diff options
| author |  Hoà V. DINH <dinh.viet.hoa@gmail.com> | 2014-03-07 09:49:36 -0800 |
|---|---|---|
| committer | Hoà V. DINH <dinh.viet.hoa@gmail.com> | 2014-03-07 09:49:36 -0800 |
| commit | b2188fbb210fbceaeee4aa38b930fe84071afa92 (patch) | |
| tree | d1c146c2b341e4ef61ac93ef20b44767b529d00d | |
| parent | d5ba7c53ad83c18b66a6901c762f6c7f45d2257a (diff) | |
| parent | 32d6e4440340b299169e766971a4e95631e35c91 (diff) | |
Merge pull request #621 from CodaFi/SSL-Check-Certificate
SSL certificate check for other platforms
| -rw-r--r-- | src/core/security/MCCertificateUtils.cc | 74 | ||||
| -rw-r--r-- | src/objc/pop/MCOPOP.h | 2 |
2 files changed, 72 insertions, 4 deletions
diff --git a/src/core/security/MCCertificateUtils.cc b/src/core/security/MCCertificateUtils.cc index 00f4ed9e..e6e46cbf 100644 --- a/src/core/security/MCCertificateUtils.cc +++ b/src/core/security/MCCertificateUtils.cc @@ -11,6 +11,12 @@ #if __APPLE__ #include <CoreFoundation/CoreFoundation.h> #include <Security/Security.h> +#else +#include <openssl/bio.h> +#include <openssl/x509.h> +#include <openssl/x509_vfy.h> +#include <openssl/pem.h> +#include <openssl/err.h> #endif #include "MCLog.h" @@ -78,8 +84,70 @@ free_certs: err: return result; #else - //TODO check certificate - // for other platforms too. - return true; + bool result = false; + X509_STORE * store = NULL; + X509_STORE_CTX * storectx = NULL; + STACK_OF(X509) * certificates = NULL; + int status; + + carray * cCerts = mailstream_get_certificate_chain(stream); + if (cCerts == NULL) { + fprintf(stderr, "warning: No certificate chain retrieved"); + goto err; + } + + store = X509_STORE_new(); + if (store == NULL) { + goto free_certs; + } + + status = X509_STORE_set_default_paths(store); + if (status != 1) { + printf("Error loading the system-wide CA certificates"); + } + + certificates = sk_X509_new_null(); + for(unsigned int i = 0 ; i < carray_count(cCerts) ; i ++) { + MMAPString * str; + str = (MMAPString *) carray_get(cCerts, i); + if (str == NULL) { + goto free_certs; + } + BIO *bio = BIO_new_mem_buf((void *) str->str, str->len); + X509 *certificate = d2i_X509_bio(bio, NULL); + BIO_free(bio); + if (!sk_X509_push(certificates, certificate)) { + goto free_certs; + } + } + + storectx = X509_STORE_CTX_new(); + if (storectx == NULL) { + goto free_certs; + } + + status = X509_STORE_CTX_init(storectx, store, sk_X509_value(certificates, 0), certificates); + if (status != 1) { + goto free_certs; + } + + status = X509_verify_cert(storectx); + if (status == 1) { + result = true; + } + +free_certs: + mailstream_certificate_chain_free(cCerts); + if (certificates != NULL) { + sk_X509_pop_free((STACK_OF(X509) *) certificates, X509_free); + } + if (storectx != NULL) { + X509_STORE_CTX_free(storectx); + } + if (store != NULL) { + X509_STORE_free(store); + } +err: + return result; #endif } diff --git a/src/objc/pop/MCOPOP.h b/src/objc/pop/MCOPOP.h index 18074305..5a75ff4f 100644 --- a/src/objc/pop/MCOPOP.h +++ b/src/objc/pop/MCOPOP.h @@ -6,7 +6,7 @@ // Copyright (c) 2013 MailCore. All rights reserved. // -#ifndef MAILCORE_MCOPOP_H_ +#ifndef MAILCORE_MCOPOP_H #define MAILCORE_MCOPOP_H |