1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
3 * Authors: Jeffrey Stedfast <fejj@ximian.com>
4 * Bertrand Guiheneuf <bertrand@helixcode.com>
6 * Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
33 #include "nss.h" /* Don't use <> here or it will include the system nss.h instead */
36 #endif /* CAMEL_HAVE_NSS */
38 #include <glib/gi18n-lib.h>
41 #include "camel-certdb.h"
42 #include "camel-debug.h"
43 #include "camel-provider.h"
44 #include "camel-win32.h"
47 /* To protect NSS initialization and shutdown. This prevents
48 concurrent calls to shutdown () and init () by different threads */
49 PRLock *nss_initlock = NULL;
51 /* Whether or not Camel has initialized the NSS library. We cannot
52 unconditionally call NSS_Shutdown () if NSS was initialized by other
53 library before. This boolean ensures that we only perform a cleanup
54 if and only if Camel is the one that previously initialized NSS */
55 volatile gboolean nss_initialized = FALSE;
58 static gint initialised = FALSE;
60 gint camel_application_is_exiting = FALSE;
62 #define NSS_SYSTEM_DB "/etc/pki/nssdb"
65 nss_has_system_db (void)
72 f = fopen(NSS_SYSTEM_DB "/pkcs11.txt", "r");
76 /* Check whether the system NSS db is actually enabled */
77 while (fgets (buf, 80, f) && !found) {
78 if (!strcmp(buf, "library=libnsssysinit.so\n"))
87 camel_init (const gchar *configdir, gboolean nss_init)
95 bindtextdomain (GETTEXT_PACKAGE, LOCALEDIR);
96 bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
100 #ifdef CAMEL_HAVE_NSS
102 gchar *nss_configdir = NULL;
103 gchar *nss_sql_configdir = NULL;
104 SECStatus status = SECFailure;
107 if (nss_initlock == NULL) {
108 PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
109 nss_initlock = PR_NewLock ();
111 PR_Lock (nss_initlock);
113 if (NSS_IsInitialized ())
117 nss_configdir = g_strdup (configdir);
119 nss_configdir = g_win32_locale_filename_from_utf8 (configdir);
122 if (nss_has_system_db ()) {
123 nss_sql_configdir = g_strdup ("sql:" NSS_SYSTEM_DB );
125 /* On Windows, we use the Evolution configdir. On other
126 * operating systems we use ~/.pki/nssdb/, which is where
127 * the user-specific part of the "shared system db" is
128 * stored and is what Chrome uses too.
130 * We have to create the configdir if it does not exist,
131 * to prevent camel from bailing out on first run. */
133 g_mkdir_with_parents (configdir, 0700);
134 nss_sql_configdir = g_strconcat ("sql:", nss_configdir, NULL);
136 gchar *user_nss_dir = g_build_filename ( g_get_home_dir (),
137 ".pki/nssdb", NULL );
138 if (g_mkdir_with_parents (user_nss_dir, 0700))
139 g_warning("Failed to create SQL database directory %s: %s\n",
140 user_nss_dir, strerror (errno));
142 nss_sql_configdir = g_strconcat ("sql:", user_nss_dir, NULL);
143 g_free (user_nss_dir);
147 #if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 12)
148 /* See: https://wiki.mozilla.org/NSS_Shared_DB,
149 * particularly "Mode 3A". Note that the target
150 * directory MUST EXIST. */
151 status = NSS_InitWithMerge (
152 nss_sql_configdir, /* dest dir */
153 "", "", /* new DB name prefixes */
154 SECMOD_DB, /* secmod name */
155 nss_configdir, /* old DB dir */
156 "", "", /* old DB name prefixes */
157 nss_configdir, /* unique ID for old DB */
158 "Evolution S/MIME", /* UI name for old DB */
161 if (status == SECFailure) {
162 g_warning ("Failed to initialize NSS SQL database in %s: NSS error %d",
163 nss_sql_configdir, PORT_GetError ());
164 /* Fall back to opening the old DBM database */
167 /* Support old versions of libnss, pre-sqlite support. */
168 if (status == SECFailure)
169 status = NSS_InitReadWrite (nss_configdir);
170 if (status == SECFailure) {
171 /* Fall back to using volatile dbs? */
172 status = NSS_NoDB_Init (nss_configdir);
173 if (status == SECFailure) {
174 g_free (nss_configdir);
175 g_free (nss_sql_configdir);
176 g_warning ("Failed to initialize NSS");
177 PR_Unlock (nss_initlock);
182 nss_initialized = TRUE;
185 NSS_SetDomesticPolicy ();
187 PR_Unlock (nss_initlock);
189 /* we must enable all ciphersuites */
190 for (indx = 0; indx < SSL_NumImplementedCiphers; indx++) {
191 if (!SSL_IS_SSL2_CIPHER (SSL_ImplementedCiphers[indx]))
192 SSL_CipherPrefSetDefault (SSL_ImplementedCiphers[indx], PR_TRUE);
195 SSL_OptionSetDefault (SSL_ENABLE_SSL2, PR_TRUE);
196 SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
197 SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE);
198 SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_TRUE /* maybe? */);
200 g_free (nss_configdir);
201 g_free (nss_sql_configdir);
203 #endif /* CAMEL_HAVE_NSS */
205 path = g_strdup_printf ("%s/camel-cert.db", configdir);
206 certdb = camel_certdb_new ();
207 camel_certdb_set_filename (certdb, path);
210 /* if we fail to load, who cares? it'll just be a volatile certdb */
211 camel_certdb_load (certdb);
213 /* set this certdb as the default db */
214 camel_certdb_set_default (certdb);
216 g_object_unref (certdb);
229 camel_shutdown (void)
236 certdb = camel_certdb_get_default ();
238 camel_certdb_save (certdb);
239 camel_certdb_set_default (NULL);
242 /* These next calls must come last. */
244 #if defined (CAMEL_HAVE_NSS)
245 if (nss_initlock != NULL) {
246 PR_Lock (nss_initlock);
249 PR_Unlock (nss_initlock);
251 #endif /* CAMEL_HAVE_NSS */