diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2013-09-21 18:45:27 -0600 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2013-09-21 18:45:27 -0600 |
| commit | c5bb25b1320af6cda4cc62ea9e15fbb03ee92026 (patch) | |
| tree | 7edbf4ad7c92cac182112201293da92dff56d7bf /imap/src | |
| parent | 48e1f5018f9d324c1ebce3ea627db50fe03a2134 (diff) | |
| download | alpine-c5bb25b1320af6cda4cc62ea9e15fbb03ee92026.tar.xz | |
* Version 2.11.6
* Add /tls1, /tls1_1, /tls1_2 and /dtls1 to the definition of a
server to use different ways to connect using ssl, for example
{server.com/tls1} will attempt to connect to server.com at the ssl
imap port (port 993) and establish a connection using TLSv1. These
flags can be used in conjunction with the /ssl flag, the ssl flag is
redundant. Conversely, however, the /ssl flag does not imply any of
these flags; the /ssl flag means SSLv3 or, if not available, SSLv2 in
the SSL port.
* WebAlpine: add _GNU_SOURCE to make pubcookie build.
* On my way to make 'make dist' and 'make distcheck' actually work.
Diffstat (limited to 'imap/src')
| -rw-r--r-- | imap/src/c-client/imap4r1.c | 3 | ||||
| -rw-r--r-- | imap/src/c-client/mail.c | 15 | ||||
| -rw-r--r-- | imap/src/c-client/mail.h | 20 | ||||
| -rw-r--r-- | imap/src/c-client/nntp.c | 3 | ||||
| -rw-r--r-- | imap/src/c-client/pop3.c | 3 | ||||
| -rw-r--r-- | imap/src/c-client/smtp.c | 3 |
6 files changed, 39 insertions, 8 deletions
diff --git a/imap/src/c-client/imap4r1.c b/imap/src/c-client/imap4r1.c index 1409b37d..8c1d326a 100644 --- a/imap/src/c-client/imap4r1.c +++ b/imap/src/c-client/imap4r1.c @@ -885,8 +885,7 @@ MAILSTREAM *imap_open (MAILSTREAM *stream) LOCAL->netstream->dtb = ssld; if (!(LOCAL->netstream->stream = (*stls) (LOCAL->netstream->stream,mb.host, - (mb.tlssslv23 ? NIL : NET_TLSCLIENT) | - (mb.novalidate ? NET_NOVALIDATECERT : NIL)))) { + SSL_METHOD(mb) | (mb.novalidate ? NET_NOVALIDATECERT : NIL)))) { /* drat, drop this connection */ if (LOCAL->netstream) net_close (LOCAL->netstream); LOCAL->netstream = NIL; diff --git a/imap/src/c-client/mail.c b/imap/src/c-client/mail.c index d80a01f6..9b5526b4 100644 --- a/imap/src/c-client/mail.c +++ b/imap/src/c-client/mail.c @@ -814,6 +814,18 @@ long mail_valid_net_parse_work (char *name,NETMBX *mb,char *service) mb->trysslflag = mailssldriver? T : NIL; else if (mailssldriver && !compare_cstring (s,"ssl") && !mb->tlsflag) mb->sslflag = mb->notlsflag = T; + else if (!compare_cstring(s, "tls1") + && !mb->tls1_1flag && !mb->tls1_2flag && !mb->dtls1flag) + mb->sslflag = mb->notlsflag = mb->tls1_1flag = T; + else if (!compare_cstring(s, "tls1_1") + && !mb->tls1flag && !mb->tls1_2flag && !mb->dtls1flag) + mb->sslflag = mb->notlsflag = mb->tls1_1flag = T; + else if (!compare_cstring(s, "tls1_2") + && !mb->tls1flag && !mb->tls1_1flag && !mb->dtls1flag) + mb->sslflag = mb->notlsflag = mb->tls1_2flag = T; + else if (!compare_cstring(s, "dtls1") + && !mb->tls1flag && !mb->tls1_1flag && !mb->tls1_2flag) + mb->sslflag = mb->notlsflag = mb->dtls1flag = T; else if (mailssldriver && !compare_cstring (s,"novalidate-cert")) mb->novalidate = T; /* hack for compatibility with the past */ @@ -1222,6 +1234,9 @@ MAILSTREAM *mail_open (MAILSTREAM *stream,char *name,long options) if (mb.tlsflag) strcat (tmp,"/tls"); if (mb.notlsflag) strcat (tmp,"/notls"); if (mb.sslflag) strcat (tmp,"/ssl"); + if (mb.tls1_1flag) strcat (tmp,"/tls1_1"); + if (mb.tls1_2flag) strcat (tmp,"/tls1_2"); + if (mb.dtls1flag) strcat (tmp,"/dtls1"); if (mb.trysslflag) strcat (tmp,"/tryssl"); if (mb.novalidate) strcat (tmp,"/novalidate-cert"); strcat (tmp,"/pop3/loser}"); diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h index 174993e1..2c3f92d2 100644 --- a/imap/src/c-client/mail.h +++ b/imap/src/c-client/mail.h @@ -428,6 +428,14 @@ #define NET_TLSCLIENT ((unsigned long) 0x10000000) /* try SSL mode */ #define NET_TRYSSL ((unsigned long) 0x8000000) + /* try TLS1 mode */ +#define NET_TRYTLS1 ((unsigned long) 0x1000000) + /* try TLS1_1 mode */ +#define NET_TRYTLS1_1 ((unsigned long) 0x2000000) + /* try TLS1_2 mode */ +#define NET_TRYTLS1_2 ((unsigned long) 0x4000000) + /* try DTLS1 mode */ +#define NET_TRYDTLS1 ((unsigned long) 0x8000000) /* Close options */ @@ -654,6 +662,10 @@ typedef struct net_mailbox { unsigned int dbgflag : 1; /* debug flag */ unsigned int secflag : 1; /* secure flag */ unsigned int sslflag : 1; /* SSL driver flag */ + unsigned int tls1flag : 1; /* Use TLSv1 */ + unsigned int tls1_1flag : 1; /* Use TLSv1.1 */ + unsigned int tls1_2flag : 1; /* Use TLSV1.2 */ + unsigned int dtls1flag : 1; /* Use DTLSv1 */ unsigned int trysslflag : 1; /* try SSL driver first flag */ unsigned int novalidate : 1; /* don't validate certificates */ unsigned int tlsflag : 1; /* TLS flag */ @@ -663,6 +675,14 @@ typedef struct net_mailbox { unsigned int loser : 1; /* server is a loser */ unsigned int tlssslv23 : 1; /* force SSLv23 client method over TLS */ } NETMBX; + +#define SSL_METHOD(M) ((M).tlssslv23 ? NIL \ + : (M).tls1flag ? NET_TRYTLS1 \ + : (M).tls1_1flag ? NET_TRYTLS1_1 \ + : (M).tls1_2flag ? NET_TRYTLS1_2 \ + : (M).dtls1flag ? NET_TRYDTLS1 \ + : NET_TLSCLIENT) + /* Item in an address list */ diff --git a/imap/src/c-client/nntp.c b/imap/src/c-client/nntp.c index fe90edba..8a9d00a8 100644 --- a/imap/src/c-client/nntp.c +++ b/imap/src/c-client/nntp.c @@ -1719,8 +1719,7 @@ SENDSTREAM *nntp_open_full (NETDRIVER *dv,char **hostlist,char *service, /* negotiate TLS */ if (stream->netstream->stream = (*stls) (stream->netstream->stream,mb.host, - (mb.tlssslv23 ? NIL : NET_TLSCLIENT) | - (mb.novalidate ? NET_NOVALIDATECERT:NIL))) + SSL_METHOD(mb) | (mb.novalidate ? NET_NOVALIDATECERT:NIL))) extok = nntp_extensions (stream,(mb.secflag ? AU_SECURE : NIL) | (mb.authuser[0] ? AU_AUTHUSER : NIL)); else { diff --git a/imap/src/c-client/pop3.c b/imap/src/c-client/pop3.c index 58a9ceb6..5065fed2 100644 --- a/imap/src/c-client/pop3.c +++ b/imap/src/c-client/pop3.c @@ -567,8 +567,7 @@ long pop3_auth (MAILSTREAM *stream,NETMBX *mb,char *pwd,char *usr) LOCAL->netstream->dtb = ssld; if (!(LOCAL->netstream->stream = (*stls) (LOCAL->netstream->stream,mb->host, - (mb->tlssslv23 ? NIL : NET_TLSCLIENT) | - (mb->novalidate ? NET_NOVALIDATECERT : NIL)))) { + SSL_METHOD(*mb) | (mb->novalidate ? NET_NOVALIDATECERT : NIL)))) { /* drat, drop this connection */ if (LOCAL->netstream) net_close (LOCAL->netstream); LOCAL->netstream= NIL; diff --git a/imap/src/c-client/smtp.c b/imap/src/c-client/smtp.c index 1b748b71..1cba3357 100644 --- a/imap/src/c-client/smtp.c +++ b/imap/src/c-client/smtp.c @@ -210,8 +210,7 @@ SENDSTREAM *smtp_open_full (NETDRIVER *dv,char **hostlist,char *service, /* TLS started, negotiate it */ if (!(stream->netstream->stream = (*stls) (stream->netstream->stream,mb.host, - (mb.tlssslv23 ? NIL : NET_TLSCLIENT) | - (mb.novalidate ? NET_NOVALIDATECERT:NIL)))){ + SSL_METHOD(mb) | (mb.novalidate ? NET_NOVALIDATECERT:NIL)))){ /* TLS negotiation failed after STARTTLS */ sprintf (tmp,"Unable to negotiate TLS with this server: %.80s", mb.host); |