[Pkg-wmaker-commits] [wmbiff] 84/84: 0.4.10, -skip-certificate-check option
Doug Torrance
dtorrance-guest at moszumanska.debian.org
Thu Aug 20 03:02:07 UTC 2015
This is an automated email from the git hooks/post-receive script.
dtorrance-guest pushed a commit to tag wmbiff_0_4_10
in repository wmbiff.
commit f6c3e72ef0daedbb6235ae4876dc4cbd7f0ff1cc
Author: bluehal <bluehal>
Date: Fri Dec 13 05:38:39 2002 +0000
0.4.10, -skip-certificate-check option
---
NEWS | 9 ++++++---
configure.ac | 4 ++--
wmbiff/tlsComm.c | 37 ++++++++++++++++++++++---------------
wmbiff/wmbiff.1 | 12 +++++++++++-
wmbiff/wmbiff.c | 16 +++++++++++++++-
5 files changed, 56 insertions(+), 22 deletions(-)
diff --git a/NEWS b/NEWS
index 44b8978..10ba541 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,11 @@
Release Notes
~~~~~~~~~~~~~
-Release 0.4.10 -
+Release 0.4.10 - Dec 12, 2002
* Peter McAlpine's globalnotify feature - elect to play a
- sound on new mail in any mailbox.
+ sound on new mail in *any* mailbox without a chorus of
+ sounds from every mailbox.
+ * -skip-certificate-check option for when your imaps server
+ is misconfigured and you can't do anything about it.
Release 0.4.9 - Dec 1, 2002
* GNUTLS v0.5.9 or higher required
@@ -374,4 +377,4 @@ Release 0.1 - Wed, 17 Nov 1999 00:00:00 +0000
* Initial release by Gennady Belyakov <gb at ccat.elect.ru>.
-$Id: NEWS,v 1.32 2002/12/09 21:47:36 bluehal Exp $
+$Id: NEWS,v 1.33 2002/12/13 05:38:39 bluehal Exp $
diff --git a/configure.ac b/configure.ac
index 1bd6376..66abdb0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7,9 +7,9 @@ dnl and configure:
dnl installation prefix
dnl version
-AC_INIT(wmbiff, 0.4.9, wmbiff-devel at lists.sourceforge.net)
+AC_INIT(wmbiff, 0.4.10, wmbiff-devel at lists.sourceforge.net)
AC_CONFIG_AUX_DIR(autoconf)
-AM_INIT_AUTOMAKE(wmbiff, 0.4.9)
+AM_INIT_AUTOMAKE(wmbiff, 0.4.10)
AM_CONFIG_HEADER(config.h)
dnl make sure autoheader finds version, implicitly defined above.
AH_TEMPLATE([VERSION], [wmbiff's release version])
diff --git a/wmbiff/tlsComm.c b/wmbiff/tlsComm.c
index dfdc97e..db1c7ac 100644
--- a/wmbiff/tlsComm.c
+++ b/wmbiff/tlsComm.c
@@ -33,6 +33,9 @@
/* if non-null, set to a file for certificate verification */
extern const char *certificate_filename;
+/* if set, don't fail when dealing with a bad certificate.
+ (continue to whine, though, as bad certs should be fixed) */
+extern int SkipCertificateCheck;
/* WARNING: implcitly uses scs to gain access to the mailbox
that holds the per-mailbox debug flag. */
@@ -267,6 +270,17 @@ void tlscomm_printf(struct connection_state *scs, const char *format, ...)
#ifdef USE_GNUTLS
#include "gnutls-common.h"
+static int
+bad_certificate(const struct connection_state *scs, const char *msg)
+{
+ TDM(DEBUG_ERROR, "%s", msg);
+ if (!SkipCertificateCheck) {
+ TDM(DEBUG_ERROR, "to ignore this error, run wmbiff "
+ "with the -skip-certificate-check option");
+ exit(1);
+ }
+}
+
/* a start of a hack at verifying certificates. does not
provide any security at all. I'm waiting for either
gnutls to make this as easy as it should be, or someone
@@ -280,23 +294,17 @@ int tls_check_certificate(struct connection_state *scs,
int cert_list_size = 0;
if (gnutls_auth_get_type(scs->state) != GNUTLS_CRD_CERTIFICATE) {
- TDM(DEBUG_ERROR, "Unable to get certificate from peer.\n");
- exit(1);
+ bad_certificate(scs, "Unable to get certificate from peer.\n");
}
certstat = gnutls_certificate_verify_peers(scs->state);
if (certstat ==
(GNUTLS_CertificateStatus) GNUTLS_E_NO_CERTIFICATE_FOUND) {
- TDM(DEBUG_ERROR, "server has no certificate.\n");
- exit(1);
} else if (certstat & GNUTLS_CERT_CORRUPTED) {
- TDM(DEBUG_ERROR, "server's certificate is corrupt.\n");
- exit(1);
+ bad_certificate(scs, "server's certificate is corrupt.\n");
} else if (certstat & GNUTLS_CERT_REVOKED) {
- TDM(DEBUG_ERROR, "server's certificate has been revoked.\n");
- exit(1);
+ bad_certificate(scs, "server's certificate has been revoked.\n");
} else if (certstat & GNUTLS_CERT_INVALID) {
- TDM(DEBUG_ERROR, "server's certificate is invalid.\n");
- exit(1);
+ bad_certificate(scs, "server's certificate is invalid.\n");
} else if (certstat & GNUTLS_CERT_NOT_TRUSTED) {
TDM(DEBUG_INFO, "server's certificate is not trusted.\n");
TDM(DEBUG_INFO,
@@ -309,13 +317,11 @@ int tls_check_certificate(struct connection_state *scs,
if (gnutls_x509_extract_certificate_expiration_time(&cert_list[0]) <
time(NULL)) {
- TDM(DEBUG_ERROR, "server's certificate has expired.\n");
- exit(1);
+ bad_certificate(scs, "server's certificate has expired.\n");
} else
if (gnutls_x509_extract_certificate_activation_time(&cert_list[0])
> time(NULL)) {
- TDM(DEBUG_ERROR, "server's certificate is not yet valid.\n");
- exit(1);
+ bad_certificate(scs, "server's certificate is not yet valid.\n");
} else {
TDM(DEBUG_INFO, "certificate passed time check.\n");
}
@@ -327,7 +333,8 @@ int tls_check_certificate(struct connection_state *scs,
TDM(DEBUG_ERROR,
"server's certificate (%s) does not match its hostname (%s).\n",
dn.common_name, remote_hostname);
- exit(1);
+ bad_certificate(scs,
+ "server's certificate does not match its hostname.\n");
} else {
if ((scs->pc)->debug >= DEBUG_INFO) {
gnutls_DN dn;
diff --git a/wmbiff/wmbiff.1 b/wmbiff/wmbiff.1
index acbf3c7..ca8b7a8 100644
--- a/wmbiff/wmbiff.1
+++ b/wmbiff/wmbiff.1
@@ -1,5 +1,5 @@
.\" Hey, Emacs! This is an -*- nroff -*- source file.
-.\" $Id: wmbiff.1,v 1.11 2002/11/13 06:44:08 bluehal Exp $
+.\" $Id: wmbiff.1,v 1.12 2002/12/13 05:38:39 bluehal Exp $
.\"
.\" wmbiff.1 and wmbiffrc.5 are copyright 1999-2001 by
.\" Jordi Mallach <jordi at debian.org>
@@ -71,6 +71,16 @@ time default.
Use specified X11 color for new mail counters. Implies -font
default, unless overridden.
.TP
+.B \-skip-certificate-check
+When using TLS (IMAPS), keep going, even if the server's
+certificate is invalid. Invalid certificates have expired,
+have a different hostname than you connected to, are
+corrupt, or have been revoked. Do not use this option
+unless wmbiff fails and suggests it to you, and even then,
+be careful and consider alerting your mail system
+administrator first. The need to use this option is a sign
+of server misconfiguration.
+.TP
.B \+w
Do not use the "withdrawn" state: the wmbiff window will not
be captured as an icon and placed in the dock, but will
diff --git a/wmbiff/wmbiff.c b/wmbiff/wmbiff.c
index 40c451c..8842162 100644
--- a/wmbiff/wmbiff.c
+++ b/wmbiff/wmbiff.c
@@ -1,4 +1,4 @@
-/* $Id: wmbiff.c,v 1.36 2002/12/09 21:45:29 bluehal Exp $ */
+/* $Id: wmbiff.c,v 1.37 2002/12/13 05:38:39 bluehal Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@@ -90,6 +90,7 @@ int debug_default = DEBUG_ERROR;
/* color from wmbiff's xpm, down to 24 bits. */
const char *foreground = "#21B3AF";
const char *highlight = "yellow";
+int SkipCertificateCheck = 0;
int notWithdrawn = 0;
int num_mailboxes = 1;
@@ -1043,6 +1044,15 @@ void parse_cmd(int argc, char **argv, /*@out@ */ char *config_file)
printversion();
exit(EXIT_SUCCESS);
break;
+ case 's':
+ if (strcmp(arg + 1, "skip-certificate-check") == 0) {
+ SkipCertificateCheck = 1;
+ } else {
+ usage();
+ exit(EXIT_SUCCESS);
+ }
+
+ break;
case 'c':
if (argc > (i + 1)) {
strncpy(config_file, argv[i + 1], 255);
@@ -1089,6 +1099,10 @@ void usage(void)
" -geometry +XPOS+YPOS initial window position\n"
" -h this help screen\n"
" -hi <color> highlight color for new mail\n"
+#ifdef USE_GNUTLS
+ " -skip-certificate-check using TLS, don't validate the\n"
+ " server's certificate\n"
+#endif
" -v print the version number\n"
" +w not withdrawn: run as a window\n"
"\n");
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-wmaker/wmbiff.git
More information about the Pkg-wmaker-commits
mailing list