static void ssl_manager_load_certs (void) { GDir *dir; const gchar *d; GError *error = NULL; gchar *path; int row = 0; GtkListStore *store; store = GTK_LIST_STORE(gtk_tree_view_get_model (GTK_TREE_VIEW(manager.certlist))); gtk_list_store_clear(store); path = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S, "certs", G_DIR_SEPARATOR_S, NULL); if((dir = g_dir_open(path, 0, &error)) == NULL) { debug_print("couldn't open dir '%s': %s (%d)\n", path, error->message, error->code); g_error_free(error); return; } while ((d = g_dir_read_name(dir)) != NULL) { gchar *server = NULL, *port = NULL, *fp = NULL; SSLCertificate *cert; if(strstr(d, ".cert") != d + (strlen(d) - strlen(".cert"))) continue; get_serverport(d, &server, &port); fp = get_fingerprint(d); if (server != NULL && port != NULL) { gint portnum = atoi(port); if (portnum > 0 && portnum <= 65535) { cert = ssl_certificate_find(server, portnum, fp); ssl_manager_list_view_insert_cert(manager.certlist, NULL, server, port, cert); } } g_free(server); g_free(port); g_free(fp); row++; } g_dir_close(dir); g_free(path); }
static void ssl_manager_load_certs (void) { DIR *dir; struct dirent *d; gchar *path; int row = 0; GtkListStore *store; store = GTK_LIST_STORE(gtk_tree_view_get_model (GTK_TREE_VIEW(manager.certlist))); gtk_list_store_clear(store); path = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S, "certs", G_DIR_SEPARATOR_S, NULL); if((dir = opendir(path)) == NULL) { perror("opendir"); return; } while ((d = readdir(dir)) != NULL) { gchar *server, *port, *fp; SSLCertificate *cert; if(!strstr(d->d_name, ".cert")) continue; server = get_server(d->d_name); port = get_port(d->d_name); fp = get_fingerprint(d->d_name); cert = ssl_certificate_find(server, atoi(port), fp); ssl_manager_list_view_insert_cert(manager.certlist, NULL, server, port, cert); g_free(server); g_free(port); g_free(fp); row++; } closedir(dir); g_free(path); }
int ssl_certificate_check(X509 *x509_cert, const char *host, int port, void *data) { SSLCertificate *current_cert = ssl_certificate_new(x509_cert, host, port); SSLCertificate *known_cert; if (current_cert == NULL) { eb_debug(DBG_CORE, "Buggy certificate !\n"); return FALSE; } eb_debug(DBG_CORE, "%s%d\n", host, port); known_cert = ssl_certificate_find(host, port); if (known_cert == NULL) { char *err_msg, *cur_cert_str, *sig_status; int result = 0; sig_status = ssl_certificate_check_signer(x509_cert); if (sig_status == NULL) { char buf[1024]; if (X509_NAME_get_text_by_NID(X509_get_subject_name (x509_cert), NID_commonName, buf, 100) >= 0) if (!strcmp(buf, current_cert->host)) { ssl_certificate_save(current_cert); ssl_certificate_destroy(current_cert); return TRUE; } } else g_free(sig_status); cur_cert_str = ssl_certificate_to_string(current_cert); err_msg = g_strdup_printf(_ ("The server <b>%s</b> presented an unknown SSL certificate:\n\n%s\n\n" "Do you want to continue connecting?"), current_cert->host, cur_cert_str); result = ay_connection_verify(err_msg, _("Unknown Certificate!"), data); g_free(cur_cert_str); g_free(err_msg); if (result) { ssl_certificate_save(current_cert); } ssl_certificate_destroy(current_cert); return result; } else if (!ssl_certificate_compare(current_cert, known_cert)) { char *err_msg, *known_cert_str, *cur_cert_str; int result = -1; known_cert_str = ssl_certificate_to_string(known_cert); cur_cert_str = ssl_certificate_to_string(current_cert); err_msg = g_strdup_printf(_ ("%s's SSL certificate changed!\nWe have saved this one:\n%s\n\nIt is now:\n%s\n\n" "This could mean the server answering is not the known one.\n" "Do you want to continue connecting ?"), current_cert->host, known_cert_str, cur_cert_str); g_free(cur_cert_str); g_free(known_cert_str); result = ay_connection_verify(err_msg, _("Changed Certificate!"), data); g_free(err_msg); if (result) { ssl_certificate_save(current_cert); } ssl_certificate_destroy(current_cert); return result; } ssl_certificate_destroy(current_cert); ssl_certificate_destroy(known_cert); return TRUE; }