summaryrefslogtreecommitdiff
path: root/imap/src
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2018-09-29 22:59:37 -0600
committerEduardo Chappa <chappa@washington.edu>2018-09-29 22:59:37 -0600
commit924c47dd50a7b74136b8a60e9ea8d347ff65425b (patch)
treebcbaaeb98807a7cb12bf16188c66a5ea938d0255 /imap/src
parent879f42fa445aa684ffbab7d404941a9d24a4863a (diff)
downloadalpine-924c47dd50a7b74136b8a60e9ea8d347ff65425b.tar.xz
* Add the /tls1_3 modifier to establish connections use the TLS protocol
version 1.3.
Diffstat (limited to 'imap/src')
-rw-r--r--imap/src/c-client/mail.c24
-rw-r--r--imap/src/c-client/mail.h12
-rw-r--r--imap/src/osdep/nt/ssl_nt.c73
-rw-r--r--imap/src/osdep/unix/ssl_unix.c67
4 files changed, 130 insertions, 46 deletions
diff --git a/imap/src/c-client/mail.c b/imap/src/c-client/mail.c
index 43db47aa..8ac8ba63 100644
--- a/imap/src/c-client/mail.c
+++ b/imap/src/c-client/mail.c
@@ -827,19 +827,29 @@ long mail_valid_net_parse_work (char *name,NETMBX *mb,char *service)
else if (mailssldriver && !compare_cstring (s,"ssl") && !mb->tlsflag)
mb->sslflag = mb->notlsflag = T;
else if (!compare_cstring(s, "tls1")
- && !mb->tls1_1 && !mb->tls1_2 && !mb->dtls1)
+ && !mb->tls1_1 && !mb->tls1_2 && !mb->tls1_3
+ && !mb->dtls1 && !mb->dtls1_2)
mb->sslflag = mb->notlsflag = mb->tls1 = T;
-#ifdef TLSV1_2
else if (!compare_cstring(s, "tls1_1")
- && !mb->tls1 && !mb->tls1_2 && !mb->dtls1)
+ && !mb->tls1 && !mb->tls1_2 && !mb->tls1_3
+ && !mb->dtls1 && !mb->dtls1_2)
mb->sslflag = mb->notlsflag = mb->tls1_1 = T;
else if (!compare_cstring(s, "tls1_2")
- && !mb->tls1 && !mb->tls1_1 && !mb->dtls1)
+ && !mb->tls1 && !mb->tls1_1 && !mb->tls1_3
+ && !mb->dtls1 && !mb->dtls1_2)
mb->sslflag = mb->notlsflag = mb->tls1_2 = T;
-#endif
+ else if (!compare_cstring(s, "tls1_3")
+ && !mb->tls1 && !mb->tls1_1 && !mb->tls1_2
+ && !mb->dtls1 && !mb->dtls1_2)
+ mb->sslflag = mb->notlsflag = mb->tls1_3 = T;
else if (!compare_cstring(s, "dtls1")
- && !mb->tls1 && !mb->tls1_1 && !mb->tls1_2)
+ && !mb->tls1 && !mb->tls1_1 && !mb->tls1_2
+ && !mb->tls1_3 && !mb->dtls1_2)
mb->sslflag = mb->notlsflag = mb->dtls1 = T;
+ else if (!compare_cstring(s, "dtls1_2")
+ && !mb->tls1 && !mb->tls1_1 && !mb->tls1_2
+ && !mb->tls1_3 && !mb->dtls1)
+ mb->sslflag = mb->notlsflag = mb->dtls1_2 = T;
else if (mailssldriver && !compare_cstring (s,"novalidate-cert"))
mb->novalidate = T;
/* hack for compatibility with the past */
@@ -6220,7 +6230,9 @@ NETSTREAM *net_open (NETMBX *mb,NETDRIVER *dv,unsigned long port,
flags |= mb->tls1 || mb->tlsflag ? NET_TRYTLS1 : 0;
flags |= mb->tls1_1 ? NET_TRYTLS1_1 : 0;
flags |= mb->tls1_2 ? NET_TRYTLS1_2 : 0;
+ flags |= mb->tls1_3 ? NET_TRYTLS1_3 : 0;
flags |= mb->dtls1 ? NET_TRYDTLS1 : 0;
+ flags |= mb->dtls1_2 ? NET_TRYDTLS1_2 : 0;
if (strlen (mb->host) >= NETMAXHOST) {
sprintf (tmp,"Invalid host name: %.80s",mb->host);
MM_LOG (tmp,ERROR);
diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h
index fc3f3862..e5755e54 100644
--- a/imap/src/c-client/mail.h
+++ b/imap/src/c-client/mail.h
@@ -442,13 +442,17 @@
/* try SSL mode */
#define NET_TRYSSL ((unsigned long) 0x8000000)
/* try TLS1 mode */
-#define NET_TRYTLS1 ((unsigned long) 0x1000000)
+#define NET_TRYTLS1 ((unsigned long) 0x4000000)
/* try TLS1_1 mode */
#define NET_TRYTLS1_1 ((unsigned long) 0x2000000)
/* try TLS1_2 mode */
-#define NET_TRYTLS1_2 ((unsigned long) 0x4000000)
+#define NET_TRYTLS1_2 ((unsigned long) 0x1000000)
+ /* try TLS1_3 mode */
+#define NET_TRYTLS1_3 ((unsigned long) 0x800000)
/* try DTLS1 mode */
-#define NET_TRYDTLS1 ((unsigned long) 0x8000000)
+#define NET_TRYDTLS1 ((unsigned long) 0x400000)
+ /* try DTLS1_2 mode */
+#define NET_TRYDTLS1_2 ((unsigned long) 0x200000)
/* Close options */
@@ -691,7 +695,9 @@ typedef struct net_mailbox {
unsigned int tls1 : 1; /* Use TLSv1 */
unsigned int tls1_1 : 1; /* Use TLSv1.1 */
unsigned int tls1_2 : 1; /* Use TLSV1.2 */
+ unsigned int tls1_3 : 1; /* Use TLSV1.3 */
unsigned int dtls1 : 1; /* Use DTLSv1 */
+ unsigned int dtls1_2 : 1; /* Use DTLSv1.2 */
unsigned int trysslflag : 1; /* try SSL driver first flag */
unsigned int novalidate : 1; /* don't validate certificates */
unsigned int tlsflag : 1; /* TLS flag */
diff --git a/imap/src/osdep/nt/ssl_nt.c b/imap/src/osdep/nt/ssl_nt.c
index d352980e..b4d7e1d2 100644
--- a/imap/src/osdep/nt/ssl_nt.c
+++ b/imap/src/osdep/nt/ssl_nt.c
@@ -37,15 +37,30 @@
#ifdef OPENSSL_1_1_0
#include <rsa.h>
#include <bn.h>
+#ifdef TLSv1_client_method
+#undef TLSv1_client_method
+#endif /* TLSv1_client_method */
#ifdef TLSv1_1_client_method
-#undef TLSv1_1_client_method
+#undef TLSv1_1_client_method
#endif /* TLSv1_1_client_method */
#ifdef TLSv1_2_client_method
#undef TLSv1_2_client_method
#endif /* TLSv1_2_client_method */
+#ifdef DTLSv1_client_method
+#undef DTLSv1_client_method
+#endif /* DTLSv1_client_method */
+#ifdef DTLSv1_2_client_method
+#undef DTLSv1_2_client_method
+#endif /* DTLSv1_2_client_method */
+#define TLSv1_client_method TLS_client_method
#define TLSv1_1_client_method TLS_client_method
#define TLSv1_2_client_method TLS_client_method
-#endif /* OPENSSL_1_1_0 */
+#define DTLSv1_client_method DTLS_client_method
+#define DTLSv1_2_client_method DTLS_client_method
+#endif /* OPENSSL_1_1_0 */
+#ifndef DTLSv1_2_client_method
+#define DTLSv1_2_client_method DTLSv1_client_method
+#endif /* DTLSv1_2_client_method */
#undef STRING
#undef crypt
@@ -187,26 +202,44 @@ SSLSTREAM *ssl_aopen (NETMBX *mb,char *service,char *usrbuf)
*/
const SSL_METHOD *ssl_connect_mthd(int flag)
{
-#ifdef OPENSSL_1_1_0
- if(flag & NET_TRYTLS1)
- return TLS_client_method();
+ if (flag & NET_TRYTLS1)
+#ifndef OPENSSL_NO_TLS1_METHOD
+ return TLSv1_client_method();
#else
- if(flag & NET_TRYTLS1)
- return TLSv1_client_method();
-#endif /* OPENSSL_1_1_0 */
-#ifdef TLSV1_2
- else if(flag & NET_TRYTLS1_1)
- return TLSv1_1_client_method();
- else if(flag & NET_TRYTLS1_2)
- return TLSv1_2_client_method();
-#endif /* TLSV1_2 */
-#ifdef OPENSSL_1_1_0
- else if(flag & NET_TRYDTLS1)
- return DTLS_client_method();
+ return TLS_client_method();
+#endif /* OPENSSL_NO_TLS1_METHOD */
+
+ else if(flag & NET_TRYTLS1_1)
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+ return TLSv1_1_client_method();
#else
- else if(flag & NET_TRYDTLS1)
- return DTLSv1_client_method();
-#endif /* OPENSSL_1_1_0 */
+ return TLS_client_method();
+#endif /* OPENSSL_NO_TLS1_1_METHOD */
+
+ else if(flag & NET_TRYTLS1_2)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+ return TLSv1_2_client_method();
+#else
+ return TLS_client_method();
+#endif /* OPENSSL_NO_TLS1_2_METHOD */
+
+ else if(flag & NET_TRYTLS1_3)
+ return TLS_client_method();
+
+ else if(flag & NET_TRYDTLS1)
+#ifndef OPENSSL_NO_DTLS1_METHOD
+ return DTLSv1_client_method();
+#else
+ return DTLS_client_method();
+#endif /* OPENSSL_NO_DTLS1_METHOD */
+
+ else if(flag & NET_TRYDTLS1_2)
+#ifndef OPENSSL_NO_DTLS1_METHOD
+ return DTLSv1_2_client_method();
+#else
+ return DTLS_client_method();
+#endif /* OPENSSL_NO_DTLS1_METHOD */
+
else return SSLv23_client_method();
}
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c
index 4c4d6ef8..ffd37775 100644
--- a/imap/src/osdep/unix/ssl_unix.c
+++ b/imap/src/osdep/unix/ssl_unix.c
@@ -36,15 +36,30 @@
#ifdef OPENSSL_1_1_0
#include <rsa.h>
#include <bn.h>
+#ifdef TLSv1_client_method
+#undef TLSv1_client_method
+#endif /* TLSv1_client_method */
#ifdef TLSv1_1_client_method
#undef TLSv1_1_client_method
#endif /* TLSv1_1_client_method */
#ifdef TLSv1_2_client_method
#undef TLSv1_2_client_method
#endif /* TLSv1_2_client_method */
+#ifdef DTLSv1_client_method
+#undef DTLSv1_client_method
+#endif /* DTLSv1_client_method */
+#ifdef DTLSv1_2_client_method
+#undef DTLSv1_2_client_method
+#endif /* DTLSv1_2_client_method */
+#define TLSv1_client_method TLS_client_method
#define TLSv1_1_client_method TLS_client_method
#define TLSv1_2_client_method TLS_client_method
+#define DTLSv1_client_method DTLS_client_method
+#define DTLSv1_2_client_method DTLS_client_method
#endif /* OPENSSL_1_1_0 */
+#ifndef DTLSv1_2_client_method
+#define DTLSv1_2_client_method DTLSv1_client_method
+#endif /* DTLSv1_2_client_method */
#undef STRING
#undef crypt
@@ -186,26 +201,44 @@ SSLSTREAM *ssl_aopen (NETMBX *mb,char *service,char *usrbuf)
*/
const SSL_METHOD *ssl_connect_mthd(int flag)
{
-#ifdef OPENSSL_1_1_0
- if(flag & NET_TRYTLS1)
- return TLS_client_method();
+ if (flag & NET_TRYTLS1)
+#ifndef OPENSSL_NO_TLS1_METHOD
+ return TLSv1_client_method();
#else
- if(flag & NET_TRYTLS1)
- return TLSv1_client_method();
-#endif /* OPENSSL_1_1_0 */
-#ifdef TLSV1_2
- else if(flag & NET_TRYTLS1_1)
- return TLSv1_1_client_method();
- else if(flag & NET_TRYTLS1_2)
- return TLSv1_2_client_method();
-#endif /* TLSV1_2 */
-#ifdef OPENSSL_1_1_0
- else if(flag & NET_TRYDTLS1)
- return DTLS_client_method();
+ return TLS_client_method();
+#endif /* OPENSSL_NO_TLS1_METHOD */
+
+ else if(flag & NET_TRYTLS1_1)
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+ return TLSv1_1_client_method();
+#else
+ return TLS_client_method();
+#endif /* OPENSSL_NO_TLS1_1_METHOD */
+
+ else if(flag & NET_TRYTLS1_2)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+ return TLSv1_2_client_method();
#else
+ return TLS_client_method();
+#endif /* OPENSSL_NO_TLS1_2_METHOD */
+
+ else if(flag & NET_TRYTLS1_3)
+ return TLS_client_method();
+
else if(flag & NET_TRYDTLS1)
- return DTLSv1_client_method();
-#endif /* OPENSSL_1_1_0 */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+ return DTLSv1_client_method();
+#else
+ return DTLS_client_method();
+#endif /* OPENSSL_NO_DTLS1_METHOD */
+
+ else if(flag & NET_TRYDTLS1_2)
+#ifndef OPENSSL_NO_DTLS1_METHOD
+ return DTLSv1_2_client_method();
+#else
+ return DTLS_client_method();
+#endif /* OPENSSL_NO_DTLS1_METHOD */
+
else return SSLv23_client_method();
}