static void ssl_manager_delete_cb(GtkWidget *widget,
gpointer data)
{
SSLCertificate *cert;
int val;
GtkTreeIter sel;
GtkTreeModel *model;
if (!gtk_tree_selection_get_selected(gtk_tree_view_get_selection
(GTK_TREE_VIEW(manager.certlist)),
&model, &sel))
return;
gtk_tree_model_get(model, &sel,
SSL_MANAGER_CERT, &cert,
-1);
if (!cert)
return;
val = alertpanel_full(_("Delete certificate"),
_("Do you really want to delete this certificate?"),
GTK_STOCK_CANCEL, GTK_STOCK_DELETE, NULL, FALSE,
NULL, ALERT_WARNING, G_ALERTDEFAULT);
if (val != G_ALERTALTERNATE)
return;
ssl_certificate_delete_from_disk(cert);
ssl_certificate_destroy(cert);
gtk_list_store_remove(GTK_LIST_STORE(model), &sel);
}
static void ssl_manager_delete_cb(GtkWidget *widget,
gpointer data)
{
SSLCertificate *cert;
GList *rowlist;
int val;
rowlist = GTK_CLIST(manager.certlist)->selection;
if (!rowlist)
return;
cert = gtk_ctree_node_get_row_data
(GTK_CTREE(manager.certlist),
GTK_CTREE_NODE(rowlist->data));
if (!cert)
return;
val = alertpanel(_("Delete certificate"),
_("Do you really want to delete this certificate?"),
_("Yes"), _("+No"), NULL);
if (val != G_ALERTDEFAULT)
return;
ssl_certificate_delete_from_disk(cert);
ssl_certificate_destroy(cert);
gtk_ctree_remove_node(GTK_CTREE(manager.certlist), GTK_CTREE_NODE(rowlist->data));
}
static void ssl_manager_delete_cb(GtkWidget *widget,
gpointer data)
{
SSLCertificate *cert;
int val;
GtkTreeIter iter;
GtkTreeModel *model;
cert = gtkut_tree_view_get_selected_pointer(
GTK_TREE_VIEW(manager.certlist), SSL_MANAGER_CERT,
&model, NULL, &iter);
if (!cert)
return;
val = alertpanel_full(_("Delete certificate"),
_("Do you really want to delete this certificate?"),
GTK_STOCK_CANCEL, GTK_STOCK_DELETE, NULL, ALERTFOCUS_FIRST,
FALSE, NULL, ALERT_WARNING);
if (val != G_ALERTALTERNATE)
return;
ssl_certificate_delete_from_disk(cert);
ssl_certificate_destroy(cert);
gtk_list_store_remove(GTK_LIST_STORE(model), &iter);
}
static SSLCertificate *ssl_certificate_new_lookup(X509 *x509_cert,
const char *host, int port, int lookup)
{
SSLCertificate *cert = g_new0(SSLCertificate, 1);
if (host == NULL || x509_cert == NULL) {
ssl_certificate_destroy(cert);
return NULL;
}
cert->x509_cert = X509_dup(x509_cert);
if (lookup)
cert->host = get_fqdn(host, port);
else
cert->host = g_strdup(host);
cert->port = port;
return cert;
}
int ssl_certificate_check(X509 *x509_cert, const char *host, int port,
void *data)
{
SSLCertificate *current_cert =
ssl_certificate_new(x509_cert, host, port);
SSLCertificate *known_cert;
if (current_cert == NULL) {
eb_debug(DBG_CORE, "Buggy certificate !\n");
return FALSE;
}
eb_debug(DBG_CORE, "%s%d\n", host, port);
known_cert = ssl_certificate_find(host, port);
if (known_cert == NULL) {
char *err_msg, *cur_cert_str, *sig_status;
int result = 0;
sig_status = ssl_certificate_check_signer(x509_cert);
if (sig_status == NULL) {
char buf[1024];
if (X509_NAME_get_text_by_NID(X509_get_subject_name
(x509_cert), NID_commonName, buf,
100) >= 0)
if (!strcmp(buf, current_cert->host)) {
ssl_certificate_save(current_cert);
ssl_certificate_destroy(current_cert);
return TRUE;
}
} else
g_free(sig_status);
cur_cert_str = ssl_certificate_to_string(current_cert);
err_msg =
g_strdup_printf(_
("The server <b>%s</b> presented an unknown SSL certificate:\n\n%s\n\n"
"Do you want to continue connecting?"),
current_cert->host, cur_cert_str);
result = ay_connection_verify(err_msg,
_("Unknown Certificate!"), data);
g_free(cur_cert_str);
g_free(err_msg);
if (result) {
ssl_certificate_save(current_cert);
}
ssl_certificate_destroy(current_cert);
return result;
} else if (!ssl_certificate_compare(current_cert, known_cert)) {
char *err_msg, *known_cert_str, *cur_cert_str;
int result = -1;
known_cert_str = ssl_certificate_to_string(known_cert);
cur_cert_str = ssl_certificate_to_string(current_cert);
err_msg =
g_strdup_printf(_
("%s's SSL certificate changed!\nWe have saved this one:\n%s\n\nIt is now:\n%s\n\n"
"This could mean the server answering is not the known one.\n"
"Do you want to continue connecting ?"),
current_cert->host, known_cert_str, cur_cert_str);
g_free(cur_cert_str);
g_free(known_cert_str);
result = ay_connection_verify(err_msg,
_("Changed Certificate!"), data);
g_free(err_msg);
if (result) {
ssl_certificate_save(current_cert);
}
ssl_certificate_destroy(current_cert);
return result;
}
ssl_certificate_destroy(current_cert);
ssl_certificate_destroy(known_cert);
return TRUE;
}
