diff -urN pine4.64/imap/src/c-client/mail.c pine4.64-mine/imap/src/c-client/mail.c --- pine4.64/imap/src/c-client/mail.c 2005-09-15 12:57:31.000000000 -0400 +++ pine4.64-mine/imap/src/c-client/mail.c 2006-11-26 23:05:13.000000000 -0500 @@ -95,6 +95,8 @@ static long mailnewsrccanon = LONGT; /* note network sent command */ static sendcommand_t mailsendcommand = NIL; + /* alternate trusted SSL certificate path */ +static char *sslcertpath = NIL; /* supported threaders */ static THREADER mailthreadordsub = { @@ -560,6 +562,12 @@ case GET_SNARFMAILBOXNAME: if (stream) ret = (void *) stream->snarf.name; break; + case SET_SSLCERTPATH: + if (sslcertpath) fs_give((void **) sslcertpath); + sslcertpath = cpystr((char *) value); + case GET_SSLCERTPATH: + ret = (void *) sslcertpath; + break; default: if (r = smtp_parameters (function,value)) ret = r; if (r = env_parameters (function,value)) ret = r; diff -urN pine4.64/imap/src/c-client/mail.h pine4.64-mine/imap/src/c-client/mail.h --- pine4.64/imap/src/c-client/mail.h 2005-02-08 18:44:54.000000000 -0500 +++ pine4.64-mine/imap/src/c-client/mail.h 2006-11-26 23:05:13.000000000 -0500 @@ -183,6 +183,8 @@ #define SET_NEWSRCCANONHOST (long) 329 #define GET_KINIT (long) 330 #define SET_KINIT (long) 331 +#define GET_SSLCERTPATH (long) 332 +#define SET_SSLCERTPATH (long) 333 /* 4xx: network drivers */ #define GET_MAXLOGINTRIALS (long) 400 diff -urN pine4.64/imap/src/osdep/unix/env_unix.c pine4.64-mine/imap/src/osdep/unix/env_unix.c --- pine4.64/imap/src/osdep/unix/env_unix.c 2004-09-13 17:31:19.000000000 -0400 +++ pine4.64-mine/imap/src/osdep/unix/env_unix.c 2006-11-26 23:05:13.000000000 -0500 @@ -1549,6 +1549,8 @@ mail_parameters (NIL,SET_SASLUSESPTRNAME,(void *) atol (k)); else if (!compare_cstring (s,"set network-filesystem-stat-bug")) netfsstatbug = atoi (k); + else if (!compare_cstring (s,"set ssl-cert-path")) + mail_parameters (NIL,SET_SSLCERTPATH,(void *) k); else if (!file) { /* only allowed in system init */ if (!compare_cstring (s,"set black-box-directory") && diff -urN pine4.64/imap/src/osdep/unix/ssl_unix.c pine4.64-mine/imap/src/osdep/unix/ssl_unix.c --- pine4.64/imap/src/osdep/unix/ssl_unix.c 2004-04-27 15:54:51.000000000 -0400 +++ pine4.64-mine/imap/src/osdep/unix/ssl_unix.c 2006-11-26 23:05:13.000000000 -0500 @@ -202,7 +202,8 @@ { BIO *bio; X509 *cert; - char *s,*err,tmp[MAILTMPLEN]; + char *s,*err,tmp[MAILTMPLEN], *sslcertpath; + struct stat sbuf; sslcertificatequery_t scq = (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); if (ssl_last_error) fs_give ((void **) &ssl_last_error); @@ -217,7 +218,20 @@ SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); /* set default paths to CAs */ - SSL_CTX_set_default_verify_paths (stream->context); + sslcertpath = (char *) mail_parameters (NIL,GET_SSLCERTPATH,NIL); + if (sslcertpath && sslcertpath[0] && (stat (sslcertpath, &sbuf) != -1)) { + if (S_ISREG (sbuf.st_mode)) { + if (!SSL_CTX_load_verify_locations (stream->context,sslcertpath,NIL)) + SSL_CTX_set_default_verify_paths (stream->context); + } else if (S_ISDIR (sbuf.st_mode)) { + if (!SSL_CTX_load_verify_locations (stream->context,NIL,sslcertpath)) + SSL_CTX_set_default_verify_paths (stream->context); + } else { + SSL_CTX_set_default_verify_paths (stream->context); + } + } else { + SSL_CTX_set_default_verify_paths (stream->context); + } /* create connection */ if (!(stream->con = (SSL *) SSL_new (stream->context))) return "SSL connection failed"; diff -urN pine4.64/pine/init.c pine4.64-mine/pine/init.c --- pine4.64/pine/init.c 2005-09-12 14:53:17.000000000 -0400 +++ pine4.64-mine/pine/init.c 2006-11-26 23:05:13.000000000 -0500 @@ -425,6 +425,8 @@ CONF_TXT_T init_md_create[] = "Creating subdirectory \"%s\" where Pine will store its mail folders."; +CONF_TXT_T cf_text_ssl_cert_path[] = "Alternate trusted SSL certificate path"; + /*---------------------------------------------------------------------- These are the variables that control a number of pine functions. They @@ -719,6 +721,8 @@ cf_text_patterns}, {"patterns-other", 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, cf_text_patterns}, +{"ssl-cert-path", 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, + cf_text_ssl_cert_path}, /* OBSOLETE VARS */ {"elm-style-save", 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, @@ -2184,6 +2188,11 @@ mail_parameters(NULL, SET_SSHCOMMAND, (void *) VAR_SSHCMD); } + set_current_val(&vars[V_SSL_CERT_PATH], TRUE, TRUE); + if(VAR_SSL_CERT_PATH){ + mail_parameters(NULL, SET_SSLCERTPATH, (void *) VAR_SSL_CERT_PATH); + } + #if defined(DOS) || defined(OS2) set_current_val(&vars[V_FILE_DIR], TRUE, TRUE); diff -urN pine4.64/pine/other.c pine4.64-mine/pine/other.c --- pine4.64/pine/other.c 2005-09-12 18:04:25.000000000 -0400 +++ pine4.64-mine/pine/other.c 2006-11-26 23:07:53.000000000 -0500 @@ -2016,6 +2016,7 @@ case V_PRINTER : case V_PERSONAL_PRINT_COMMAND : case V_PERSONAL_PRINT_CATEGORY : + case V_SSL_CERT_PATH : #if defined(DOS) || defined(OS2) case V_UPLOAD_CMD : case V_UPLOAD_CMD_PREFIX : @@ -7638,6 +7639,8 @@ case V_FILE_DIR : return(h_config_file_dir); #endif + case V_SSL_CERT_PATH : + return(h_config_ssl_cert_path); case V_NORM_FORE_COLOR : case V_NORM_BACK_COLOR : return(h_config_normal_color); @@ -13141,7 +13144,8 @@ var == &ps->vars[V_RSHPATH] || var == &ps->vars[V_RSHCMD] || var == &ps->vars[V_SSHCMD] || - var == &ps->vars[V_SSHPATH])){ + var == &ps->vars[V_SSHPATH] || + var == &ps->vars[V_SSL_CERT_PATH])){ q_status_message2(SM_ASYNC, 0, 3, "Changes%.200s%.200s will affect your next pine session.", var->name ? " to " : "", var->name ? var->name : ""); diff -urN pine4.64/pine/pine.h pine4.64-mine/pine/pine.h --- pine4.64/pine/pine.h 2005-09-15 20:39:42.000000000 -0400 +++ pine4.64-mine/pine/pine.h 2006-11-26 23:05:14.000000000 -0500 @@ -747,6 +747,7 @@ , V_PAT_SCORES_OLD /* obsolete */ , V_PAT_INCOLS , V_PAT_OTHER + , V_SSL_CERT_PATH , V_ELM_STYLE_SAVE /* obsolete */ , V_HEADER_IN_REPLY /* obsolete */ , V_FEATURE_LEVEL /* obsolete */ @@ -1059,6 +1060,7 @@ #define GLO_THREAD_EXP_CHAR vars[V_THREAD_EXP_CHAR].global_val.p #define VAR_THREAD_LASTREPLY_CHAR vars[V_THREAD_LASTREPLY_CHAR].current_val.p #define GLO_THREAD_LASTREPLY_CHAR vars[V_THREAD_LASTREPLY_CHAR].global_val.p +#define VAR_SSL_CERT_PATH vars[V_SSL_CERT_PATH].current_val.p #if defined(DOS) || defined(OS2) #define VAR_FILE_DIR vars[V_FILE_DIR].current_val.p diff -urN pine4.64/pine/pine.hlp pine4.64-mine/pine/pine.hlp --- pine4.64/pine/pine.hlp 2005-09-28 13:56:29.000000000 -0400 +++ pine4.64-mine/pine/pine.hlp 2006-11-26 23:05:14.000000000 -0500 @@ -3385,6 +3385,7 @@
  • OPTION: Addrbook-Sort-Rule
  • OPTION: Address-Book
  • OPTION: Addressbook-Formats +
  • OPTION: Alternate Trusted SSL Certificate Path
  • OPTION: Alt-Addresses
  • OPTION: Character-Set
  • OPTION: Color-Style @@ -30938,6 +30939,29 @@ <End of help on this topic> +====== h_config_ssl_cert_path ===== + + +OPTION: Alternate Trusted SSL Certificate Path + + +

    OPTION: Alternate Trusted SSL Certificate Path

    + +This tells pine where to look for trusted CA certificates. If it's not +set, pine will tell openssl to use the default path compiled into +openssl. You can give the path of a PEM format file or a directory +indexed by c_rehash. If pine cannot find the path specified, it will +fall back to the openssl default. + +

    +You want to set this if you want to manage your own CA certificates, for +example if the system's CA certificate store is unconfigured or you need +to trust a CA that's not trusted by the system. + +

    +<End of help on this topic> + + ====== h_config_role_undo ===== Yes, remember changes and exit back to list of roles; No, discard changes made in this screen; ^C, cancel exit and stay in this config screen.