From a8d64a7a84ace27e2a92cf571ee11a138ab37a0e Mon Sep 17 00:00:00 2001 From: hiro Date: Tue, 12 Dec 2006 10:02:57 +0000 Subject: implemented SSL certificate dialog. git-svn-id: svn://sylpheed.sraoss.jp/sylpheed/trunk@1415 ee746299-78ed-0310-b773-934348b2243d --- ChangeLog | 6 +++ ChangeLog.ja | 6 +++ libsylph/ssl.c | 88 +++++++++++++++++++++++++++--- libsylph/ssl.h | 9 +++- po/POTFILES.in | 1 + po/ja.po | 113 ++++++++++++++++++++++++--------------- src/Makefile.am | 1 + src/main.c | 4 ++ src/sslmanager.c | 159 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/sslmanager.h | 40 ++++++++++++++ 10 files changed, 374 insertions(+), 53 deletions(-) create mode 100644 src/sslmanager.c create mode 100644 src/sslmanager.h diff --git a/ChangeLog b/ChangeLog index dfaeb552..6a8e9e60 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2006-12-12 + + * libsylph/ssl.[ch] + src/sslmanager.[ch] + src/main.c: implemented SSL certificate dialog. + 2006-12-12 * src/printing.c: draw_page(): fixed crash on the request of a page diff --git a/ChangeLog.ja b/ChangeLog.ja index 77206289..94fd8ed8 100644 --- a/ChangeLog.ja +++ b/ChangeLog.ja @@ -1,3 +1,9 @@ +2006-12-12 + + * libsylph/ssl.[ch] + src/sslmanager.[ch] + src/main.c: SSL 証明書ダイアログを実装。 + 2006-12-12 * src/printing.c: draw_page(): 範囲外のページの要求時のクラッシュを diff --git a/libsylph/ssl.c b/libsylph/ssl.c index d2721276..7b3c5c17 100644 --- a/libsylph/ssl.c +++ b/libsylph/ssl.c @@ -1,6 +1,6 @@ /* * LibSylph -- E-Mail client library - * Copyright (C) 1999-2005 Hiroyuki Yamamoto + * Copyright (C) 1999-2006 Hiroyuki Yamamoto * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -31,8 +31,13 @@ #include "utils.h" #include "ssl.h" -static SSL_CTX *ssl_ctx_SSLv23; -static SSL_CTX *ssl_ctx_TLSv1; +static SSL_CTX *ssl_ctx_SSLv23 = NULL; +static SSL_CTX *ssl_ctx_TLSv1 = NULL; + +static GSList *trust_list = NULL; +static GSList *reject_list = NULL; + +static SSLVerifyFunc verify_ui_func = NULL; void ssl_init(void) { @@ -76,12 +81,25 @@ void ssl_init(void) void ssl_done(void) { + GSList *cur; + + for (cur = trust_list; cur != NULL; cur = cur->next) + X509_free((X509 *)cur->data); + g_slist_free(trust_list); + trust_list = NULL; + for (cur = reject_list; cur != NULL; cur = cur->next) + X509_free((X509 *)cur->data); + g_slist_free(reject_list); + reject_list = NULL; + if (ssl_ctx_SSLv23) { SSL_CTX_free(ssl_ctx_SSLv23); + ssl_ctx_SSLv23 = NULL; } if (ssl_ctx_TLSv1) { SSL_CTX_free(ssl_ctx_TLSv1); + ssl_ctx_TLSv1 = NULL; } } @@ -90,6 +108,14 @@ gboolean ssl_init_socket(SockInfo *sockinfo) return ssl_init_socket_with_method(sockinfo, SSL_METHOD_SSLv23); } +static gint x509_cmp_func(gconstpointer a, gconstpointer b) +{ + const X509 *xa = a; + const X509 *xb = b; + + return X509_issuer_and_serial_cmp(xa, xb); +} + gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method) { X509 *server_cert; @@ -158,14 +184,55 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method) } verify_result = SSL_get_verify_result(sockinfo->ssl); - if (verify_result == X509_V_OK) + if (verify_result == X509_V_OK) { debug_print("SSL verify OK\n"); - else - g_warning("%s: SSL certificate verify failed (%ld: %s)\n", - sockinfo->hostname, verify_result, - X509_verify_cert_error_string(verify_result)); + X509_free(server_cert); + return TRUE; + } else if (g_slist_find_custom(trust_list, server_cert, + x509_cmp_func)) { + log_message("SSL certificate of %s previously accepted\n", sockinfo->hostname); + X509_free(server_cert); + return TRUE; + } else if (g_slist_find_custom(reject_list, server_cert, + x509_cmp_func)) { + log_message("SSL certificate of %s previously rejected\n", sockinfo->hostname); + X509_free(server_cert); + return FALSE; + } + + g_warning("%s: SSL certificate verify failed (%ld: %s)\n", + sockinfo->hostname, verify_result, + X509_verify_cert_error_string(verify_result)); + + if (verify_ui_func) { + gint res; + + res = verify_ui_func(sockinfo, sockinfo->hostname, + server_cert, verify_result); + /* 0: accept 1: temporarily accept -1: reject */ + if (res < 0) { + debug_print("SSL certificate of %s rejected\n", + sockinfo->hostname); + reject_list = g_slist_prepend + (reject_list, X509_dup(server_cert)); + X509_free(server_cert); + return FALSE; + } else if (res > 0) { + debug_print("Temporarily accept SSL certificate of %s\n", sockinfo->hostname); + trust_list = g_slist_prepend + (trust_list, X509_dup(server_cert)); + } else { + debug_print("Permanently accept SSL certificate of %s\n", sockinfo->hostname); + trust_list = g_slist_prepend + (trust_list, X509_dup(server_cert)); + } + } X509_free(server_cert); + } else { + g_warning("%s: couldn't get SSL certificate\n", + sockinfo->hostname); + return FALSE; } return TRUE; @@ -178,4 +245,9 @@ void ssl_done_socket(SockInfo *sockinfo) } } +void ssl_set_verify_func(SSLVerifyFunc func) +{ + verify_ui_func = func; +} + #endif /* USE_SSL */ diff --git a/libsylph/ssl.h b/libsylph/ssl.h index 5427f9b8..a9f690de 100644 --- a/libsylph/ssl.h +++ b/libsylph/ssl.h @@ -1,6 +1,6 @@ /* * LibSylph -- E-Mail client library - * Copyright (C) 1999-2005 Hiroyuki Yamamoto + * Copyright (C) 1999-2006 Hiroyuki Yamamoto * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -46,6 +46,11 @@ typedef enum { SSL_STARTTLS } SSLType; +typedef gint (*SSLVerifyFunc) (SockInfo *sockinfo, + const gchar *hostname, + X509 *server_cert, + glong verify_result); + void ssl_init (void); void ssl_done (void); gboolean ssl_init_socket (SockInfo *sockinfo); @@ -53,6 +58,8 @@ gboolean ssl_init_socket_with_method (SockInfo *sockinfo, SSLMethod method); void ssl_done_socket (SockInfo *sockinfo); +void ssl_set_verify_func (SSLVerifyFunc func); + #endif /* USE_SSL */ #endif /* __SSL_H__ */ diff --git a/po/POTFILES.in b/po/POTFILES.in index 7045d752..bb7f790f 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -87,6 +87,7 @@ src/send_message.c src/setup.c src/sigstatus.c src/sourcewindow.c +src/sslmanager.c src/statusbar.c src/subscribedialog.c src/summaryview.c diff --git a/po/ja.po b/po/ja.po index f70a5f2e..d4cb4404 100644 --- a/po/ja.po +++ b/po/ja.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sylpheed\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2006-12-11 13:45+0900\n" +"POT-Creation-Date: 2006-12-12 18:52+0900\n" "PO-Revision-Date: 1999-10-12\n" "Last-Translator: Hiroyuki Yamamoto \n" "Language-Team: Japanese \n" @@ -310,7 +310,7 @@ msgstr "腱糸腱糸筝с\n" msgid "Copying message %s%c%d to %s ...\n" msgstr "<祉若 %s%c%d %s 潟若障...\n" -#: libsylph/mh.c:965 libsylph/mh.c:978 src/main.c:148 +#: libsylph/mh.c:965 libsylph/mh.c:978 src/main.c:149 #, c-format msgid "" "File `%s' already exists.\n" @@ -546,50 +546,50 @@ msgstr "筝罩c SMTP 綽膈с\n" msgid "error occurred on SMTP session\n" msgstr "SMTP 祉激с割賢若榊障\n" -#: libsylph/ssl.c:54 +#: libsylph/ssl.c:59 msgid "SSLv23 not available\n" msgstr "SSLv23 с障\n" -#: libsylph/ssl.c:56 +#: libsylph/ssl.c:61 msgid "SSLv23 available\n" msgstr "SSLv23 純с\n" -#: libsylph/ssl.c:65 +#: libsylph/ssl.c:70 msgid "TLSv1 not available\n" msgstr "TLSv1 с障\n" -#: libsylph/ssl.c:67 +#: libsylph/ssl.c:72 msgid "TLSv1 available\n" msgstr "TLSv1 純с\n" -#: libsylph/ssl.c:101 libsylph/ssl.c:108 +#: libsylph/ssl.c:127 libsylph/ssl.c:134 msgid "SSL method not available\n" msgstr "SSL <純с障\n" -#: libsylph/ssl.c:114 +#: libsylph/ssl.c:140 msgid "Unknown SSL method *PROGRAM BUG*\n" msgstr "ャ SSL <純 *PROGRAM BUG*\n" -#: libsylph/ssl.c:120 +#: libsylph/ssl.c:146 msgid "Error creating ssl context\n" msgstr "ssl 潟潟鴻筝主榊\n" #. Get the cipher -#: libsylph/ssl.c:139 +#: libsylph/ssl.c:165 #, c-format msgid "SSL connection using %s\n" msgstr "%s SSL ・膓\n" -#: libsylph/ssl.c:148 +#: libsylph/ssl.c:174 msgid "Server certificate:\n" msgstr "泣若荐惹:\n" -#: libsylph/ssl.c:151 +#: libsylph/ssl.c:177 #, c-format msgid " Subject: %s\n" -msgstr " Subject: %s\n" +msgstr " : %s\n" -#: libsylph/ssl.c:156 +#: libsylph/ssl.c:182 #, c-format msgid " Issuer: %s\n" msgstr " 肴: %s\n" @@ -1177,11 +1177,11 @@ msgstr "掩≪" msgid "Personal address" msgstr "篋榊≪" -#: src/alertpanel.c:142 src/compose.c:5644 src/main.c:634 +#: src/alertpanel.c:142 src/compose.c:5644 src/main.c:638 msgid "Notice" msgstr "羈" -#: src/alertpanel.c:155 src/main.c:747 +#: src/alertpanel.c:155 src/main.c:751 msgid "Warning" msgstr "茘" @@ -2819,20 +2819,20 @@ msgstr "鴻若ュ" msgid "Protocol log" msgstr "潟" -#: src/main.c:196 +#: src/main.c:197 msgid "g_thread is not supported by glib.\n" msgstr "g_thread glib c泣若障\n" -#: src/main.c:415 +#: src/main.c:419 #, c-format msgid "Usage: %s [OPTION]...\n" msgstr "篏睡羈: %s [激с]...\n" -#: src/main.c:418 +#: src/main.c:422 msgid " --compose [address] open composition window" msgstr " --compose [address] <祉若娯c潟" -#: src/main.c:419 +#: src/main.c:423 msgid "" " --attach file1 [file2]...\n" " open composition window with specified files\n" @@ -2842,23 +2842,23 @@ msgstr "" " 絎<ゃ羞私<祉若娯\n" " c潟" -#: src/main.c:422 +#: src/main.c:426 msgid " --receive receive new messages" msgstr " --receive 亥<祉若吾篆<" -#: src/main.c:423 +#: src/main.c:427 msgid " --receive-all receive new messages of all accounts" msgstr " --receive-all ≪潟亥<祉若吾篆<" -#: src/main.c:424 +#: src/main.c:428 msgid " --send send all queued messages" msgstr " --send 篆≦罘筝<祉若吾鴻篆<" -#: src/main.c:425 +#: src/main.c:429 msgid " --status [folder]... show the total number of messages" msgstr " --status [folder]... <祉若吾膩違茵腓冴" -#: src/main.c:426 +#: src/main.c:430 msgid "" " --status-full [folder]...\n" " show the status of each folder" @@ -2866,36 +2866,36 @@ msgstr "" " --status-full [folder]...\n" " 倶茵腓冴" -#: src/main.c:428 +#: src/main.c:432 msgid "" " --configdir dirname specify directory which stores configuration files" msgstr " --configdir dirname 荐絎<ゃ主c絎" -#: src/main.c:429 +#: src/main.c:433 msgid " --exit exit Sylpheed" msgstr " --exit Sylpheed 腟篋" -#: src/main.c:430 +#: src/main.c:434 msgid " --debug debug mode" msgstr " --debug 違≪若" -#: src/main.c:431 +#: src/main.c:435 msgid " --help display this help and exit" msgstr " --help 茵腓冴腟篋" -#: src/main.c:432 +#: src/main.c:436 msgid " --version output version information and exit" msgstr " --version 若吾с恰宴阪腟篋" -#: src/main.c:436 +#: src/main.c:440 msgid "Press any key..." msgstr "篏若若..." -#: src/main.c:578 +#: src/main.c:582 msgid "Filename encoding" msgstr "<ゃ潟潟若c潟" -#: src/main.c:579 +#: src/main.c:583 msgid "" "The locale encoding is not UTF-8, but the environmental variable " "G_FILENAME_ENCODING is not set.\n" @@ -2918,19 +2918,19 @@ msgstr "" "\n" "膓茵障?" -#: src/main.c:635 +#: src/main.c:639 msgid "Composing message exists. Really quit?" msgstr "篏筝<祉若吾絖障綵腟篋障?" -#: src/main.c:646 +#: src/main.c:650 msgid "Queued messages" msgstr "篆≦罘筝<祉若" -#: src/main.c:647 +#: src/main.c:651 msgid "Some unsent messages are queued. Exit now?" msgstr "篆≦罘筝篆<<祉若吾障腟篋障?" -#: src/main.c:748 +#: src/main.c:752 msgid "" "GnuPG is not installed properly, or its version is too old.\n" "OpenPGP support disabled." @@ -2939,15 +2939,15 @@ msgstr "" "OpenPGP 泣若≦鴻с" #. remote command mode -#: src/main.c:911 +#: src/main.c:915 msgid "another Sylpheed is already running.\n" msgstr "ャ Sylpheed с莎桁障\n" -#: src/main.c:1155 +#: src/main.c:1159 msgid "Migration of configuration" msgstr "荐絎腱肢" -#: src/main.c:1156 +#: src/main.c:1160 msgid "" "The previous version of configuration found.\n" "Do you want to migrate it?" @@ -5885,19 +5885,19 @@ msgstr "潟若" msgid "Do you really want to delete this template?" msgstr "綵潟若ゃс?" -#: src/printing.c:450 +#: src/printing.c:494 msgid "The message will be printed with the following command:" msgstr "<祉若吾篁ヤ潟潟у医激障:" -#: src/printing.c:451 +#: src/printing.c:495 msgid "(Default print command)" msgstr "(√医激潟潟)" -#: src/printing.c:453 +#: src/printing.c:497 msgid "Print" msgstr "医" -#: src/printing.c:461 +#: src/printing.c:505 #, c-format msgid "" "Print command line is invalid:\n" @@ -6207,6 +6207,31 @@ msgstr "%s 純若鴻茵腓冴障...\n" msgid "%s - Source" msgstr "%s - 純若" +#: src/sslmanager.c:58 +msgid "SSL certificate verify failed" +msgstr "SSL 荐惹吾罎荐若с障" + +#: src/sslmanager.c:64 +#, c-format +msgid "" +"The SSL certificate of %s cannot be verified by the following reason:\n" +" %s\n" +"\n" +"Server certificate:\n" +" Subject: %s\n" +" Issuer: %s\n" +"\n" +"Do you accept this certificate?" +msgstr "" +"%s SSL 荐惹吾篁ヤ宴ф荐若с障:\n" +" %s\n" +"\n" +"泣若荐惹:\n" +" : %s\n" +" 肴: %s\n" +"\n" +"荐惹吾ャ障?" + #: src/subscribedialog.c:203 msgid "Subscribe to newsgroup" msgstr "ャ若鴻違若莖取" diff --git a/src/Makefile.am b/src/Makefile.am index 5c9f4222..df0c26e9 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -83,6 +83,7 @@ sylpheed_SOURCES = \ eggtrayicon.c eggtrayicon.h \ trayicon.c trayicon.h \ printing.c printing.h \ + sslmanager.c sslmanager.h \ quote_fmt_lex.l quote_fmt_lex.h \ quote_fmt_parse.y quote_fmt.h \ sylpheed-marshal.c sylpheed-marshal.h diff --git a/src/main.c b/src/main.c index b6c54ec8..54f2c318 100644 --- a/src/main.c +++ b/src/main.c @@ -86,6 +86,7 @@ #endif #if USE_SSL # include "ssl.h" +# include "sslmanager.h" #endif #ifdef G_OS_WIN32 @@ -208,6 +209,9 @@ int main(int argc, char *argv[]) set_ui_update_func(gtkut_events_flush); set_progress_func(main_window_progress_show); set_input_query_password_func(input_dialog_query_password); +#if USE_SSL + ssl_set_verify_func(ssl_manager_verify_cert); +#endif CHDIR_EXIT_IF_FAIL(get_home_dir(), 1); diff --git a/src/sslmanager.c b/src/sslmanager.c new file mode 100644 index 00000000..5e01bbb9 --- /dev/null +++ b/src/sslmanager.c @@ -0,0 +1,159 @@ +/* + * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client + * Copyright (C) 1999-2006 Hiroyuki Yamamoto + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#if USE_SSL + +#include "defs.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "ssl.h" +#include "sslmanager.h" +#include "manage_window.h" + +gint ssl_manager_verify_cert(SockInfo *sockinfo, const gchar *hostname, + X509 *server_cert, glong verify_result) +{ + static PangoFontDescription *font_desc; + GtkWidget *dialog; + GtkWidget *hbox; + GtkWidget *image; + GtkWidget *vbox; + GtkWidget *label; + const gchar *title; + gchar *message; + gchar *subject, *issuer; + gint result; + + if (verify_result == X509_V_OK) + return 0; + + title = _("SSL certificate verify failed"); + + subject = X509_NAME_oneline(X509_get_subject_name(server_cert), + NULL, 0); + issuer = X509_NAME_oneline(X509_get_issuer_name(server_cert), NULL, 0); + message = g_strdup_printf + (_("The SSL certificate of %s cannot be verified by the following reason:\n" + " %s\n\n" + "Server certificate:\n" + " Subject: %s\n" + " Issuer: %s\n\n" + "Do you accept this certificate?"), + hostname, X509_verify_cert_error_string(verify_result), + subject ? subject : "(unknown)", + issuer ? issuer : "(unknown)"); + g_free(issuer); + g_free(subject); + + dialog = gtk_dialog_new(); + gtk_window_set_title(GTK_WINDOW(dialog), title); + gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, FALSE); + gtk_window_set_position(GTK_WINDOW(dialog), + GTK_WIN_POS_CENTER_ON_PARENT); + gtk_window_set_modal(GTK_WINDOW(dialog), TRUE); + manage_window_set_transient(GTK_WINDOW(dialog)); + gtk_dialog_set_has_separator(GTK_DIALOG(dialog), FALSE); + gtk_widget_realize(dialog); + + hbox = gtk_hbox_new(FALSE, 12); + gtk_container_set_border_width(GTK_CONTAINER(hbox), 12); + gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), + hbox, FALSE, FALSE, 0); + + image = gtk_image_new_from_stock + (GTK_STOCK_DIALOG_WARNING, GTK_ICON_SIZE_DIALOG); + + gtk_misc_set_alignment(GTK_MISC(image), 0.5, 0.0); + gtk_box_pack_start(GTK_BOX(hbox), image, FALSE, FALSE, 0); + + vbox = gtk_vbox_new(FALSE, 12); + gtk_box_pack_start(GTK_BOX(hbox), vbox, TRUE, TRUE, 0); + + label = gtk_label_new(title); + gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0); + gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0); + gtk_label_set_line_wrap(GTK_LABEL(label), TRUE); + + if (!font_desc) { + gint size; + + size = pango_font_description_get_size + (label->style->font_desc); + font_desc = pango_font_description_new(); + pango_font_description_set_weight + (font_desc, PANGO_WEIGHT_BOLD); + pango_font_description_set_size + (font_desc, size * PANGO_SCALE_LARGE); + } + if (font_desc) + gtk_widget_modify_font(label, font_desc); + + label = gtk_label_new(message); + g_free(message); + gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0); + gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0); + gtk_label_set_line_wrap(GTK_LABEL(label), TRUE); + gtk_label_set_selectable(GTK_LABEL(label), TRUE); + GTK_WIDGET_UNSET_FLAGS(label, GTK_CAN_FOCUS); +#ifdef G_OS_WIN32 + { + GtkStyle *style; + style = gtk_widget_get_style(dialog); + gtk_widget_modify_base(label, GTK_STATE_ACTIVE, + &style->base[GTK_STATE_SELECTED]); + gtk_widget_modify_text(label, GTK_STATE_ACTIVE, + &style->text[GTK_STATE_SELECTED]); + } +#endif + + gtk_dialog_add_buttons(GTK_DIALOG(dialog), + GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, + GTK_STOCK_OK, GTK_RESPONSE_OK, + NULL); + gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); + + gtk_widget_show_all(dialog); + + result = gtk_dialog_run(GTK_DIALOG(dialog)); + gtk_widget_destroy(dialog); + + switch (result) { + case GTK_RESPONSE_OK: + return 1; + case GTK_RESPONSE_CANCEL: + default: + break; + } + + return -1; +} + +#endif /* USE_SSL */ diff --git a/src/sslmanager.h b/src/sslmanager.h new file mode 100644 index 00000000..92b9b0da --- /dev/null +++ b/src/sslmanager.h @@ -0,0 +1,40 @@ +/* + * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client + * Copyright (C) 1999-2006 Hiroyuki Yamamoto + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef __SSLMANAGER_H__ +#define __SSLMANAGER_H__ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#if USE_SSL + +#include + +#include "ssl.h" + +gint ssl_manager_verify_cert (SockInfo *sockinfo, + const gchar *hostname, + X509 *server_cert, + glong verify_result); + +#endif /* USE_SSL */ + +#endif /* __MAIN_H__ */ -- cgit v1.2.3