diff options
author | Eduardo Chappa <chappa@washington.edu> | 2018-09-29 22:59:37 -0600 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2018-09-29 22:59:37 -0600 |
commit | 924c47dd50a7b74136b8a60e9ea8d347ff65425b (patch) | |
tree | bcbaaeb98807a7cb12bf16188c66a5ea938d0255 /imap/src | |
parent | 879f42fa445aa684ffbab7d404941a9d24a4863a (diff) | |
download | alpine-924c47dd50a7b74136b8a60e9ea8d347ff65425b.tar.xz |
* Add the /tls1_3 modifier to establish connections use the TLS protocol
version 1.3.
Diffstat (limited to 'imap/src')
-rw-r--r-- | imap/src/c-client/mail.c | 24 | ||||
-rw-r--r-- | imap/src/c-client/mail.h | 12 | ||||
-rw-r--r-- | imap/src/osdep/nt/ssl_nt.c | 73 | ||||
-rw-r--r-- | imap/src/osdep/unix/ssl_unix.c | 67 |
4 files changed, 130 insertions, 46 deletions
diff --git a/imap/src/c-client/mail.c b/imap/src/c-client/mail.c index 43db47aa..8ac8ba63 100644 --- a/imap/src/c-client/mail.c +++ b/imap/src/c-client/mail.c @@ -827,19 +827,29 @@ long mail_valid_net_parse_work (char *name,NETMBX *mb,char *service) else if (mailssldriver && !compare_cstring (s,"ssl") && !mb->tlsflag) mb->sslflag = mb->notlsflag = T; else if (!compare_cstring(s, "tls1") - && !mb->tls1_1 && !mb->tls1_2 && !mb->dtls1) + && !mb->tls1_1 && !mb->tls1_2 && !mb->tls1_3 + && !mb->dtls1 && !mb->dtls1_2) mb->sslflag = mb->notlsflag = mb->tls1 = T; -#ifdef TLSV1_2 else if (!compare_cstring(s, "tls1_1") - && !mb->tls1 && !mb->tls1_2 && !mb->dtls1) + && !mb->tls1 && !mb->tls1_2 && !mb->tls1_3 + && !mb->dtls1 && !mb->dtls1_2) mb->sslflag = mb->notlsflag = mb->tls1_1 = T; else if (!compare_cstring(s, "tls1_2") - && !mb->tls1 && !mb->tls1_1 && !mb->dtls1) + && !mb->tls1 && !mb->tls1_1 && !mb->tls1_3 + && !mb->dtls1 && !mb->dtls1_2) mb->sslflag = mb->notlsflag = mb->tls1_2 = T; -#endif + else if (!compare_cstring(s, "tls1_3") + && !mb->tls1 && !mb->tls1_1 && !mb->tls1_2 + && !mb->dtls1 && !mb->dtls1_2) + mb->sslflag = mb->notlsflag = mb->tls1_3 = T; else if (!compare_cstring(s, "dtls1") - && !mb->tls1 && !mb->tls1_1 && !mb->tls1_2) + && !mb->tls1 && !mb->tls1_1 && !mb->tls1_2 + && !mb->tls1_3 && !mb->dtls1_2) mb->sslflag = mb->notlsflag = mb->dtls1 = T; + else if (!compare_cstring(s, "dtls1_2") + && !mb->tls1 && !mb->tls1_1 && !mb->tls1_2 + && !mb->tls1_3 && !mb->dtls1) + mb->sslflag = mb->notlsflag = mb->dtls1_2 = T; else if (mailssldriver && !compare_cstring (s,"novalidate-cert")) mb->novalidate = T; /* hack for compatibility with the past */ @@ -6220,7 +6230,9 @@ NETSTREAM *net_open (NETMBX *mb,NETDRIVER *dv,unsigned long port, flags |= mb->tls1 || mb->tlsflag ? NET_TRYTLS1 : 0; flags |= mb->tls1_1 ? NET_TRYTLS1_1 : 0; flags |= mb->tls1_2 ? NET_TRYTLS1_2 : 0; + flags |= mb->tls1_3 ? NET_TRYTLS1_3 : 0; flags |= mb->dtls1 ? NET_TRYDTLS1 : 0; + flags |= mb->dtls1_2 ? NET_TRYDTLS1_2 : 0; if (strlen (mb->host) >= NETMAXHOST) { sprintf (tmp,"Invalid host name: %.80s",mb->host); MM_LOG (tmp,ERROR); diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h index fc3f3862..e5755e54 100644 --- a/imap/src/c-client/mail.h +++ b/imap/src/c-client/mail.h @@ -442,13 +442,17 @@ /* try SSL mode */ #define NET_TRYSSL ((unsigned long) 0x8000000) /* try TLS1 mode */ -#define NET_TRYTLS1 ((unsigned long) 0x1000000) +#define NET_TRYTLS1 ((unsigned long) 0x4000000) /* try TLS1_1 mode */ #define NET_TRYTLS1_1 ((unsigned long) 0x2000000) /* try TLS1_2 mode */ -#define NET_TRYTLS1_2 ((unsigned long) 0x4000000) +#define NET_TRYTLS1_2 ((unsigned long) 0x1000000) + /* try TLS1_3 mode */ +#define NET_TRYTLS1_3 ((unsigned long) 0x800000) /* try DTLS1 mode */ -#define NET_TRYDTLS1 ((unsigned long) 0x8000000) +#define NET_TRYDTLS1 ((unsigned long) 0x400000) + /* try DTLS1_2 mode */ +#define NET_TRYDTLS1_2 ((unsigned long) 0x200000) /* Close options */ @@ -691,7 +695,9 @@ typedef struct net_mailbox { unsigned int tls1 : 1; /* Use TLSv1 */ unsigned int tls1_1 : 1; /* Use TLSv1.1 */ unsigned int tls1_2 : 1; /* Use TLSV1.2 */ + unsigned int tls1_3 : 1; /* Use TLSV1.3 */ unsigned int dtls1 : 1; /* Use DTLSv1 */ + unsigned int dtls1_2 : 1; /* Use DTLSv1.2 */ unsigned int trysslflag : 1; /* try SSL driver first flag */ unsigned int novalidate : 1; /* don't validate certificates */ unsigned int tlsflag : 1; /* TLS flag */ diff --git a/imap/src/osdep/nt/ssl_nt.c b/imap/src/osdep/nt/ssl_nt.c index d352980e..b4d7e1d2 100644 --- a/imap/src/osdep/nt/ssl_nt.c +++ b/imap/src/osdep/nt/ssl_nt.c @@ -37,15 +37,30 @@ #ifdef OPENSSL_1_1_0 #include <rsa.h> #include <bn.h> +#ifdef TLSv1_client_method +#undef TLSv1_client_method +#endif /* TLSv1_client_method */ #ifdef TLSv1_1_client_method -#undef TLSv1_1_client_method +#undef TLSv1_1_client_method #endif /* TLSv1_1_client_method */ #ifdef TLSv1_2_client_method #undef TLSv1_2_client_method #endif /* TLSv1_2_client_method */ +#ifdef DTLSv1_client_method +#undef DTLSv1_client_method +#endif /* DTLSv1_client_method */ +#ifdef DTLSv1_2_client_method +#undef DTLSv1_2_client_method +#endif /* DTLSv1_2_client_method */ +#define TLSv1_client_method TLS_client_method #define TLSv1_1_client_method TLS_client_method #define TLSv1_2_client_method TLS_client_method -#endif /* OPENSSL_1_1_0 */ +#define DTLSv1_client_method DTLS_client_method +#define DTLSv1_2_client_method DTLS_client_method +#endif /* OPENSSL_1_1_0 */ +#ifndef DTLSv1_2_client_method +#define DTLSv1_2_client_method DTLSv1_client_method +#endif /* DTLSv1_2_client_method */ #undef STRING #undef crypt @@ -187,26 +202,44 @@ SSLSTREAM *ssl_aopen (NETMBX *mb,char *service,char *usrbuf) */ const SSL_METHOD *ssl_connect_mthd(int flag) { -#ifdef OPENSSL_1_1_0 - if(flag & NET_TRYTLS1) - return TLS_client_method(); + if (flag & NET_TRYTLS1) +#ifndef OPENSSL_NO_TLS1_METHOD + return TLSv1_client_method(); #else - if(flag & NET_TRYTLS1) - return TLSv1_client_method(); -#endif /* OPENSSL_1_1_0 */ -#ifdef TLSV1_2 - else if(flag & NET_TRYTLS1_1) - return TLSv1_1_client_method(); - else if(flag & NET_TRYTLS1_2) - return TLSv1_2_client_method(); -#endif /* TLSV1_2 */ -#ifdef OPENSSL_1_1_0 - else if(flag & NET_TRYDTLS1) - return DTLS_client_method(); + return TLS_client_method(); +#endif /* OPENSSL_NO_TLS1_METHOD */ + + else if(flag & NET_TRYTLS1_1) +#ifndef OPENSSL_NO_TLS1_1_METHOD + return TLSv1_1_client_method(); #else - else if(flag & NET_TRYDTLS1) - return DTLSv1_client_method(); -#endif /* OPENSSL_1_1_0 */ + return TLS_client_method(); +#endif /* OPENSSL_NO_TLS1_1_METHOD */ + + else if(flag & NET_TRYTLS1_2) +#ifndef OPENSSL_NO_TLS1_2_METHOD + return TLSv1_2_client_method(); +#else + return TLS_client_method(); +#endif /* OPENSSL_NO_TLS1_2_METHOD */ + + else if(flag & NET_TRYTLS1_3) + return TLS_client_method(); + + else if(flag & NET_TRYDTLS1) +#ifndef OPENSSL_NO_DTLS1_METHOD + return DTLSv1_client_method(); +#else + return DTLS_client_method(); +#endif /* OPENSSL_NO_DTLS1_METHOD */ + + else if(flag & NET_TRYDTLS1_2) +#ifndef OPENSSL_NO_DTLS1_METHOD + return DTLSv1_2_client_method(); +#else + return DTLS_client_method(); +#endif /* OPENSSL_NO_DTLS1_METHOD */ + else return SSLv23_client_method(); } diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 4c4d6ef8..ffd37775 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -36,15 +36,30 @@ #ifdef OPENSSL_1_1_0 #include <rsa.h> #include <bn.h> +#ifdef TLSv1_client_method +#undef TLSv1_client_method +#endif /* TLSv1_client_method */ #ifdef TLSv1_1_client_method #undef TLSv1_1_client_method #endif /* TLSv1_1_client_method */ #ifdef TLSv1_2_client_method #undef TLSv1_2_client_method #endif /* TLSv1_2_client_method */ +#ifdef DTLSv1_client_method +#undef DTLSv1_client_method +#endif /* DTLSv1_client_method */ +#ifdef DTLSv1_2_client_method +#undef DTLSv1_2_client_method +#endif /* DTLSv1_2_client_method */ +#define TLSv1_client_method TLS_client_method #define TLSv1_1_client_method TLS_client_method #define TLSv1_2_client_method TLS_client_method +#define DTLSv1_client_method DTLS_client_method +#define DTLSv1_2_client_method DTLS_client_method #endif /* OPENSSL_1_1_0 */ +#ifndef DTLSv1_2_client_method +#define DTLSv1_2_client_method DTLSv1_client_method +#endif /* DTLSv1_2_client_method */ #undef STRING #undef crypt @@ -186,26 +201,44 @@ SSLSTREAM *ssl_aopen (NETMBX *mb,char *service,char *usrbuf) */ const SSL_METHOD *ssl_connect_mthd(int flag) { -#ifdef OPENSSL_1_1_0 - if(flag & NET_TRYTLS1) - return TLS_client_method(); + if (flag & NET_TRYTLS1) +#ifndef OPENSSL_NO_TLS1_METHOD + return TLSv1_client_method(); #else - if(flag & NET_TRYTLS1) - return TLSv1_client_method(); -#endif /* OPENSSL_1_1_0 */ -#ifdef TLSV1_2 - else if(flag & NET_TRYTLS1_1) - return TLSv1_1_client_method(); - else if(flag & NET_TRYTLS1_2) - return TLSv1_2_client_method(); -#endif /* TLSV1_2 */ -#ifdef OPENSSL_1_1_0 - else if(flag & NET_TRYDTLS1) - return DTLS_client_method(); + return TLS_client_method(); +#endif /* OPENSSL_NO_TLS1_METHOD */ + + else if(flag & NET_TRYTLS1_1) +#ifndef OPENSSL_NO_TLS1_1_METHOD + return TLSv1_1_client_method(); +#else + return TLS_client_method(); +#endif /* OPENSSL_NO_TLS1_1_METHOD */ + + else if(flag & NET_TRYTLS1_2) +#ifndef OPENSSL_NO_TLS1_2_METHOD + return TLSv1_2_client_method(); #else + return TLS_client_method(); +#endif /* OPENSSL_NO_TLS1_2_METHOD */ + + else if(flag & NET_TRYTLS1_3) + return TLS_client_method(); + else if(flag & NET_TRYDTLS1) - return DTLSv1_client_method(); -#endif /* OPENSSL_1_1_0 */ +#ifndef OPENSSL_NO_DTLS1_METHOD + return DTLSv1_client_method(); +#else + return DTLS_client_method(); +#endif /* OPENSSL_NO_DTLS1_METHOD */ + + else if(flag & NET_TRYDTLS1_2) +#ifndef OPENSSL_NO_DTLS1_METHOD + return DTLSv1_2_client_method(); +#else + return DTLS_client_method(); +#endif /* OPENSSL_NO_DTLS1_METHOD */ + else return SSLv23_client_method(); } |