diff options
author | Eduardo Chappa <chappa@washington.edu> | 2013-11-02 02:51:18 -0600 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2013-11-02 02:51:18 -0600 |
commit | 7fe712882b909931088a318c08041b0e7974a000 (patch) | |
tree | 2770f9b084e2efc7fc55e96e9bf4352cf2ff33a3 /imap/src/osdep/unix/ssl_unix.c | |
parent | bdfc834badee92ceeb2befe02f1d065ced5b9ddf (diff) | |
download | alpine-7fe712882b909931088a318c08041b0e7974a000.tar.xz |
* Update to version 2.19.1
* Upgrade UW-IMAP to Panda IMAP from https://github.com/jonabbey/panda-imap.
* Replace tabs by spaces in From and Subject fields to control for size in
screen of these fields. Change only in index screen display.
Diffstat (limited to 'imap/src/osdep/unix/ssl_unix.c')
-rw-r--r-- | imap/src/osdep/unix/ssl_unix.c | 50 |
1 files changed, 32 insertions, 18 deletions
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 3f6bcce9..d77ed719 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -1,13 +1,5 @@ /* ======================================================================== - * Copyright 1988-2008 University of Washington - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * + * Copyright 2008-2009 Mark Crispin * ======================================================================== */ @@ -15,18 +7,24 @@ * Program: SSL authentication/encryption module * * Author: Mark Crispin - * Networks and Distributed Computing - * Computing & Communications - * University of Washington - * Administration Building, AG-44 - * Seattle, WA 98195 - * Internet: MRC@CAC.Washington.EDU * * Date: 22 September 1998 - * Last Edited: 13 January 2007 + * Last Edited: 8 November 2009 + * + * Previous versions of this file were + * + * Copyright 1988-2008 University of Washington + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * */ #define crypt ssl_private_crypt +#define STRING OPENSSL_STRING #include <x509v3.h> #include <ssl.h> #include <err.h> @@ -35,11 +33,27 @@ #include <bio.h> #include <crypto.h> #include <rand.h> +#undef STRING #undef crypt #define SSLBUFLEN 8192 -#define SSLCIPHERLIST "ALL:!LOW" +/* + * PCI auditing compliance, disable: + * SSLv2 + * anonymous D-H (no certificate + * export encryption ciphers (40 and 56 bits) + * low encryption cipher suites (40 and 56 bits, excluding export) + * null encryption (disabling implied by "ALL") + * + * UW imapd just disables low-grade and null ("ALL:!LOW"). This setting + * will break clients that attempt to use the newly-prohibited mechanisms. + * + * I question the value of disabling SSLv2, as opposed to disabling the SSL + * ports (e.g., 993 for IMAP, 995 for POP3) and using TLS exclusively. + */ + +#define SSLCIPHERLIST "ALL:!SSLv2:!ADH:!EXP:!LOW" /* SSL I/O stream */ @@ -635,7 +649,7 @@ static long ssl_abort (SSLSTREAM *stream) char *ssl_host (SSLSTREAM *stream) { - return tcp_host (stream->tcpstream); + return stream ? tcp_host (stream->tcpstream) : "UNKNOWN"; } |