diff options
author | hiro <hiro@ee746299-78ed-0310-b773-934348b2243d> | 2009-11-19 08:42:35 +0000 |
---|---|---|
committer | hiro <hiro@ee746299-78ed-0310-b773-934348b2243d> | 2009-11-19 08:42:35 +0000 |
commit | 86051e4d314d3aa4689feefd8314ced7aeea6444 (patch) | |
tree | 23b3f6c7146b143da874980a302be9721c4c1d42 /src/sslmanager.c | |
parent | d216d4d51ce9e34129d4c6fbf5c9ff91ea6cf75e (diff) |
calculate and display SHA1/MD5 fingerprint if verification of SSL certificate failed.
git-svn-id: svn://sylpheed.sraoss.jp/sylpheed/trunk@2350 ee746299-78ed-0310-b773-934348b2243d
Diffstat (limited to 'src/sslmanager.c')
-rw-r--r-- | src/sslmanager.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/src/sslmanager.c b/src/sslmanager.c index eaed7786..8459cdf3 100644 --- a/src/sslmanager.c +++ b/src/sslmanager.c @@ -51,6 +51,11 @@ gint ssl_manager_verify_cert(SockInfo *sockinfo, const gchar *hostname, const gchar *title; gchar *message; gchar *subject, *issuer; + guchar keyid[EVP_MAX_MD_SIZE]; + gchar sha1_keyidstr[EVP_MAX_MD_SIZE * 3 + 1] = ""; + gchar md5_keyidstr[EVP_MAX_MD_SIZE * 3 + 1] = ""; + guint keyidlen = 0; + gint i; gint result; if (verify_result == X509_V_OK) @@ -61,16 +66,35 @@ gint ssl_manager_verify_cert(SockInfo *sockinfo, const gchar *hostname, subject = X509_NAME_oneline(X509_get_subject_name(server_cert), NULL, 0); issuer = X509_NAME_oneline(X509_get_issuer_name(server_cert), NULL, 0); + if (X509_digest(server_cert, EVP_sha1(), keyid, &keyidlen)) { + for (i = 0; i < keyidlen; i++) + g_snprintf(sha1_keyidstr + i * 3, 4, "%02x:", keyid[i]); + sha1_keyidstr[keyidlen * 3 - 1] = '\0'; + } else { + g_snprintf(sha1_keyidstr, sizeof(sha1_keyidstr), + "(cannot calculate digest)"); + } + if (X509_digest(server_cert, EVP_md5(), keyid, &keyidlen)) { + for (i = 0; i < keyidlen; i++) + g_snprintf(md5_keyidstr + i * 3, 4, "%02x:", keyid[i]); + md5_keyidstr[keyidlen * 3 - 1] = '\0'; + } else { + g_snprintf(md5_keyidstr, sizeof(md5_keyidstr), + "(cannot calculate digest)"); + } message = g_strdup_printf (_("The SSL certificate of %s cannot be verified by the following reason:\n" " %s\n\n" "Server certificate:\n" " Subject: %s\n" " Issuer: %s\n\n" + " SHA1 fingerprint: %s\n" + " MD5 fingerprint: %s\n\n" "Do you accept this certificate?"), hostname, X509_verify_cert_error_string(verify_result), subject ? subject : "(unknown)", - issuer ? issuer : "(unknown)"); + issuer ? issuer : "(unknown)", + sha1_keyidstr, md5_keyidstr); if (issuer) OPENSSL_free(issuer); if (subject) |