diff options
author | Hoa V. Dinh <dinh.viet.hoa@gmail.com> | 2013-08-01 10:45:31 -0700 |
---|---|---|
committer | Hoa V. Dinh <dinh.viet.hoa@gmail.com> | 2013-08-01 10:46:42 -0700 |
commit | efdeb8e6efe898217291d69dd8a26fe0645d5ac0 (patch) | |
tree | fa6138af61d205e652b649b6322855923a0d8bd2 /src/core/security | |
parent | 154e5f93177f6429bf8e06d2b12771d28f6e5447 (diff) |
Fixed certificate check code (Fixed #263).
Diffstat (limited to 'src/core/security')
-rw-r--r-- | src/core/security/MCCertificateUtils.cc | 58 |
1 files changed, 33 insertions, 25 deletions
diff --git a/src/core/security/MCCertificateUtils.cc b/src/core/security/MCCertificateUtils.cc index c1127942..f2a63907 100644 --- a/src/core/security/MCCertificateUtils.cc +++ b/src/core/security/MCCertificateUtils.cc @@ -19,19 +19,24 @@ bool mailcore::checkCertificate(mailstream * stream, String * hostname) { #if __APPLE__ bool result = false; - CFStringRef hostnameCFString = CFStringCreateWithCharacters(NULL, (const UniChar *) hostname->unicodeCharacters(), - hostname->length()); - SecPolicyRef policy = SecPolicyCreateSSL(true, hostnameCFString); - + CFStringRef hostnameCFString; + SecPolicyRef policy; CFMutableArrayRef certificates; - SecTrustRef trust; - certificates = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + SecTrustRef trust = NULL; + SecTrustResultType trustResult; + OSStatus status; carray * cCerts = mailstream_get_certificate_chain(stream); if (cCerts == NULL) { fprintf(stderr, "warning: No certificate chain retrieved"); - return false; + goto err; } + + hostnameCFString = CFStringCreateWithCharacters(NULL, (const UniChar *) hostname->unicodeCharacters(), + hostname->length()); + policy = SecPolicyCreateSSL(true, hostnameCFString); + certificates = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + for(unsigned int i = 0 ; i < carray_count(cCerts) ; i ++) { MMAPString * str; str = (MMAPString *) carray_get(cCerts, i); @@ -39,31 +44,34 @@ bool mailcore::checkCertificate(mailstream * stream, String * hostname) SecCertificateRef cert = SecCertificateCreateWithData(NULL, data); CFArrayAppendValue(certificates, cert); CFRelease(data); - - OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &trust); - SecTrustResultType trustResult; - status = SecTrustEvaluate(trust, &trustResult); - switch (trustResult) { - case kSecTrustResultUnspecified: - case kSecTrustResultProceed: - // certificate chain is ok - result = true; - break; - - default: - // certificate chain is invalid - break; - } - CFRelease(cert); } + status = SecTrustCreateWithCertificates(certificates, policy, &trust); + if (status != noErr) { + goto free_certs; + } + + status = SecTrustEvaluate(trust, &trustResult); + switch (trustResult) { + case kSecTrustResultUnspecified: + case kSecTrustResultProceed: + // certificate chain is ok + result = true; + break; + + default: + // certificate chain is invalid + break; + } + CFRelease(trust); +free_certs: CFRelease(certificates); + mailstream_certificate_chain_free(cCerts); CFRelease(policy); CFRelease(hostnameCFString); - mailstream_certificate_chain_free(cCerts); - +err: return result; #else //TODO check certificate |