diff -Naur claws-mail-3.17.3-orig/src/gtk/sslcertwindow.c claws-mail-3.17.3/src/gtk/sslcertwindow.c
--- claws-mail-3.17.3-orig/src/gtk/sslcertwindow.c 2018-11-07 11:31:50.000000000 +0100
+++ claws-mail-3.17.3/src/gtk/sslcertwindow.c 2019-04-20 11:01:10.004193095 +0200
@@ -70,6 +70,7 @@
char *tmp;
time_t exp_time_t;
struct tm lt;
+ guint ret;
/* issuer */
issuer_commonname = g_malloc(BUFFSIZE);
@@ -142,13 +143,27 @@
} else
exp_date = g_strdup("");
- /* fingerprint */
- n = 128;
- gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA1, md, &n);
- sha1_fingerprint = readable_fingerprint(md, (int)n);
- gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA256, md, &n);
- sha256_fingerprint = readable_fingerprint(md, (int)n);
+ /* fingerprints */
+ n = 0;
+ memset(md, 0, sizeof(md));
+ if ((ret = gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA1, md, &n)) == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ if (n <= sizeof(md))
+ ret = gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA1, md, &n);
+ }
+ if (ret != 0)
+ g_warning("failed to obtain SHA1 fingerprint: %d", ret);
+ sha1_fingerprint = readable_fingerprint(md, (int)n); /* all zeroes */
+
+ n = 0;
+ memset(md, 0, sizeof(md));
+ if ((ret = gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA256, md, &n)) == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ if (n <= sizeof(md))
+ ret = gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA256, md, &n);
+ }
+ if (ret != 0)
+ g_warning("failed to obtain SHA256 fingerprint: %d", ret);
+ sha256_fingerprint = readable_fingerprint(md, (int)n); /* all zeroes */
/* signature */
sig_status = ssl_certificate_check_signer(cert, cert->status);