static void ssl_manager_load_certs (void)
{
GDir *dir;
const gchar *d;
GError *error = NULL;
gchar *path;
int row = 0;
GtkListStore *store;
store = GTK_LIST_STORE(gtk_tree_view_get_model
(GTK_TREE_VIEW(manager.certlist)));
gtk_list_store_clear(store);
path = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
"certs", G_DIR_SEPARATOR_S, NULL);
if((dir = g_dir_open(path, 0, &error)) == NULL) {
debug_print("couldn't open dir '%s': %s (%d)\n", path,
error->message, error->code);
g_error_free(error);
return;
}
while ((d = g_dir_read_name(dir)) != NULL) {
gchar *server = NULL, *port = NULL, *fp = NULL;
SSLCertificate *cert;
if(strstr(d, ".cert") != d + (strlen(d) - strlen(".cert")))
continue;
get_serverport(d, &server, &port);
fp = get_fingerprint(d);
if (server != NULL && port != NULL) {
gint portnum = atoi(port);
if (portnum > 0 && portnum <= 65535) {
cert = ssl_certificate_find(server, portnum, fp);
ssl_manager_list_view_insert_cert(manager.certlist, NULL,
server, port, cert);
}
}
g_free(server);
g_free(port);
g_free(fp);
row++;
}
g_dir_close(dir);
g_free(path);
}
static void ssl_manager_load_certs (void)
{
DIR *dir;
struct dirent *d;
gchar *path;
int row = 0;
GtkListStore *store;
store = GTK_LIST_STORE(gtk_tree_view_get_model
(GTK_TREE_VIEW(manager.certlist)));
gtk_list_store_clear(store);
path = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S,
"certs", G_DIR_SEPARATOR_S, NULL);
if((dir = opendir(path)) == NULL) {
perror("opendir");
return;
}
while ((d = readdir(dir)) != NULL) {
gchar *server, *port, *fp;
SSLCertificate *cert;
if(!strstr(d->d_name, ".cert"))
continue;
server = get_server(d->d_name);
port = get_port(d->d_name);
fp = get_fingerprint(d->d_name);
cert = ssl_certificate_find(server, atoi(port), fp);
ssl_manager_list_view_insert_cert(manager.certlist, NULL,
server, port, cert);
g_free(server);
g_free(port);
g_free(fp);
row++;
}
closedir(dir);
g_free(path);
}
int ssl_certificate_check(X509 *x509_cert, const char *host, int port,
void *data)
{
SSLCertificate *current_cert =
ssl_certificate_new(x509_cert, host, port);
SSLCertificate *known_cert;
if (current_cert == NULL) {
eb_debug(DBG_CORE, "Buggy certificate !\n");
return FALSE;
}
eb_debug(DBG_CORE, "%s%d\n", host, port);
known_cert = ssl_certificate_find(host, port);
if (known_cert == NULL) {
char *err_msg, *cur_cert_str, *sig_status;
int result = 0;
sig_status = ssl_certificate_check_signer(x509_cert);
if (sig_status == NULL) {
char buf[1024];
if (X509_NAME_get_text_by_NID(X509_get_subject_name
(x509_cert), NID_commonName, buf,
100) >= 0)
if (!strcmp(buf, current_cert->host)) {
ssl_certificate_save(current_cert);
ssl_certificate_destroy(current_cert);
return TRUE;
}
} else
g_free(sig_status);
cur_cert_str = ssl_certificate_to_string(current_cert);
err_msg =
g_strdup_printf(_
("The server <b>%s</b> presented an unknown SSL certificate:\n\n%s\n\n"
"Do you want to continue connecting?"),
current_cert->host, cur_cert_str);
result = ay_connection_verify(err_msg,
_("Unknown Certificate!"), data);
g_free(cur_cert_str);
g_free(err_msg);
if (result) {
ssl_certificate_save(current_cert);
}
ssl_certificate_destroy(current_cert);
return result;
} else if (!ssl_certificate_compare(current_cert, known_cert)) {
char *err_msg, *known_cert_str, *cur_cert_str;
int result = -1;
known_cert_str = ssl_certificate_to_string(known_cert);
cur_cert_str = ssl_certificate_to_string(current_cert);
err_msg =
g_strdup_printf(_
("%s's SSL certificate changed!\nWe have saved this one:\n%s\n\nIt is now:\n%s\n\n"
"This could mean the server answering is not the known one.\n"
"Do you want to continue connecting ?"),
current_cert->host, known_cert_str, cur_cert_str);
g_free(cur_cert_str);
g_free(known_cert_str);
result = ay_connection_verify(err_msg,
_("Changed Certificate!"), data);
g_free(err_msg);
if (result) {
ssl_certificate_save(current_cert);
}
ssl_certificate_destroy(current_cert);
return result;
}
ssl_certificate_destroy(current_cert);
ssl_certificate_destroy(known_cert);
return TRUE;
}
