On Tue, May 16, 2000 at 12:41:27PM +0300, Tommi Komulainen wrote:
> On Wed, May 10, 2000 at 02:05:30PM +0200, Andre Wobst wrote:
> > Hi,
> >
> > I've troubles with the imap ssl certificates, saved in the file
> > certificate_file, which I set to ~/.mutt.certificate_file in my
> > ~/.muttrc. If I do so, I can accept a certificate not only once but
> > always (otherwise this option isn't available). The certificate is
> > stored in the file ~/.mutt.certificate_file. But next time I start
> > mutt again, it asks me again for the certificate check. If I accept it
> > again, the certificate is again added to the file
> > ~/.mutt.certificate_file and it is exactly the same like before -- now
> > stored twice in the same file. How can I store the certificate that
> > way, that mutt acceptes it automatically next time -- what's wrong in
> > the way I'm doing it?
>
> For starters, you're doing nothing wrong, mutt is.
Please find attached a patch that fixes this bug.
> I'll see if I can fix this once I have the time. I really should start
> reading for some exams... :)
Oh dear. Well, there's always tomorrow...
--
Tommi Komulainen [EMAIL PROTECTED]
? Muttrc.head
Index: imap/imap_ssl.c
===================================================================
RCS file: /home/roessler/cvs/mutt/imap/imap_ssl.c,v
retrieving revision 1.12
diff -u -r1.12 imap_ssl.c
--- imap/imap_ssl.c 2000/04/26 07:32:42 1.12
+++ imap/imap_ssl.c 2000/05/16 21:56:14
@@ -284,7 +284,40 @@
}
}
+static int check_certificate_file (X509 *peercert)
+{
+ unsigned char peermd[EVP_MAX_MD_SIZE];
+ unsigned int peermdlen;
+ X509 *cert = NULL;
+ int pass = 0;
+ FILE *fp;
+
+ if (!X509_digest (peercert, EVP_sha1(), peermd, &peermdlen))
+ return 0;
+
+ if ((fp = fopen (SslCertFile, "rt")) == NULL)
+ return 0;
+
+ while ((cert = READ_X509_KEY (fp, &cert)) != NULL)
+ {
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdlen;
+
+ if (!X509_digest (cert, EVP_sha1(), md, &mdlen) || peermdlen != mdlen)
+ continue;
+
+ if (memcmp(peermd, md, mdlen) == 0)
+ {
+ X509_free (cert);
+ pass = 1;
+ break;
+ }
+ }
+ fclose (fp);
+ return pass;
+}
+
static int ssl_check_certificate (sslsockdata * data)
{
char *part[] =
@@ -297,23 +330,8 @@
char *line = NULL, *c;
/* automatic check from user's database */
- if ((fp = fopen (SslCertFile, "rt")))
- {
- EVP_PKEY *peer = X509_get_pubkey (data->cert);
- X509 *savedkey = NULL;
- int pass = 0;
- while ((savedkey = READ_X509_KEY (fp, &savedkey)))
- {
- if (X509_verify (savedkey, peer))
- {
- pass = 1;
- break;
- }
- }
- fclose (fp);
- if (pass)
- return 1;
- }
+ if (SslCertFile && check_certificate_file (data->cert))
+ return 1;
menu = mutt_new_menu ();
menu->max = 15;
PGP signature
