--- encompass-0.5.99.3/src/encompass-http.c.orig Sat May 31 19:38:52 2003 +++ encompass-0.5.99.3/src/encompass-http.c Fri Jul 4 13:23:51 2003 @@ -142,9 +142,9 @@ if (!g_strcasecmp ("https", uri->protocol)) { ne_ssl_set_verify (session->session, (void *) encompass_ssl_verify, window); - ne_ssl_provide_ccert (session->session, - (void *) encompass_ssl_provide_cert, window); - ne_ssl_load_default_ca (session->session); + ne_ssl_provide_clicert (session->session, + encompass_ssl_provide_cert, window); + ne_ssl_trust_default_ca (session->session); } if (window->prefs->use_proxy) { ne_session_proxy (session->session, window->prefs->proxy_host, --- encompass-0.5.99.3/src/encompass-ssl.c.orig Sat May 31 19:00:18 2003 +++ encompass-0.5.99.3/src/encompass-ssl.c Fri Jul 4 13:25:53 2003 @@ -4,19 +4,9 @@ gchar * from; gchar * to; - gchar * sCountry; - gchar * sState; - gchar * sLocality; gchar * sOrganization; - gchar * sOrgUnit; - gchar * sCNAME; - gchar * iCountry; - gchar * iState; - gchar * iLocality; gchar * iOrganization; - gchar * iOrgUnit; - gchar * iCNAME; }; static gboolean IS_THIS_SSL_CERT_GOOD_BECAUSE_NEON_IS_ON_CRACK; @@ -25,29 +15,21 @@ g_free (key->from); g_free (key->to); - g_free (key->sCountry); - g_free (key->sState); - g_free (key->sLocality); g_free (key->sOrganization); - g_free (key->sOrgUnit); - g_free (key->sCNAME); - g_free (key->iCountry); - g_free (key->iState); - g_free (key->iLocality); g_free (key->iOrganization); - g_free (key->iOrgUnit); - g_free (key->iCNAME); } static void * e_for_each (gchar * key, ESSLCert * value, const ne_ssl_certificate * cert) { const ESSLCert * crack; + char * certdn; crack = g_hash_table_lookup (ECerts, key); + certdn = ne_ssl_readable_dname (ne_ssl_cert_subject (cert)); - if (!strcmp (crack->sCNAME, cert->subject->commonName) && - !strcmp (key, cert->subject->commonName)) { + if (!strcmp (crack->sOrganization, certdn) && + !strcmp (key, certdn)) { IS_THIS_SSL_CERT_GOOD_BECAUSE_NEON_IS_ON_CRACK = TRUE; } else { IS_THIS_SSL_CERT_GOOD_BECAUSE_NEON_IS_ON_CRACK = FALSE; @@ -60,6 +42,7 @@ gchar * errmsg; gint retval; ESSLCert * foobar; + char cert_from[NE_SSL_VDATELEN], cert_until[NE_SSL_VDATELEN]; /* TODO: Implement a real dialog and better error checking */ @@ -78,12 +61,12 @@ errmsg = g_strdup (_("Certificate has expired.\n\n" "Do you wish to continue?")); } - if (failures & NE_SSL_UNKNOWNCA) { + if (failures & NE_SSL_UNTRUSTED) { errmsg = g_strdup (_("The security certificate was issued by a company\n" "you have not chosen to trust.\n\n" "Do you wish to continue?")); } - if (failures & NE_SSL_CNMISMATCH) { + if (failures & NE_SSL_IDMISMATCH) { errmsg = g_strdup (_("The hostname of the certificate does not match\n" "the hostname of the server.\n\n" "Do you wish to continue?")); @@ -95,10 +78,10 @@ /* TODO: These need to go in some sort of "View Cert" dialog instead */ - printf ("DEBUG: Valid from %s until %s\n", cert->from, cert->until); - printf ("DEBUG: Issued by: %s\n", cert->issuer->organization); - printf ("DEBUG: Issued to: %s\n", cert->subject->organization); - printf ("DEBUG: Domain: %s\n", cert->subject->commonName); + ne_ssl_cert_validity (cert, cert_from, cert_until); + printf ("DEBUG: Valid from %s until %s\n", cert_from, cert_until); + printf ("DEBUG: Issued by: %s\n", ne_ssl_readable_dname (ne_ssl_cert_issuer (cert))); + printf ("DEBUG: Issued to: %s\n", ne_ssl_readable_dname (ne_ssl_cert_subject (cert))); mbox = gnome_message_box_new (errmsg, GNOME_MESSAGE_BOX_WARNING, GNOME_STOCK_BUTTON_YES, @@ -110,24 +93,14 @@ ecert = g_new0 (ESSLCert, 1); - ecert->from = g_strdup (cert->from); - ecert->to = g_strdup (cert->until); + ecert->from = g_strdup (cert_from); + ecert->to = g_strdup (cert_until); - ecert->sCountry = g_strdup (cert->subject->country); - ecert->sState = g_strdup (cert->subject->state); - ecert->sLocality = g_strdup (cert->subject->locality); - ecert->sOrganization = g_strdup (cert->subject->organization); - ecert->sOrgUnit = g_strdup (cert->subject->organizationalUnit); - ecert->sCNAME = g_strdup (cert->subject->commonName); - - ecert->iCountry = g_strdup (cert->issuer->country); - ecert->iState = g_strdup (cert->issuer->state); - ecert->iLocality = g_strdup (cert->issuer->locality); - ecert->iOrganization = g_strdup (cert->issuer->organization); - ecert->iOrgUnit = g_strdup (cert->issuer->organizationalUnit); - ecert->iCNAME = g_strdup (cert->issuer->commonName); + ecert->sOrganization = g_strdup (ne_ssl_readable_dname (ne_ssl_cert_subject (cert))); - g_hash_table_insert (ECerts, ecert->sCNAME, ecert); + ecert->iOrganization = g_strdup (ne_ssl_readable_dname (ne_ssl_cert_issuer (cert))); + + g_hash_table_insert (ECerts, ecert->sOrganization, ecert); } return retval; @@ -135,6 +108,8 @@ void * encompass_ssl_provide_cert (BrowserWindow * window, ne_session * session, - const ne_ssl_dname * dname) { - printf ("DEBUG: server: %s\n", ne_ssl_readable_dname (dname)); + const ne_ssl_dname *const *dnames, + int dncount) { + if (dncount > 0) + printf ("DEBUG: server: %s\n", ne_ssl_readable_dname (dnames[0])); } --- encompass-0.5.99.3/src/encompass-goto.c.orig Wed May 14 01:46:12 2003 +++ encompass-0.5.99.3/src/encompass-goto.c Fri Jul 4 13:20:02 2003 @@ -76,9 +76,9 @@ if (!g_strcasecmp ("https", uri->protocol)) { ne_ssl_set_verify (session, (void *) encompass_ssl_verify, window); - ne_ssl_provide_ccert (session, (void *) encompass_ssl_provide_cert, + ne_ssl_provide_clicert (session, encompass_ssl_provide_cert, window); - ne_ssl_load_default_ca (session); + ne_ssl_trust_default_ca (session); } if (window->prefs->use_proxy) { ne_session_proxy (session, window->prefs->proxy_host, --- encompass-0.5.99.3/src/encompass-ssl.h.orig Wed May 14 01:46:13 2003 +++ encompass-0.5.99.3/src/encompass-ssl.h Fri Jul 4 13:19:57 2003 @@ -8,6 +8,7 @@ const ne_ssl_certificate * cert); void * encompass_ssl_provide_cert (BrowserWindow * window, ne_session * session, - const ne_ssl_dname * dname); + const ne_ssl_dname *const *dnames, + int dncount); #endif