1 --- encompass-0.5.99.3/src/encompass-http.c.orig Sat May 31 19:38:52 2003
2 +++ encompass-0.5.99.3/src/encompass-http.c Fri Jul 4 13:23:51 2003
4 if (!g_strcasecmp ("https", uri->protocol)) {
5 ne_ssl_set_verify (session->session,
6 (void *) encompass_ssl_verify, window);
7 - ne_ssl_provide_ccert (session->session,
8 - (void *) encompass_ssl_provide_cert, window);
9 - ne_ssl_load_default_ca (session->session);
10 + ne_ssl_provide_clicert (session->session,
11 + encompass_ssl_provide_cert, window);
12 + ne_ssl_trust_default_ca (session->session);
14 if (window->prefs->use_proxy) {
15 ne_session_proxy (session->session, window->prefs->proxy_host,
16 --- encompass-0.5.99.3/src/encompass-ssl.c.orig Sat May 31 19:00:18 2003
17 +++ encompass-0.5.99.3/src/encompass-ssl.c Fri Jul 4 13:25:53 2003
25 gchar * sOrganization;
32 gchar * iOrganization;
37 static gboolean IS_THIS_SSL_CERT_GOOD_BECAUSE_NEON_IS_ON_CRACK;
42 - g_free (key->sCountry);
43 - g_free (key->sState);
44 - g_free (key->sLocality);
45 g_free (key->sOrganization);
46 - g_free (key->sOrgUnit);
47 - g_free (key->sCNAME);
49 - g_free (key->iCountry);
50 - g_free (key->iState);
51 - g_free (key->iLocality);
52 g_free (key->iOrganization);
53 - g_free (key->iOrgUnit);
54 - g_free (key->iCNAME);
57 static void * e_for_each (gchar * key, ESSLCert * value,
58 const ne_ssl_certificate * cert) {
59 const ESSLCert * crack;
62 crack = g_hash_table_lookup (ECerts, key);
63 + certdn = ne_ssl_readable_dname (ne_ssl_cert_subject (cert));
65 - if (!strcmp (crack->sCNAME, cert->subject->commonName) &&
66 - !strcmp (key, cert->subject->commonName)) {
67 + if (!strcmp (crack->sOrganization, certdn) &&
68 + !strcmp (key, certdn)) {
69 IS_THIS_SSL_CERT_GOOD_BECAUSE_NEON_IS_ON_CRACK = TRUE;
71 IS_THIS_SSL_CERT_GOOD_BECAUSE_NEON_IS_ON_CRACK = FALSE;
76 + char cert_from[NE_SSL_VDATELEN], cert_until[NE_SSL_VDATELEN];
78 /* TODO: Implement a real dialog and better error checking */
81 errmsg = g_strdup (_("Certificate has expired.\n\n"
82 "Do you wish to continue?"));
84 - if (failures & NE_SSL_UNKNOWNCA) {
85 + if (failures & NE_SSL_UNTRUSTED) {
86 errmsg = g_strdup (_("The security certificate was issued by a company\n"
87 "you have not chosen to trust.\n\n"
88 "Do you wish to continue?"));
90 - if (failures & NE_SSL_CNMISMATCH) {
91 + if (failures & NE_SSL_IDMISMATCH) {
92 errmsg = g_strdup (_("The hostname of the certificate does not match\n"
93 "the hostname of the server.\n\n"
94 "Do you wish to continue?"));
97 /* TODO: These need to go in some sort of "View Cert" dialog instead */
99 - printf ("DEBUG: Valid from %s until %s\n", cert->from, cert->until);
100 - printf ("DEBUG: Issued by: %s\n", cert->issuer->organization);
101 - printf ("DEBUG: Issued to: %s\n", cert->subject->organization);
102 - printf ("DEBUG: Domain: %s\n", cert->subject->commonName);
103 + ne_ssl_cert_validity (cert, cert_from, cert_until);
104 + printf ("DEBUG: Valid from %s until %s\n", cert_from, cert_until);
105 + printf ("DEBUG: Issued by: %s\n", ne_ssl_readable_dname (ne_ssl_cert_issuer (cert)));
106 + printf ("DEBUG: Issued to: %s\n", ne_ssl_readable_dname (ne_ssl_cert_subject (cert)));
108 mbox = gnome_message_box_new (errmsg, GNOME_MESSAGE_BOX_WARNING,
109 GNOME_STOCK_BUTTON_YES,
112 ecert = g_new0 (ESSLCert, 1);
114 - ecert->from = g_strdup (cert->from);
115 - ecert->to = g_strdup (cert->until);
116 + ecert->from = g_strdup (cert_from);
117 + ecert->to = g_strdup (cert_until);
119 - ecert->sCountry = g_strdup (cert->subject->country);
120 - ecert->sState = g_strdup (cert->subject->state);
121 - ecert->sLocality = g_strdup (cert->subject->locality);
122 - ecert->sOrganization = g_strdup (cert->subject->organization);
123 - ecert->sOrgUnit = g_strdup (cert->subject->organizationalUnit);
124 - ecert->sCNAME = g_strdup (cert->subject->commonName);
126 - ecert->iCountry = g_strdup (cert->issuer->country);
127 - ecert->iState = g_strdup (cert->issuer->state);
128 - ecert->iLocality = g_strdup (cert->issuer->locality);
129 - ecert->iOrganization = g_strdup (cert->issuer->organization);
130 - ecert->iOrgUnit = g_strdup (cert->issuer->organizationalUnit);
131 - ecert->iCNAME = g_strdup (cert->issuer->commonName);
132 + ecert->sOrganization = g_strdup (ne_ssl_readable_dname (ne_ssl_cert_subject (cert)));
134 - g_hash_table_insert (ECerts, ecert->sCNAME, ecert);
135 + ecert->iOrganization = g_strdup (ne_ssl_readable_dname (ne_ssl_cert_issuer (cert)));
137 + g_hash_table_insert (ECerts, ecert->sOrganization, ecert);
143 void * encompass_ssl_provide_cert (BrowserWindow * window,
144 ne_session * session,
145 - const ne_ssl_dname * dname) {
146 - printf ("DEBUG: server: %s\n", ne_ssl_readable_dname (dname));
147 + const ne_ssl_dname *const *dnames,
150 + printf ("DEBUG: server: %s\n", ne_ssl_readable_dname (dnames[0]));
152 --- encompass-0.5.99.3/src/encompass-goto.c.orig Wed May 14 01:46:12 2003
153 +++ encompass-0.5.99.3/src/encompass-goto.c Fri Jul 4 13:20:02 2003
156 if (!g_strcasecmp ("https", uri->protocol)) {
157 ne_ssl_set_verify (session, (void *) encompass_ssl_verify, window);
158 - ne_ssl_provide_ccert (session, (void *) encompass_ssl_provide_cert,
159 + ne_ssl_provide_clicert (session, encompass_ssl_provide_cert,
161 - ne_ssl_load_default_ca (session);
162 + ne_ssl_trust_default_ca (session);
164 if (window->prefs->use_proxy) {
165 ne_session_proxy (session, window->prefs->proxy_host,
166 --- encompass-0.5.99.3/src/encompass-ssl.h.orig Wed May 14 01:46:13 2003
167 +++ encompass-0.5.99.3/src/encompass-ssl.h Fri Jul 4 13:19:57 2003
169 const ne_ssl_certificate * cert);
170 void * encompass_ssl_provide_cert (BrowserWindow * window,
171 ne_session * session,
172 - const ne_ssl_dname * dname);
173 + const ne_ssl_dname *const *dnames,