diff options
author | Eduardo Chappa <chappa@washington.edu> | 2021-04-17 23:22:48 -0600 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2021-04-17 23:22:48 -0600 |
commit | ec66afcc51369f994cf04960fc4828cb007176bd (patch) | |
tree | 2056be54d1b2ff06a02377c41594efe4c29274d3 | |
parent | cd24f8efb57dd2b057ab6a216ff3789876c62420 (diff) | |
download | alpine-ec66afcc51369f994cf04960fc4828cb007176bd.tar.xz |
* Add new variable ssl-ciphers to list the ciphers that will be used when
negotiating a secure connection with a SSL server. Work in
collaboration with professor Martin Trusler.
-rw-r--r-- | alpine/confscroll.c | 1 | ||||
-rw-r--r-- | imap/src/c-client/mail.h | 2 | ||||
-rw-r--r-- | imap/src/osdep/unix/env_unix.c | 8 | ||||
-rw-r--r-- | imap/src/osdep/unix/ssl_unix.c | 4 | ||||
-rw-r--r-- | pith/conf.c | 9 | ||||
-rw-r--r-- | pith/conftype.h | 1 | ||||
-rw-r--r-- | pith/pine.hlp | 31 |
7 files changed, 54 insertions, 2 deletions
diff --git a/alpine/confscroll.c b/alpine/confscroll.c index d127f603..50f578ff 100644 --- a/alpine/confscroll.c +++ b/alpine/confscroll.c @@ -5784,6 +5784,7 @@ fix_side_effects(struct pine *ps, struct variable *var, int revert) var == &ps->vars[V_SSLCAFILE] || var == &ps->vars[V_USERSSLCAPATH] || var == &ps->vars[V_USERSSLCAFILE] || + var == &ps->vars[V_SSLCIPHERS] || #endif var == &ps->vars[V_RSHPATH] || var == &ps->vars[V_RSHCMD] || diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h index 9fc1c714..d40d7ebe 100644 --- a/imap/src/c-client/mail.h +++ b/imap/src/c-client/mail.h @@ -248,6 +248,8 @@ #define SET_ENCRYPTION_RANGE_MIN (long) 339 #define GET_ENCRYPTION_RANGE_MAX (long) 340 #define SET_ENCRYPTION_RANGE_MAX (long) 341 +#define GET_SSLCIPHERS (long) 342 +#define SET_SSLCIPHERS (long) 343 /* 4xx: network drivers */ #define GET_MAXLOGINTRIALS (long) 400 diff --git a/imap/src/osdep/unix/env_unix.c b/imap/src/osdep/unix/env_unix.c index afec59b1..c41a5d04 100644 --- a/imap/src/osdep/unix/env_unix.c +++ b/imap/src/osdep/unix/env_unix.c @@ -76,6 +76,7 @@ static char *sslCApath = NIL; /* non-standard CA path */ static char *sslCAfile = NIL; /* non-standard CA container */ static char *sslAppCApath = NIL; /* App SSL CA path */ static char *sslAppCAfile = NIL; /* App SSL CA container */ +static char *sslciphers = NIL; /* ciphers to negotiate with a SSL server */ static short anonymous = NIL; /* is anonymous */ static short blackBox = NIL; /* is a black box */ static short closedBox = NIL; /* is a closed box (uses chroot() jail) */ @@ -370,6 +371,13 @@ void *env_parameters (long function,void *value) case GET_SSLAPPCAFILE: ret = (void *) sslAppCAfile; break; + case SET_SSLCIPHERS: /* this can be set null */ + if (sslciphers) fs_give ((void **) &sslciphers); + sslciphers = value ? cpystr ((char *) value) : value; + break; + case GET_SSLCIPHERS: + ret = (void *) sslciphers; + break; case SET_LISTMAXLEVEL: list_max_level = (long) value; case GET_LISTMAXLEVEL: diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 1f64b57e..5d3ffcd8 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -395,7 +395,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) int minv, maxv; int masklow, maskhigh; char *s,*t,*err,tmp[MAILTMPLEN], buf[256]; - char *CAfile, *CApath; + char *CAfile, *CApath, *ciphers; sslcertificatequery_t scq = (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); sslclientcert_t scc = @@ -414,6 +414,8 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) if (flags & NET_NOVALIDATECERT) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); + /* set cipher list */ + ciphers = (char *) mail_parameters (NIL,GET_SSLCIPHERS,NIL); /* if a non-standard path desired */ CAfile = (char *) mail_parameters (NIL,GET_SSLCAFILE,NIL); CApath = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL); diff --git a/pith/conf.c b/pith/conf.c index e8904e45..8de54278 100644 --- a/pith/conf.c +++ b/pith/conf.c @@ -384,7 +384,9 @@ CONF_TXT_T cf_text_system_certs_file[] = "Sets the path for the system ssl file CONF_TXT_T cf_text_user_certs_path[] = "Sets the path for additional ssl certificates that the user trusts. Note\n#that this could be a list of paths, if the same\n# pinerc is used in different systems. Alpine always chooses the first one that\n# it finds. Value must be an absolute path."; -CONF_TXT_T cf_text_user_certs_file[] = "Sets the path for a file that contains certificates that a user trusts.\nNote that this could be a list of container files,\n# if the same pinerc is used in different systems. Alpine always chooses the,\n# first one that it finds. Value must be an absolute path."; +CONF_TXT_T cf_text_user_certs_file[] = "Sets the path for a file that contains certificates that a user trusts.\n#Note that this could be a list of container files,\n# if the same pinerc is used in different systems. Alpine always chooses the,\n# first one that it finds. Value must be an absolute path."; + +CONF_TXT_T cf_text_ciphers[] = "Colon separated list of ciphers that should be negotiated with the remote\n# ssl server upon connection."; #endif CONF_TXT_T cf_text_newmail_fifo_path[] = "Sets the filename for the newmail fifo (named pipe). Unix only."; @@ -678,6 +680,8 @@ static struct variable variables[] = { "User Certs Dir", cf_text_user_certs_file}, {"user-certs-file", 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, "User Certs File", cf_text_user_certs_file}, +{"ssl-ciphers", 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, + "SSL Ciphers", cf_text_ciphers}, #endif {"url-viewers", 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, "URL-Viewers", cf_text_browser}, @@ -2439,6 +2443,7 @@ init_vars(struct pine *ps, void (*cmds_f) (struct pine *, char **)) set_current_val(&vars[V_SSLCAFILE], TRUE, TRUE); set_current_val(&vars[V_USERSSLCAPATH], TRUE, TRUE); set_current_val(&vars[V_USERSSLCAFILE], TRUE, TRUE); + set_current_val(&vars[V_SSLCIPHERS], TRUE, TRUE); #endif #if !defined(DOS) && !defined(OS2) && !defined(LEAVEOUTFIFO) set_current_val(&vars[V_FIFOPATH], TRUE, TRUE); @@ -8055,6 +8060,8 @@ config_help(int var, int feature) return(h_config_user_certs_path); case V_USERSSLCAFILE : return(h_config_user_certs_file); + case V_SSLCIPHERS : + return(h_config_ssl_ciphers); #endif #if !defined(DOS) && !defined(OS2) && !defined(LEAVEOUTFIFO) case V_FIFOPATH : diff --git a/pith/conftype.h b/pith/conftype.h index c563126e..5f2dd505 100644 --- a/pith/conftype.h +++ b/pith/conftype.h @@ -129,6 +129,7 @@ typedef enum { V_PERSONAL_NAME = 0 , V_SSLCAFILE , V_USERSSLCAPATH , V_USERSSLCAFILE + , V_SSLCIPHERS #endif , V_BROWSER , V_HISTORY diff --git a/pith/pine.hlp b/pith/pine.hlp index 060a897a..603c7563 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -188,6 +188,9 @@ new additions to Alpine, please check it periodically. <P> New features include: <UL> +<LI> New configuration variable <!--#echo var="VAR_ssl-ciphers"--> that allows +users to list the ciphers that want to use when connecting to a SSL server. +Based on a collaboration with Professor Martin Trusler. <LI> New hidden feature <a href="h_config_delete_before_writing"><!--#echo var="FEAT_enable-delete-before-writing"--></a> to add support for terminals that need lines to be deleted before being written. Based on a collaboration with Professor Martin Trusler. @@ -22811,6 +22814,34 @@ User Certs File = /home/fred/.alpine-certs/certs.pem <P> <End of help on this topic> </BODY></HTML> +====== h_config_ssl_ciphers ====== +<HTML> +<HEAD> +<TITLE>OPTION: <!--#echo var="VAR_ssl-ciphers"--></TITLE> +</HEAD> +<BODY> +<H1>OPTION: <!--#echo var="VAR_ssl-ciphers"--></H1> + +(UNIX ALPINE ONLY) +This is a colon separated list of ciphers that your openssl or libressl +library supports and will use to negotiate a secure connection with a +remote SSL server. + +<P> +The list of ciphers supported by openssl can be obtained with the command +line command + +<P> +openssl ciphers + +<P> +Consult the manual page of the openssl ciphers command to see more +way to specify groups of ciphers, such as RSA, or other groups of +ciphers. + +<P> +<End of help on this topic> +</BODY></HTML> ====== h_config_set_att_ansi ====== <HTML><HEAD> <TITLE>OPTION: Set printer to attached ansi printer</TITLE> |