BUG#270893 Support client certificates for IMAP

87238717 · Craig Ringer · Dbus-hybrid · 8890f055 · 87238717
Commit 87238717 authored Sep 25, 2009 by Craig Ringer Committed by Dbus-hybrid Sep 25, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

camel/camel-tcp-stream-ssl.c camel/camel-tcp-stream-ssl.c +7 -2

No files found.
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -1067,8 +1067,13 @@ enable_ssl (CamelTcpStreamSSL *ssl, PRFileDesc *fd)
 	SSL_SetURL (ssl_fd, ssl->priv->expected_host);
-	/*SSL_GetClientAuthDataHook (sslSocket, ssl_get_client_auth, (gpointer) certNickname);*/
+ 	/* NSS provides a default implementation for the SSL_GetClientAuthDataHook callback
-	/*SSL_AuthCertificateHook (ssl_fd, ssl_auth_cert, (gpointer) CERT_GetDefaultCertDB ());*/
+ 	 * but does not enable it by default. It must be explicltly requested by the application.
+ 	 * See: http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1126622 */
+ 	SSL_GetClientAuthDataHook (ssl_fd, (SSLGetClientAuthData)&NSS_GetClientAuthData, NULL );
+ 	/* NSS provides _and_ installs a default implementation for the
+ 	 * SSL_AuthCertificateHook callback so we _don't_ need to install one. */
 	SSL_BadCertHook (ssl_fd, ssl_bad_cert, ssl);
 	ssl->priv->ssl_mode = TRUE;