static int check_certificate_by_digest (X509 *peercert)
{
unsigned char peermd[EVP_MAX_MD_SIZE];
unsigned int peermdlen;
X509 *cert = NULL;
int pass = 0;
FILE *fp;
/* expiration check */
if (option (OPTSSLVERIFYDATES) != M_NO)
{
if (X509_cmp_current_time (X509_get_notBefore (peercert)) >= 0)
{
dprint (2, (debugfile, "Server certificate is not yet valid\n"));
mutt_error (_("Server certificate is not yet valid"));
mutt_sleep (2);
return 0;
}
if (X509_cmp_current_time (X509_get_notAfter (peercert)) <= 0)
{
dprint (2, (debugfile, "Server certificate has expired"));
mutt_error (_("Server certificate has expired"));
mutt_sleep (2);
return 0;
}
}
if ((fp = fopen (SslCertFile, "rt")) == NULL)
return 0;
if (!X509_digest (peercert, EVP_sha1(), peermd, &peermdlen))
{
safe_fclose (&fp);
return 0;
}
while ((cert = READ_X509_KEY (fp, &cert)) != NULL)
{
pass = compare_certificates (cert, peercert, peermd, peermdlen) ? 0 : 1;
if (pass)
break;
}
X509_free (cert);
safe_fclose (&fp);
return pass;
}
bool SSLConnection::checkCertDigest() {
unsigned char peermd[EVP_MAX_MD_SIZE];
unsigned int peermdlen;
X509 *c = NULL;
bool pass = false;
FILE *fp;
buffer_t msg;
buffer_init(&msg);
/* expiration check */
if (X509_cmp_current_time (X509_get_notBefore (cert)) >= 0) {
buffer_shrink(&msg,0);
buffer_add_str(&msg,_("Server certificate is not yet valid."),-1);
displayError.emit(&msg);
buffer_free(&msg);
return 0;
}
if (X509_cmp_current_time (X509_get_notAfter (cert)) <= 0) {
buffer_shrink(&msg,0);
buffer_add_str(&msg,_("Server certificate has expired."),-1);
displayError.emit(&msg);
buffer_free(&msg);
return 0;
}
buffer_free(&msg);
if ((fp = fopen (SSLCertFile, "rt")) == NULL)
return false;
if (!X509_digest (cert, EVP_sha1 (), peermd, &peermdlen)) {
fclose (fp);
return false;
}
while ((c = READ_X509_KEY (fp, &c)) != NULL) {
pass = X509_cmp (c, peermd, peermdlen);
if (pass)
break;
}
X509_free(c);
fclose (fp);
return pass;
}
