diff options
author | Eduardo Chappa <chappa@washington.edu> | 2013-10-06 23:58:51 -0600 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2013-10-06 23:58:51 -0600 |
commit | 30a979ab1460a57d466a6a5cc6adb96eac452ce4 (patch) | |
tree | 1aec0ebb21be40922bc5a708c7780fb0db602202 /imap/src/osdep | |
parent | c5bb25b1320af6cda4cc62ea9e15fbb03ee92026 (diff) | |
download | alpine-30a979ab1460a57d466a6a5cc6adb96eac452ce4.tar.xz |
* new version 2.11.8
* Fix in configure script for recognition of SSL files in Ubuntu 12.04
* Alpine does not attempt to automatically reopen a collection that
was not opened due to cancellation by the user. Instead, the user
must try to open it explicitly.
* few improvements on new /tls1, /tls1_1, etc. options.
Diffstat (limited to 'imap/src/osdep')
-rw-r--r-- | imap/src/osdep/unix/ssl_unix.c | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 5a7d0bc0..3f6bcce9 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -55,7 +55,7 @@ typedef struct ssl_stream { #include "sslio.h" /* Function prototypes */ - +const SSL_METHOD *ssl_connect_mthd(int flag); static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags); static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags); static int ssl_open_verify (int ok,X509_STORE_CTX *ctx); @@ -98,8 +98,8 @@ void ssl_onceonlyinit (void) struct stat sbuf; /* if system doesn't have /dev/urandom */ if (stat ("/dev/urandom",&sbuf)) { - while ((fd = open (tmpnam (tmp),O_WRONLY|O_CREAT|O_EXCL,0600)) < 0) - sleep (1); + strcpy(tmp, "SSLXXXXXX"); + while ((fd = mkstemp(tmp)) < 0) sleep (1); unlink (tmp); /* don't need the file */ fstat (fd,&sbuf); /* get information about the file */ close (fd); /* flush descriptor */ @@ -143,7 +143,25 @@ SSLSTREAM *ssl_aopen (NETMBX *mb,char *service,char *usrbuf) { return NIL; /* don't use this mechanism with SSL */ } - + +/* ssl_connect_mthd: returns a context pointer to the connection to + * a ssl server + */ +const SSL_METHOD *ssl_connect_mthd(int flag) +{ + if(flag & NET_TRYTLS1) + return TLSv1_client_method(); +#ifdef TLSV1_2 + else if(flag & NET_TRYTLS1_1) + return TLSv1_1_client_method(); + else if(flag & NET_TRYTLS1_2) + return TLSv1_2_client_method(); +#endif + else if(flag & NET_TRYDTLS1) + return DTLSv1_client_method(); + else return SSLv23_client_method(); +} + /* Start SSL/TLS negotiations * Accepts: open TCP stream of session * user's host name @@ -219,9 +237,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) (sslclientkey_t) mail_parameters (NIL,GET_SSLCLIENTKEY,NIL); if (ssl_last_error) fs_give ((void **) &ssl_last_error); ssl_last_host = host; - if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ? - TLSv1_client_method () : - SSLv23_client_method ()))) + if (!(stream->context = SSL_CTX_new (ssl_connect_mthd(flags)))) return "SSL context failed"; SSL_CTX_set_options (stream->context,0); /* disable certificate validation? */ |