1 /* 2 * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client 3 * Copyright (C) 1999-2012 Colin Leroy <colin@colino.net> 4 * and the Claws Mail team 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 3 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program. If not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #ifndef __SSL_CERTIFICATE_H__ 22 #define __SSL_CERTIFICATE_H__ 23 24 #ifdef HAVE_CONFIG_H 25 #include "claws-features.h" 26 #endif 27 28 #ifdef USE_GNUTLS 29 #include <gnutls/gnutls.h> 30 #include <gnutls/x509.h> 31 32 #include <glib.h> 33 34 #define SSLCERT_ASK_HOOKLIST "sslcert_ask" 35 #define SSLCERT_GET_CLIENT_CERT_HOOKLIST "sslcert_get_client_cert" 36 #define SSL_CERT_GET_PASSWORD "sslcert_get_password" 37 38 typedef struct _SSLCertificate SSLCertificate; 39 40 struct _SSLCertificate 41 { 42 gnutls_x509_crt_t x509_cert; 43 gchar *host; 44 gushort port; 45 gchar *fingerprint; 46 guint status; 47 }; 48 49 typedef struct _SSLCertHookData SSLCertHookData; 50 51 struct _SSLCertHookData 52 { 53 SSLCertificate *cert; 54 SSLCertificate *old_cert; 55 gboolean expired; 56 gboolean accept; 57 }; 58 59 SSLCertificate *ssl_certificate_find (const gchar *host, gushort port, const gchar *fingerprint); 60 gboolean ssl_certificate_check (gnutls_x509_crt_t x509_cert, guint status, const gchar *host, gushort port, gboolean accept_if_valid); 61 gboolean ssl_certificate_check_chain(gnutls_x509_crt_t *certs, gint chain_len, const gchar *host, gushort port, gboolean accept_if_valid); 62 void ssl_certificate_destroy(SSLCertificate *cert); 63 void ssl_certificate_delete_from_disk(SSLCertificate *cert); 64 char * readable_fingerprint(unsigned char *src, int len); 65 char *ssl_certificate_check_signer (SSLCertificate *cert, guint status); 66 67 gnutls_x509_crt_t ssl_certificate_get_x509_from_pem_file(const gchar *file); 68 gnutls_x509_privkey_t ssl_certificate_get_pkey_from_pem_file(const gchar *file); 69 void ssl_certificate_get_x509_and_pkey_from_p12_file(const gchar *file, 70 const gchar *password, gnutls_x509_crt_t *crt, gnutls_x509_privkey_t *key); 71 size_t gnutls_i2d_X509(gnutls_x509_crt_t x509_cert, unsigned char **output); 72 size_t gnutls_i2d_PrivateKey(gnutls_x509_privkey_t pkey, unsigned char **output); 73 gboolean ssl_certificate_check_subject_cn(SSLCertificate *cert); 74 gchar *ssl_certificate_get_subject_cn(SSLCertificate *cert); 75 #endif /* USE_GNUTLS */ 76 #endif /* SSL_CERTIFICATE_H */ 77