[w3m-dev 02829]

From: Fumitoshi UKAI <ukai@debian.or.jp>
author: Fumitoshi UKAI <ukai@debian.or.jp> 2002-01-12 13:33:47 +0000
committer: Fumitoshi UKAI <ukai@debian.or.jp> 2002-01-12 13:33:47 +0000
commit: 9de0a515bc84b9e8ded317ae0d7dab0313ba633e (patch)
tree: 4e86dab1f39d8ae73bd3d1593d7c6a33649fd2fb /url.c
parent: [w3m-dev 02827] (diff)
download: w3m-9de0a515bc84b9e8ded317ae0d7dab0313ba633e.tar.gz
w3m-9de0a515bc84b9e8ded317ae0d7dab0313ba633e.zip
1 files changed, 7 insertions, 101 deletions
diff --git a/url.c b/url.c
index 446cf44..9c122a1 100644
--- a/url.c
+++ b/url.c
@@ -1,4 +1,4 @@
-/* $Id: url.c,v 1.30 2002/01/10 15:39:21 ukai Exp $ */
+/* $Id: url.c,v 1.31 2002/01/12 13:33:47 ukai Exp $ */
 #include "fm.h"
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -240,6 +240,7 @@ free_ssl_ctx()
     if (ssl_ctx != NULL)
 	SSL_CTX_free(ssl_ctx);
     ssl_ctx = NULL;
+    ssl_accept_this_site(NULL);
 }
 
 #if SSLEAY_VERSION_NUMBER >= 0x00905100
@@ -276,11 +277,7 @@ static SSL *
 openSSLHandle(int sock, char *hostname)
 {
     SSL *handle = NULL;
-    Str emsg;
-    Str amsg = NULL;
-    char *ans;
     static char *old_ssl_forbid_method = NULL;
-    static Str accept_this_site = NULL;
 #ifdef USE_SSL_VERIFY
     static int old_ssl_verify_server = -1;
 #endif
@@ -301,7 +298,6 @@ openSSLHandle(int sock, char *hostname)
     }
     if (ssl_path_modified) {
 	free_ssl_ctx();
-	accept_this_site = NULL;
 	ssl_path_modified = 0;
     }
 #endif				/* defined(USE_SSL_VERIFY) */
@@ -363,105 +359,15 @@ openSSLHandle(int sock, char *hostname)
 #if SSLEAY_VERSION_NUMBER >= 0x00905100
     init_PRNG();
 #endif				/* SSLEAY_VERSION_NUMBER >= 0x00905100 */
-    if (SSL_connect(handle) <= 0)
-	goto eend;
-#ifdef USE_SSL_VERIFY
-    /* check the cert chain.
-     * The chain length is automatically checked by OpenSSL when we
-     * set the verify depth in the ctx.
-     */
-    if (ssl_verify_server) {
-	X509 *x;
-	x = SSL_get_peer_certificate(handle);
-	if (x == NULL) {
-	    if (accept_this_site
-		&& strcasecmp(accept_this_site->ptr, hostname) == 0)
-		ans = "y";
-	    else {
-		emsg = Strnew_charp("No SSL peer certificate: accept (y/n)?");
-		term_raw();
-		ans = inputChar(emsg->ptr);
-	    }
-	    if (tolower(*ans) == 'y')
-		amsg =
-		    Strnew_charp
-		    ("Accept SSL session without any peer certificate");
-	    else {
-		char *e = "This SSL session was rejected "
-		    "to prevent security violation: no peer certificate";
-		disp_err_message(e, FALSE);
-		free_ssl_ctx();
-		return NULL;
-	    }
-	}
-	else {
-	    long verr;
-	    X509_free(x);
-	    if ((verr = SSL_get_verify_result(handle)) != X509_V_OK) {
-		const char *em = X509_verify_cert_error_string(verr);
-		if (accept_this_site
-		    && strcasecmp(accept_this_site->ptr, hostname) == 0)
-		    ans = "y";
-		else {
-		    emsg = Sprintf("%s: accept (y/n)?", em);
-		    term_raw();
-		    ans = inputChar(emsg->ptr);
-		}
-		if (tolower(*ans) == 'y') {
-		    amsg = Sprintf("Accept unsecure SSL session: "
-				   "unverified: %s", em);
-		}
-		else {
-		    char *e =
-			Sprintf("This SSL session was rejected: %s", em)->ptr;
-		    disp_err_message(e, FALSE);
-		    free_ssl_ctx();
-		    return NULL;
-		}
-	    }
-	}
-    }
-    else
-#endif
-	amsg = Strnew_charp("Certificate is not verified");
-
-    emsg = ssl_check_cert_ident(handle, hostname);
-    if (emsg != NULL) {
-	if (accept_this_site
-	    && strcasecmp(accept_this_site->ptr, hostname) == 0)
-	    ans = "y";
-	else {
-	    Str ep = Strdup(emsg);
-	    if (ep->length > COLS - 16)
-		Strshrink(ep, ep->length - (COLS - 16));
-	    term_raw();
-	    Strcat_charp(ep, ": accept(y/n)?");
-	    ans = inputChar(ep->ptr);
-	}
-	if (tolower(*ans) == 'y') {
-	    amsg = Strnew_charp("Accept unsecure SSL session:");
-	    Strcat(amsg, emsg);
-	}
-	else {
-	    char *e = "This SSL session was rejected "
-		"to prevent security violation";
-	    disp_err_message(e, FALSE);
-	    free_ssl_ctx();
-	    return NULL;
-	}
-    }
-    ssl_set_certificate_validity(amsg);
-    if (amsg)
-	disp_err_message(amsg->ptr, FALSE);
-    accept_this_site = Strnew_charp(hostname);
-    return handle;
+    if (SSL_connect(handle) > 0)
+	return handle;
   eend:
     close(sock);
     if (handle)
 	SSL_free(handle);
-    accept_this_site = NULL;
-    emsg = Sprintf("SSL error: %s", ERR_error_string(ERR_get_error(), NULL));
-    disp_err_message(emsg->ptr, FALSE);
+    disp_err_message(Sprintf
+		     ("SSL error: %s",
+		      ERR_error_string(ERR_get_error(), NULL))->ptr, FALSE);
     return NULL;
 }
author	Fumitoshi UKAI <ukai@debian.or.jp>	2002-01-12 13:33:47 +0000
committer	Fumitoshi UKAI <ukai@debian.or.jp>	2002-01-12 13:33:47 +0000
commit	9de0a515bc84b9e8ded317ae0d7dab0313ba633e (patch)
tree	4e86dab1f39d8ae73bd3d1593d7c6a33649fd2fb /url.c
parent	[w3m-dev 02827] (diff)
download	w3m-9de0a515bc84b9e8ded317ae0d7dab0313ba633e.tar.gz w3m-9de0a515bc84b9e8ded317ae0d7dab0313ba633e.zip