+	PK11_HashBuf (SEC_OID_MD5, fp, cert->derCert.data, cert->derCert.len);
+	fpitem.data = fp;
+	fpitem.len = sizeof (fp);
+	fpstr = CERT_Hexify (&fpitem, 1);
 
-		*f++ = tohex[(c >> 4) & 0xf];
-		*f++ = tohex[c & 0xf];
-#ifndef G_OS_WIN32
-		*f++ = ':';
-#else
-		/* The fingerprint is used as a file name, can't have
-		 * colons in file names. Use underscore instead.
-		 */
-		*f++ = '_';
+	for (c = fpstr; *c != 0; c++) {
+#ifdef G_OS_WIN32
+		if (*c == ':')
+			*c = '_';
 #endif
+		*c = g_ascii_tolower (*c);
 	}
 
-	fingerprint[47] = 0;
-
-	return g_strdup((char*) fingerprint);
+	return fpstr;
 }
 
 /* lookup a cert uses fingerprint to index an on-disk file */