Same.

2001-10-11  Jeffrey Stedfast  <fejj@ximian.com>

	* camel-tcp-stream-ssl.c (ssl_cert_is_saved): Same.

	* camel-tcp-stream-openssl.c (ssl_cert_is_saved): Instead of
	opening the file, stat it and make sure that it belongs to us.

svn path=/trunk/; revision=13600

camel/ChangeLog

@@ -1,3 +1,10 @@
+2001-10-11  Jeffrey Stedfast  <fejj@ximian.com>
+
+	* camel-tcp-stream-ssl.c (ssl_cert_is_saved): Same.
+
+	* camel-tcp-stream-openssl.c (ssl_cert_is_saved): Instead of
+	opening the file, stat it and make sure that it belongs to us.
+
 2001-10-10  Jeffrey Stedfast  <fejj@ximian.com>
 
 	* camel-tcp-stream-openssl.c (ssl_verify): Same hack as below.

camel/camel-tcp-stream-openssl.c

@@ -499,16 +499,19 @@ static gboolean
 ssl_cert_is_saved (const char *certid)
 {
 	char *filename;
-	int fd;
+	struct stat st;
+	int ret;
 	
 	filename = g_strdup_printf ("%s/.camel_certs/%s", getenv ("HOME"), certid);
 	
-	fd = open (filename, O_RDONLY);
-	g_free (filename);
-	if (fd != -1)
-		close (fd);
+	if (stat (filename, &st) == -1) {
+		g_free (filename);
+		return FALSE;
+	}
 	
-	return fd != -1;
+	g_free (filename);
+	
+	return st.st_uid == getuid ();
 }
 
 static int

camel/camel-tcp-stream-ssl.c

@@ -366,16 +366,19 @@ static gboolean
 ssl_cert_is_saved (const char *certid)
 {
 	char *filename;
-	int fd;
+	struct stat st;
+	int ret;
 	
 	filename = g_strdup_printf ("%s/.camel_certs/%s", getenv ("HOME"), certid);
 	
-	fd = open (filename, O_RDONLY);
-	g_free (filename);
-	if (fd != -1)
-		close (fd);
+	if (stat (filename, &st) == -1) {
+		g_free (filename);
+		return FALSE;
+	}
 	
-	return fd != -1;
+	g_free (filename);
+	
+	return st.st_uid == getuid ();
 }
 
 static SECStatus