[commit] isync/src

Oswald Buddenhagen Sat, 12 Apr 2008 01:58:59 -0700

CVS commit by ossi: 

- accept unset CertificateFile
- print the certificate's fingerprint
- make the certificate acceptance prompt much less scary



  M +14 -10    drv_imap.c   1.35


--- isync/src/drv_imap.c  #1.34:1.35
@@ -189,7 +189,9 @@ verify_cert( SSL *ssl )
 {
        X509 *cert;
+       BIO *bio;
        int err;
+       unsigned n, i;
        char buf[256];
-       BIO *bio;
+       unsigned char md[EVP_MAX_MD_SIZE];
 
        cert = SSL_get_peer_certificate( ssl );
@@ -220,13 +222,16 @@ verify_cert( SSL *ssl )
        BIO_free( bio );
        info( "      to:   %s\n", buf );
+       if (!X509_digest( cert, EVP_md5(), md, &n ))
+               info( "*** Unable to calculate fingerprint\n" );
+       else {
+               info( "Fingerprint: " );
+               for (i = 0; i < n; i += 2)
+                       info( "%02X%02X ", md[i], md[i + 1] );
+               info( "\n" );
+       }
 
-       fputs( "\n*** WARNING ***  There is no way to verify this certificate.  
It is\n"
-              "                 possible that a hostile attacker has replaced 
the\n"
-              "                 server certificate.  Continue at your own 
risk!\n"
-              "\nAccept this certificate anyway? [no]: ",  stderr );
-       if (fgets( buf, sizeof(buf), stdin ) && (buf[0] == 'y' || buf[0] == 
'Y')) {
-               error( "\n*** Fine, but don't say I didn't warn you!\n\n" );
+       fputs( "\nAccept certificate? [y/N]: ",  stderr );
+       if (fgets( buf, sizeof(buf), stdin ) && (buf[0] == 'y' || buf[0] == 
'Y'))
                return 0;
-       }
        return -1;
 }
@@ -246,6 +251,5 @@ init_ssl_ctx( imap_store_t *ctx )
 
        if (!srvc->cert_file) {
-               error( "Error, CertificateFile not defined\n" );
-               return -1;
+               info( "Note: CertificateFile not defined\n" );
        } else if (!SSL_CTX_load_verify_locations( ctx->SSLContext, 
srvc->cert_file, NULL )) {
                error( "Error while loading certificate file '%s': %s\n",



-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel

[commit] isync/src

Reply via email to