I#86 - Rejecting connection certificate causes constant connection retries

Closes https://gitlab.gnome.org/GNOME/evolution-data-server/issues/86

5 files changed, 102 insertions, 42 deletions

diff --git a/src/calendar/libedata-cal/e-cal-meta-backend.c b/src/calendar/libedata-cal/e-cal-meta-backend.c
index fbad412d8..fbd1e62d5 100644
--- a/src/calendar/libedata-cal/e-cal-meta-backend.c
+++ b/src/calendar/libedata-cal/e-cal-meta-backend.c
@@ -2903,7 +2903,10 @@ ecmb_authenticate_sync (EBackend *backend,
 		if (auth_result == E_SOURCE_AUTHENTICATION_UNKNOWN)
 			auth_result = E_SOURCE_AUTHENTICATION_ERROR;
 
-		e_source_set_connection_status (e_backend_get_source (backend), E_SOURCE_CONNECTION_STATUS_DISCONNECTED);
+		e_source_set_connection_status (e_backend_get_source (backend),
+			auth_result == E_SOURCE_AUTHENTICATION_ERROR_SSL_FAILED ?
+			E_SOURCE_CONNECTION_STATUS_SSL_FAILED :
+			E_SOURCE_CONNECTION_STATUS_DISCONNECTED);
 	}
 	g_mutex_unlock (&meta_backend->priv->connect_lock);
 
diff --git a/src/libebackend/e-backend.c b/src/libebackend/e-backend.c
index 40d94a5bf..9b6e8c7d4 100644
--- a/src/libebackend/e-backend.c
+++ b/src/libebackend/e-backend.c
@@ -446,7 +446,10 @@ backend_source_authenticate_thread (gpointer user_data)
 		} else {
 			GError *local_error2 = NULL;
 
-			e_source_set_connection_status (source, E_SOURCE_CONNECTION_STATUS_DISCONNECTED);
+			e_source_set_connection_status (source,
+				auth_result == E_SOURCE_AUTHENTICATION_ERROR_SSL_FAILED ?
+				E_SOURCE_CONNECTION_STATUS_SSL_FAILED :
+				E_SOURCE_CONNECTION_STATUS_DISCONNECTED);
 
 			if (!e_source_invoke_credentials_required_sync (source, reason, certificate_pem, certificate_errors,
 				local_error, thread_data->cancellable, &local_error2)) {
diff --git a/src/libedataserver/e-source-webdav.c b/src/libedataserver/e-source-webdav.c
index 7f98e1756..dfc679add 100644
--- a/src/libedataserver/e-source-webdav.c
+++ b/src/libedataserver/e-source-webdav.c
@@ -1533,3 +1533,53 @@ e_source_webdav_unset_temporary_ssl_trust (ESourceWebdav *extension)
 	    response == E_TRUST_PROMPT_RESPONSE_ACCEPT_TEMPORARILY)
 		e_source_webdav_set_ssl_trust (extension, NULL);
 }
+
+/**
+ * e_source_webdav_get_ssl_trust_response:
+ * @extension: an #ESourceWebdav
+ *
+ * Returns: the last SSL trust response, as #ETrustPromptResponse, if none
+ *    is set, then returns %E_TRUST_PROMPT_RESPONSE_UNKNOWN
+ *
+ * Since: 3.32
+ **/
+ETrustPromptResponse
+e_source_webdav_get_ssl_trust_response (ESourceWebdav *extension)
+{
+	ETrustPromptResponse response = E_TRUST_PROMPT_RESPONSE_UNKNOWN;
+
+	g_return_val_if_fail (E_IS_SOURCE_WEBDAV (extension), E_TRUST_PROMPT_RESPONSE_UNKNOWN);
+
+	if (!decode_ssl_trust (extension, &response, NULL, NULL))
+		response = E_TRUST_PROMPT_RESPONSE_UNKNOWN;
+
+	return response;
+}
+
+/**
+ * e_source_webdav_set_ssl_trust_response:
+ * @extension: an #ESourceWebdav
+ * @response: an #ETrustPromptResponse to set
+ *
+ * Set the SSL trust response, as #ETrustPromptResponse, while keeping
+ * the certificate and host information as before. The function does
+ * nothing, when none SSL trust is set or when %E_TRUST_PROMPT_RESPONSE_UNKNOWN
+ * is used as the @response.
+ *
+ * Since: 3.32
+ **/
+void
+e_source_webdav_set_ssl_trust_response (ESourceWebdav *extension,
+					ETrustPromptResponse response)
+{
+	gchar *host = NULL, *hash = NULL;
+
+	g_return_if_fail (E_IS_SOURCE_WEBDAV (extension));
+
+	if (response != E_TRUST_PROMPT_RESPONSE_UNKNOWN &&
+	    decode_ssl_trust (extension, NULL, &host, &hash))
+		encode_ssl_trust (extension, response, host, hash);
+
+	g_free (host);
+	g_free (hash);
+}
diff --git a/src/libedataserver/e-source-webdav.h b/src/libedataserver/e-source-webdav.h
index 1a9173361..f1c8da856 100644
--- a/src/libedataserver/e-source-webdav.h
+++ b/src/libedataserver/e-source-webdav.h
@@ -147,6 +147,12 @@ ETrustPromptResponse
 						 GTlsCertificateFlags cert_errors);
 void		e_source_webdav_unset_temporary_ssl_trust
 						(ESourceWebdav *extension);
+ETrustPromptResponse
+		e_source_webdav_get_ssl_trust_response
+						(ESourceWebdav *extension);
+void		e_source_webdav_set_ssl_trust_response
+						(ESourceWebdav *extension,
+						 ETrustPromptResponse response);
 
 G_END_DECLS
 
diff --git a/src/libedataserverui/e-trust-prompt.c b/src/libedataserverui/e-trust-prompt.c
index 50d7634ee..71c217427 100644
--- a/src/libedataserverui/e-trust-prompt.c
+++ b/src/libedataserverui/e-trust-prompt.c
@@ -604,57 +604,55 @@ e_trust_prompt_run_for_source (GtkWindow *parent,
 
 	certificate = g_tls_certificate_new_from_pem (certificate_pem, -1, &save_data->error);
 	if (certificate) {
+		const gchar *source_extension = NULL;
+
 		if (extension_webdav && host)
 			save_data->response = e_source_webdav_verify_ssl_trust (extension_webdav, host, certificate, 0);
 		else
 			save_data->response = E_TRUST_PROMPT_RESPONSE_REJECT_TEMPORARILY;
 
-		if (save_data->response != E_TRUST_PROMPT_RESPONSE_REJECT) {
-			const gchar *source_extension = NULL;
-
-			if (e_source_has_extension (source, E_SOURCE_EXTENSION_ADDRESS_BOOK))
-				source_extension = E_SOURCE_EXTENSION_ADDRESS_BOOK;
-
-			if (e_source_has_extension (source, E_SOURCE_EXTENSION_CALENDAR)) {
-				if (!source_extension)
-					source_extension = E_SOURCE_EXTENSION_CALENDAR;
-				else
-					source_extension = E_SOURCE_EXTENSION_COLLECTION;
-			}
+		if (e_source_has_extension (source, E_SOURCE_EXTENSION_ADDRESS_BOOK))
+			source_extension = E_SOURCE_EXTENSION_ADDRESS_BOOK;
 
-			if (e_source_has_extension (source, E_SOURCE_EXTENSION_MEMO_LIST)) {
-				if (!source_extension)
-					source_extension = E_SOURCE_EXTENSION_MEMO_LIST;
-				else
-					source_extension = E_SOURCE_EXTENSION_COLLECTION;
-			}
+		if (e_source_has_extension (source, E_SOURCE_EXTENSION_CALENDAR)) {
+			if (!source_extension)
+				source_extension = E_SOURCE_EXTENSION_CALENDAR;
+			else
+				source_extension = E_SOURCE_EXTENSION_COLLECTION;
+		}
 
-			if (e_source_has_extension (source, E_SOURCE_EXTENSION_TASK_LIST)) {
-				if (!source_extension)
-					source_extension = E_SOURCE_EXTENSION_TASK_LIST;
-				else
-					source_extension = E_SOURCE_EXTENSION_COLLECTION;
-			}
+		if (e_source_has_extension (source, E_SOURCE_EXTENSION_MEMO_LIST)) {
+			if (!source_extension)
+				source_extension = E_SOURCE_EXTENSION_MEMO_LIST;
+			else
+				source_extension = E_SOURCE_EXTENSION_COLLECTION;
+		}
 
-			if (e_source_has_extension (source, E_SOURCE_EXTENSION_MAIL_ACCOUNT)) {
-				if (!source_extension)
-					source_extension = E_SOURCE_EXTENSION_MAIL_ACCOUNT;
-				else
-					source_extension = E_SOURCE_EXTENSION_COLLECTION;
-			}
+		if (e_source_has_extension (source, E_SOURCE_EXTENSION_TASK_LIST)) {
+			if (!source_extension)
+				source_extension = E_SOURCE_EXTENSION_TASK_LIST;
+			else
+				source_extension = E_SOURCE_EXTENSION_COLLECTION;
+		}
 
-			if (e_source_has_extension (source, E_SOURCE_EXTENSION_MAIL_TRANSPORT)) {
-				if (!source_extension)
-					source_extension = E_SOURCE_EXTENSION_MAIL_TRANSPORT;
-				else
-					source_extension = E_SOURCE_EXTENSION_COLLECTION;
-			}
+		if (e_source_has_extension (source, E_SOURCE_EXTENSION_MAIL_ACCOUNT)) {
+			if (!source_extension)
+				source_extension = E_SOURCE_EXTENSION_MAIL_ACCOUNT;
+			else
+				source_extension = E_SOURCE_EXTENSION_COLLECTION;
+		}
 
-			save_data->response = e_trust_prompt_run_with_dialog_ready_callback (parent,
-				source_extension, e_source_get_display_name (source), host,
-				certificate_pem, certificate_errors, error_text,
-				trust_prompt_listen_for_source_changes_cb, source);
+		if (e_source_has_extension (source, E_SOURCE_EXTENSION_MAIL_TRANSPORT)) {
+			if (!source_extension)
+				source_extension = E_SOURCE_EXTENSION_MAIL_TRANSPORT;
+			else
+				source_extension = E_SOURCE_EXTENSION_COLLECTION;
 		}
+
+		save_data->response = e_trust_prompt_run_with_dialog_ready_callback (parent,
+			source_extension, e_source_get_display_name (source), host,
+			certificate_pem, certificate_errors, error_text,
+			trust_prompt_listen_for_source_changes_cb, source);
 	}
 
 	g_signal_handlers_disconnect_matched (source, G_SIGNAL_MATCH_FUNC, 0, 0, NULL,