aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--ChangeLog.ja6
-rw-r--r--libsylph/ssl.c88
-rw-r--r--libsylph/ssl.h9
-rw-r--r--po/POTFILES.in1
-rw-r--r--po/ja.po113
-rw-r--r--src/Makefile.am1
-rw-r--r--src/main.c4
-rw-r--r--src/sslmanager.c159
-rw-r--r--src/sslmanager.h40
10 files changed, 374 insertions, 53 deletions
diff --git a/ChangeLog b/ChangeLog
index dfaeb552..6a8e9e60 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
2006-12-12
+ * libsylph/ssl.[ch]
+ src/sslmanager.[ch]
+ src/main.c: implemented SSL certificate dialog.
+
+2006-12-12
+
* src/printing.c: draw_page(): fixed crash on the request of a page
which is out of range.
diff --git a/ChangeLog.ja b/ChangeLog.ja
index 77206289..94fd8ed8 100644
--- a/ChangeLog.ja
+++ b/ChangeLog.ja
@@ -1,5 +1,11 @@
2006-12-12
+ * libsylph/ssl.[ch]
+ src/sslmanager.[ch]
+ src/main.c: SSL 証明書ダイアログを実装。
+
+2006-12-12
+
* src/printing.c: draw_page(): 範囲外のページの要求時のクラッシュを
修正。
diff --git a/libsylph/ssl.c b/libsylph/ssl.c
index d2721276..7b3c5c17 100644
--- a/libsylph/ssl.c
+++ b/libsylph/ssl.c
@@ -1,6 +1,6 @@
/*
* LibSylph -- E-Mail client library
- * Copyright (C) 1999-2005 Hiroyuki Yamamoto
+ * Copyright (C) 1999-2006 Hiroyuki Yamamoto
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -31,8 +31,13 @@
#include "utils.h"
#include "ssl.h"
-static SSL_CTX *ssl_ctx_SSLv23;
-static SSL_CTX *ssl_ctx_TLSv1;
+static SSL_CTX *ssl_ctx_SSLv23 = NULL;
+static SSL_CTX *ssl_ctx_TLSv1 = NULL;
+
+static GSList *trust_list = NULL;
+static GSList *reject_list = NULL;
+
+static SSLVerifyFunc verify_ui_func = NULL;
void ssl_init(void)
{
@@ -76,12 +81,25 @@ void ssl_init(void)
void ssl_done(void)
{
+ GSList *cur;
+
+ for (cur = trust_list; cur != NULL; cur = cur->next)
+ X509_free((X509 *)cur->data);
+ g_slist_free(trust_list);
+ trust_list = NULL;
+ for (cur = reject_list; cur != NULL; cur = cur->next)
+ X509_free((X509 *)cur->data);
+ g_slist_free(reject_list);
+ reject_list = NULL;
+
if (ssl_ctx_SSLv23) {
SSL_CTX_free(ssl_ctx_SSLv23);
+ ssl_ctx_SSLv23 = NULL;
}
if (ssl_ctx_TLSv1) {
SSL_CTX_free(ssl_ctx_TLSv1);
+ ssl_ctx_TLSv1 = NULL;
}
}
@@ -90,6 +108,14 @@ gboolean ssl_init_socket(SockInfo *sockinfo)
return ssl_init_socket_with_method(sockinfo, SSL_METHOD_SSLv23);
}
+static gint x509_cmp_func(gconstpointer a, gconstpointer b)
+{
+ const X509 *xa = a;
+ const X509 *xb = b;
+
+ return X509_issuer_and_serial_cmp(xa, xb);
+}
+
gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
{
X509 *server_cert;
@@ -158,14 +184,55 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
}
verify_result = SSL_get_verify_result(sockinfo->ssl);
- if (verify_result == X509_V_OK)
+ if (verify_result == X509_V_OK) {
debug_print("SSL verify OK\n");
- else
- g_warning("%s: SSL certificate verify failed (%ld: %s)\n",
- sockinfo->hostname, verify_result,
- X509_verify_cert_error_string(verify_result));
+ X509_free(server_cert);
+ return TRUE;
+ } else if (g_slist_find_custom(trust_list, server_cert,
+ x509_cmp_func)) {
+ log_message("SSL certificate of %s previously accepted\n", sockinfo->hostname);
+ X509_free(server_cert);
+ return TRUE;
+ } else if (g_slist_find_custom(reject_list, server_cert,
+ x509_cmp_func)) {
+ log_message("SSL certificate of %s previously rejected\n", sockinfo->hostname);
+ X509_free(server_cert);
+ return FALSE;
+ }
+
+ g_warning("%s: SSL certificate verify failed (%ld: %s)\n",
+ sockinfo->hostname, verify_result,
+ X509_verify_cert_error_string(verify_result));
+
+ if (verify_ui_func) {
+ gint res;
+
+ res = verify_ui_func(sockinfo, sockinfo->hostname,
+ server_cert, verify_result);
+ /* 0: accept 1: temporarily accept -1: reject */
+ if (res < 0) {
+ debug_print("SSL certificate of %s rejected\n",
+ sockinfo->hostname);
+ reject_list = g_slist_prepend
+ (reject_list, X509_dup(server_cert));
+ X509_free(server_cert);
+ return FALSE;
+ } else if (res > 0) {
+ debug_print("Temporarily accept SSL certificate of %s\n", sockinfo->hostname);
+ trust_list = g_slist_prepend
+ (trust_list, X509_dup(server_cert));
+ } else {
+ debug_print("Permanently accept SSL certificate of %s\n", sockinfo->hostname);
+ trust_list = g_slist_prepend
+ (trust_list, X509_dup(server_cert));
+ }
+ }
X509_free(server_cert);
+ } else {
+ g_warning("%s: couldn't get SSL certificate\n",
+ sockinfo->hostname);
+ return FALSE;
}
return TRUE;
@@ -178,4 +245,9 @@ void ssl_done_socket(SockInfo *sockinfo)
}
}
+void ssl_set_verify_func(SSLVerifyFunc func)
+{
+ verify_ui_func = func;
+}
+
#endif /* USE_SSL */
diff --git a/libsylph/ssl.h b/libsylph/ssl.h
index 5427f9b8..a9f690de 100644
--- a/libsylph/ssl.h
+++ b/libsylph/ssl.h
@@ -1,6 +1,6 @@
/*
* LibSylph -- E-Mail client library
- * Copyright (C) 1999-2005 Hiroyuki Yamamoto
+ * Copyright (C) 1999-2006 Hiroyuki Yamamoto
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -46,6 +46,11 @@ typedef enum {
SSL_STARTTLS
} SSLType;
+typedef gint (*SSLVerifyFunc) (SockInfo *sockinfo,
+ const gchar *hostname,
+ X509 *server_cert,
+ glong verify_result);
+
void ssl_init (void);
void ssl_done (void);
gboolean ssl_init_socket (SockInfo *sockinfo);
@@ -53,6 +58,8 @@ gboolean ssl_init_socket_with_method (SockInfo *sockinfo,
SSLMethod method);
void ssl_done_socket (SockInfo *sockinfo);
+void ssl_set_verify_func (SSLVerifyFunc func);
+
#endif /* USE_SSL */
#endif /* __SSL_H__ */
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 7045d752..bb7f790f 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -87,6 +87,7 @@ src/send_message.c
src/setup.c
src/sigstatus.c
src/sourcewindow.c
+src/sslmanager.c
src/statusbar.c
src/subscribedialog.c
src/summaryview.c
diff --git a/po/ja.po b/po/ja.po
index f70a5f2e..d4cb4404 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sylpheed\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-12-11 13:45+0900\n"
+"POT-Creation-Date: 2006-12-12 18:52+0900\n"
"PO-Revision-Date: 1999-10-12\n"
"Last-Translator: Hiroyuki Yamamoto <hiro-y@kcn.ne.jp>\n"
"Language-Team: Japanese <ja@li.org>\n"
@@ -310,7 +310,7 @@ msgstr "腱糸腱糸筝с\n"
msgid "Copying message %s%c%d to %s ...\n"
msgstr "<祉若 %s%c%d %s 潟若障...\n"
-#: libsylph/mh.c:965 libsylph/mh.c:978 src/main.c:148
+#: libsylph/mh.c:965 libsylph/mh.c:978 src/main.c:149
#, c-format
msgid ""
"File `%s' already exists.\n"
@@ -546,50 +546,50 @@ msgstr "筝罩c SMTP 綽膈с\n"
msgid "error occurred on SMTP session\n"
msgstr "SMTP 祉激с割賢若榊障\n"
-#: libsylph/ssl.c:54
+#: libsylph/ssl.c:59
msgid "SSLv23 not available\n"
msgstr "SSLv23 с障\n"
-#: libsylph/ssl.c:56
+#: libsylph/ssl.c:61
msgid "SSLv23 available\n"
msgstr "SSLv23 純с\n"
-#: libsylph/ssl.c:65
+#: libsylph/ssl.c:70
msgid "TLSv1 not available\n"
msgstr "TLSv1 с障\n"
-#: libsylph/ssl.c:67
+#: libsylph/ssl.c:72
msgid "TLSv1 available\n"
msgstr "TLSv1 純с\n"
-#: libsylph/ssl.c:101 libsylph/ssl.c:108
+#: libsylph/ssl.c:127 libsylph/ssl.c:134
msgid "SSL method not available\n"
msgstr "SSL <純с障\n"
-#: libsylph/ssl.c:114
+#: libsylph/ssl.c:140
msgid "Unknown SSL method *PROGRAM BUG*\n"
msgstr "ャ SSL <純 *PROGRAM BUG*\n"
-#: libsylph/ssl.c:120
+#: libsylph/ssl.c:146
msgid "Error creating ssl context\n"
msgstr "ssl 潟潟鴻筝主榊\n"
#. Get the cipher
-#: libsylph/ssl.c:139
+#: libsylph/ssl.c:165
#, c-format
msgid "SSL connection using %s\n"
msgstr "%s SSL ・膓\n"
-#: libsylph/ssl.c:148
+#: libsylph/ssl.c:174
msgid "Server certificate:\n"
msgstr "泣若荐惹:\n"
-#: libsylph/ssl.c:151
+#: libsylph/ssl.c:177
#, c-format
msgid " Subject: %s\n"
-msgstr " Subject: %s\n"
+msgstr " : %s\n"
-#: libsylph/ssl.c:156
+#: libsylph/ssl.c:182
#, c-format
msgid " Issuer: %s\n"
msgstr " 肴: %s\n"
@@ -1177,11 +1177,11 @@ msgstr "掩≪"
msgid "Personal address"
msgstr "篋榊≪"
-#: src/alertpanel.c:142 src/compose.c:5644 src/main.c:634
+#: src/alertpanel.c:142 src/compose.c:5644 src/main.c:638
msgid "Notice"
msgstr "羈"
-#: src/alertpanel.c:155 src/main.c:747
+#: src/alertpanel.c:155 src/main.c:751
msgid "Warning"
msgstr "茘"
@@ -2819,20 +2819,20 @@ msgstr "鴻若ュ"
msgid "Protocol log"
msgstr "潟"
-#: src/main.c:196
+#: src/main.c:197
msgid "g_thread is not supported by glib.\n"
msgstr "g_thread glib c泣若障\n"
-#: src/main.c:415
+#: src/main.c:419
#, c-format
msgid "Usage: %s [OPTION]...\n"
msgstr "篏睡羈: %s [激с]...\n"
-#: src/main.c:418
+#: src/main.c:422
msgid " --compose [address] open composition window"
msgstr " --compose [address] <祉若娯c潟"
-#: src/main.c:419
+#: src/main.c:423
msgid ""
" --attach file1 [file2]...\n"
" open composition window with specified files\n"
@@ -2842,23 +2842,23 @@ msgstr ""
" 絎<ゃ羞私<祉若娯\n"
" c潟"
-#: src/main.c:422
+#: src/main.c:426
msgid " --receive receive new messages"
msgstr " --receive 亥<祉若吾篆<"
-#: src/main.c:423
+#: src/main.c:427
msgid " --receive-all receive new messages of all accounts"
msgstr " --receive-all ≪潟亥<祉若吾篆<"
-#: src/main.c:424
+#: src/main.c:428
msgid " --send send all queued messages"
msgstr " --send 篆≦罘筝<祉若吾鴻篆<"
-#: src/main.c:425
+#: src/main.c:429
msgid " --status [folder]... show the total number of messages"
msgstr " --status [folder]... <祉若吾膩違茵腓冴"
-#: src/main.c:426
+#: src/main.c:430
msgid ""
" --status-full [folder]...\n"
" show the status of each folder"
@@ -2866,36 +2866,36 @@ msgstr ""
" --status-full [folder]...\n"
" 倶茵腓冴"
-#: src/main.c:428
+#: src/main.c:432
msgid ""
" --configdir dirname specify directory which stores configuration files"
msgstr " --configdir dirname 荐絎<ゃ主c絎"
-#: src/main.c:429
+#: src/main.c:433
msgid " --exit exit Sylpheed"
msgstr " --exit Sylpheed 腟篋"
-#: src/main.c:430
+#: src/main.c:434
msgid " --debug debug mode"
msgstr " --debug 違≪若"
-#: src/main.c:431
+#: src/main.c:435
msgid " --help display this help and exit"
msgstr " --help 茵腓冴腟篋"
-#: src/main.c:432
+#: src/main.c:436
msgid " --version output version information and exit"
msgstr " --version 若吾с恰宴阪腟篋"
-#: src/main.c:436
+#: src/main.c:440
msgid "Press any key..."
msgstr "篏若若..."
-#: src/main.c:578
+#: src/main.c:582
msgid "Filename encoding"
msgstr "<ゃ潟潟若c潟"
-#: src/main.c:579
+#: src/main.c:583
msgid ""
"The locale encoding is not UTF-8, but the environmental variable "
"G_FILENAME_ENCODING is not set.\n"
@@ -2918,19 +2918,19 @@ msgstr ""
"\n"
"膓茵障?"
-#: src/main.c:635
+#: src/main.c:639
msgid "Composing message exists. Really quit?"
msgstr "篏筝<祉若吾絖障綵腟篋障?"
-#: src/main.c:646
+#: src/main.c:650
msgid "Queued messages"
msgstr "篆≦罘筝<祉若"
-#: src/main.c:647
+#: src/main.c:651
msgid "Some unsent messages are queued. Exit now?"
msgstr "篆≦罘筝篆<<祉若吾障腟篋障?"
-#: src/main.c:748
+#: src/main.c:752
msgid ""
"GnuPG is not installed properly, or its version is too old.\n"
"OpenPGP support disabled."
@@ -2939,15 +2939,15 @@ msgstr ""
"OpenPGP 泣若≦鴻с"
#. remote command mode
-#: src/main.c:911
+#: src/main.c:915
msgid "another Sylpheed is already running.\n"
msgstr "ャ Sylpheed с莎桁障\n"
-#: src/main.c:1155
+#: src/main.c:1159
msgid "Migration of configuration"
msgstr "荐絎腱肢"
-#: src/main.c:1156
+#: src/main.c:1160
msgid ""
"The previous version of configuration found.\n"
"Do you want to migrate it?"
@@ -5885,19 +5885,19 @@ msgstr "潟若"
msgid "Do you really want to delete this template?"
msgstr "綵潟若ゃс?"
-#: src/printing.c:450
+#: src/printing.c:494
msgid "The message will be printed with the following command:"
msgstr "<祉若吾篁ヤ潟潟у医激障:"
-#: src/printing.c:451
+#: src/printing.c:495
msgid "(Default print command)"
msgstr "(√医激潟潟)"
-#: src/printing.c:453
+#: src/printing.c:497
msgid "Print"
msgstr "医"
-#: src/printing.c:461
+#: src/printing.c:505
#, c-format
msgid ""
"Print command line is invalid:\n"
@@ -6207,6 +6207,31 @@ msgstr "%s 純若鴻茵腓冴障...\n"
msgid "%s - Source"
msgstr "%s - 純若"
+#: src/sslmanager.c:58
+msgid "SSL certificate verify failed"
+msgstr "SSL 荐惹吾罎荐若с障"
+
+#: src/sslmanager.c:64
+#, c-format
+msgid ""
+"The SSL certificate of %s cannot be verified by the following reason:\n"
+" %s\n"
+"\n"
+"Server certificate:\n"
+" Subject: %s\n"
+" Issuer: %s\n"
+"\n"
+"Do you accept this certificate?"
+msgstr ""
+"%s SSL 荐惹吾篁ヤ宴ф荐若с障:\n"
+" %s\n"
+"\n"
+"泣若荐惹:\n"
+" : %s\n"
+" 肴: %s\n"
+"\n"
+"荐惹吾ャ障?"
+
#: src/subscribedialog.c:203
msgid "Subscribe to newsgroup"
msgstr "ャ若鴻違若莖取"
diff --git a/src/Makefile.am b/src/Makefile.am
index 5c9f4222..df0c26e9 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -83,6 +83,7 @@ sylpheed_SOURCES = \
eggtrayicon.c eggtrayicon.h \
trayicon.c trayicon.h \
printing.c printing.h \
+ sslmanager.c sslmanager.h \
quote_fmt_lex.l quote_fmt_lex.h \
quote_fmt_parse.y quote_fmt.h \
sylpheed-marshal.c sylpheed-marshal.h
diff --git a/src/main.c b/src/main.c
index b6c54ec8..54f2c318 100644
--- a/src/main.c
+++ b/src/main.c
@@ -86,6 +86,7 @@
#endif
#if USE_SSL
# include "ssl.h"
+# include "sslmanager.h"
#endif
#ifdef G_OS_WIN32
@@ -208,6 +209,9 @@ int main(int argc, char *argv[])
set_ui_update_func(gtkut_events_flush);
set_progress_func(main_window_progress_show);
set_input_query_password_func(input_dialog_query_password);
+#if USE_SSL
+ ssl_set_verify_func(ssl_manager_verify_cert);
+#endif
CHDIR_EXIT_IF_FAIL(get_home_dir(), 1);
diff --git a/src/sslmanager.c b/src/sslmanager.c
new file mode 100644
index 00000000..5e01bbb9
--- /dev/null
+++ b/src/sslmanager.c
@@ -0,0 +1,159 @@
+/*
+ * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
+ * Copyright (C) 1999-2006 Hiroyuki Yamamoto
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#if USE_SSL
+
+#include "defs.h"
+
+#include <glib.h>
+#include <glib/gi18n.h>
+#include <gtk/gtkdialog.h>
+#include <gtk/gtkhbox.h>
+#include <gtk/gtkvbox.h>
+#include <gtk/gtkstock.h>
+#include <gtk/gtkimage.h>
+#include <gtk/gtklabel.h>
+
+#include "ssl.h"
+#include "sslmanager.h"
+#include "manage_window.h"
+
+gint ssl_manager_verify_cert(SockInfo *sockinfo, const gchar *hostname,
+ X509 *server_cert, glong verify_result)
+{
+ static PangoFontDescription *font_desc;
+ GtkWidget *dialog;
+ GtkWidget *hbox;
+ GtkWidget *image;
+ GtkWidget *vbox;
+ GtkWidget *label;
+ const gchar *title;
+ gchar *message;
+ gchar *subject, *issuer;
+ gint result;
+
+ if (verify_result == X509_V_OK)
+ return 0;
+
+ title = _("SSL certificate verify failed");
+
+ subject = X509_NAME_oneline(X509_get_subject_name(server_cert),
+ NULL, 0);
+ issuer = X509_NAME_oneline(X509_get_issuer_name(server_cert), NULL, 0);
+ message = g_strdup_printf
+ (_("The SSL certificate of %s cannot be verified by the following reason:\n"
+ " %s\n\n"
+ "Server certificate:\n"
+ " Subject: %s\n"
+ " Issuer: %s\n\n"
+ "Do you accept this certificate?"),
+ hostname, X509_verify_cert_error_string(verify_result),
+ subject ? subject : "(unknown)",
+ issuer ? issuer : "(unknown)");
+ g_free(issuer);
+ g_free(subject);
+
+ dialog = gtk_dialog_new();
+ gtk_window_set_title(GTK_WINDOW(dialog), title);
+ gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, FALSE);
+ gtk_window_set_position(GTK_WINDOW(dialog),
+ GTK_WIN_POS_CENTER_ON_PARENT);
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ manage_window_set_transient(GTK_WINDOW(dialog));
+ gtk_dialog_set_has_separator(GTK_DIALOG(dialog), FALSE);
+ gtk_widget_realize(dialog);
+
+ hbox = gtk_hbox_new(FALSE, 12);
+ gtk_container_set_border_width(GTK_CONTAINER(hbox), 12);
+ gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox),
+ hbox, FALSE, FALSE, 0);
+
+ image = gtk_image_new_from_stock
+ (GTK_STOCK_DIALOG_WARNING, GTK_ICON_SIZE_DIALOG);
+
+ gtk_misc_set_alignment(GTK_MISC(image), 0.5, 0.0);
+ gtk_box_pack_start(GTK_BOX(hbox), image, FALSE, FALSE, 0);
+
+ vbox = gtk_vbox_new(FALSE, 12);
+ gtk_box_pack_start(GTK_BOX(hbox), vbox, TRUE, TRUE, 0);
+
+ label = gtk_label_new(title);
+ gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
+ gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0);
+ gtk_label_set_line_wrap(GTK_LABEL(label), TRUE);
+
+ if (!font_desc) {
+ gint size;
+
+ size = pango_font_description_get_size
+ (label->style->font_desc);
+ font_desc = pango_font_description_new();
+ pango_font_description_set_weight
+ (font_desc, PANGO_WEIGHT_BOLD);
+ pango_font_description_set_size
+ (font_desc, size * PANGO_SCALE_LARGE);
+ }
+ if (font_desc)
+ gtk_widget_modify_font(label, font_desc);
+
+ label = gtk_label_new(message);
+ g_free(message);
+ gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
+ gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0);
+ gtk_label_set_line_wrap(GTK_LABEL(label), TRUE);
+ gtk_label_set_selectable(GTK_LABEL(label), TRUE);
+ GTK_WIDGET_UNSET_FLAGS(label, GTK_CAN_FOCUS);
+#ifdef G_OS_WIN32
+ {
+ GtkStyle *style;
+ style = gtk_widget_get_style(dialog);
+ gtk_widget_modify_base(label, GTK_STATE_ACTIVE,
+ &style->base[GTK_STATE_SELECTED]);
+ gtk_widget_modify_text(label, GTK_STATE_ACTIVE,
+ &style->text[GTK_STATE_SELECTED]);
+ }
+#endif
+
+ gtk_dialog_add_buttons(GTK_DIALOG(dialog),
+ GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL,
+ GTK_STOCK_OK, GTK_RESPONSE_OK,
+ NULL);
+ gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+
+ gtk_widget_show_all(dialog);
+
+ result = gtk_dialog_run(GTK_DIALOG(dialog));
+ gtk_widget_destroy(dialog);
+
+ switch (result) {
+ case GTK_RESPONSE_OK:
+ return 1;
+ case GTK_RESPONSE_CANCEL:
+ default:
+ break;
+ }
+
+ return -1;
+}
+
+#endif /* USE_SSL */
diff --git a/src/sslmanager.h b/src/sslmanager.h
new file mode 100644
index 00000000..92b9b0da
--- /dev/null
+++ b/src/sslmanager.h
@@ -0,0 +1,40 @@
+/*
+ * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
+ * Copyright (C) 1999-2006 Hiroyuki Yamamoto
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifndef __SSLMANAGER_H__
+#define __SSLMANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#if USE_SSL
+
+#include <glib.h>
+
+#include "ssl.h"
+
+gint ssl_manager_verify_cert (SockInfo *sockinfo,
+ const gchar *hostname,
+ X509 *server_cert,
+ glong verify_result);
+
+#endif /* USE_SSL */
+
+#endif /* __MAIN_H__ */