diff options
author | Eduardo Chappa <chappa@washington.edu> | 2020-07-18 00:53:34 -0600 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2020-07-18 00:53:34 -0600 |
commit | ef159279c142ec4f3b3a1938cfeadc74d5891070 (patch) | |
tree | 6a670c9b33666abcb81c824bb36fdc7c920d697d /imap/src | |
parent | 50f4fdaa40ab3195377f22243c3ba4287389d207 (diff) | |
download | alpine-ef159279c142ec4f3b3a1938cfeadc74d5891070.tar.xz |
* Addition of the variables User Certs Dir and User Certs File, which allow
a user to specify the location of server certificates that the user trusts.
Diffstat (limited to 'imap/src')
-rw-r--r-- | imap/src/c-client/mail.h | 8 | ||||
-rw-r--r-- | imap/src/osdep/nt/env_nt.c | 16 | ||||
-rw-r--r-- | imap/src/osdep/nt/ssl_libressl.c | 6 | ||||
-rw-r--r-- | imap/src/osdep/unix/env_unix.c | 16 | ||||
-rw-r--r-- | imap/src/osdep/unix/ssl_unix.c | 5 |
5 files changed, 48 insertions, 3 deletions
diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h index 32df37ba..adcad4d9 100644 --- a/imap/src/c-client/mail.h +++ b/imap/src/c-client/mail.h @@ -196,8 +196,12 @@ #define SET_SSLCAPATH (long) 232 #define GET_SSLCAFILE (long) 233 #define SET_SSLCAFILE (long) 234 -#define GET_RESTRICTIONS (long) 235 -#define SET_RESTRICTIONS (long) 236 +#define GET_SSLAPPCAPATH (long) 235 +#define SET_SSLAPPCAPATH (long) 236 +#define GET_SSLAPPCAFILE (long) 237 +#define SET_SSLAPPCAFILE (long) 238 +#define GET_RESTRICTIONS (long) 239 +#define SET_RESTRICTIONS (long) 240 /* 3xx: TCP/IP */ #define GET_OPENTIMEOUT (long) 300 diff --git a/imap/src/osdep/nt/env_nt.c b/imap/src/osdep/nt/env_nt.c index 8fc72f0c..52211ea2 100644 --- a/imap/src/osdep/nt/env_nt.c +++ b/imap/src/osdep/nt/env_nt.c @@ -45,6 +45,8 @@ static int server_nli = 0; /* server and not logged in */ static int logtry = 3; /* number of login tries */ static char *sslCApath = NIL; /* non-standard CA path */ static char *sslCAfile = NIL; /* non-standard CA container */ +static char *sslAppCApath = NIL; /* App SSL Certs CA path */ +static char *sslAppCAfile = NIL; /* App SSL CA container */ /* block notification */ static blocknotify_t mailblocknotify = mm_blocknotify; /* callback to get username */ @@ -143,6 +145,20 @@ void *env_parameters (long function,void *value) case GET_SSLCAFILE: ret = (void *) sslCAfile; break; + case SET_SSLAPPCAPATH: /* this can be set null */ + if (sslAppCApath) fs_give ((void **) &sslAppCApath); + sslAppCApath = value ? cpystr ((char *) value) : value; + break; + case GET_SSLAPPCAPATH: + ret = (void *) sslAppCApath; + break; + case SET_SSLCAFILE: /* this can be set null */ + if (sslAppCAfile) fs_give ((void **) &sslAppCAfile); + sslAppCAfile = value ? cpystr ((char *) value) : value; + break; + case GET_SSLAPPCAFILE: + ret = (void *) sslAppCAfile; + break; } return ret; } diff --git a/imap/src/osdep/nt/ssl_libressl.c b/imap/src/osdep/nt/ssl_libressl.c index 5270a9f8..04dfb36e 100644 --- a/imap/src/osdep/nt/ssl_libressl.c +++ b/imap/src/osdep/nt/ssl_libressl.c @@ -8,7 +8,7 @@ * * Author: Eduardo Chappa, based on ssl_unix.c * - * Last Edited: January 25, 2020 + * Last Edited: July 17, 2020 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -413,6 +413,10 @@ static char *ssl_start_work(SSLSTREAM *stream, char *host, unsigned long flags) SSL_CTX_load_verify_locations (stream->context, CAfile, CApath); else /* otherwise we set default paths to CAs... */ SSL_CTX_set_default_verify_paths(stream->context); + CAfile = (char *) mail_parameters (NIL,GET_SSLAPPCAFILE,NIL); + CApath = (char *) mail_parameters (NIL,GET_SSLAPPCAPATH,NIL); + if (CAfile != NIL || CApath != NIL) + SSL_CTX_load_verify_locations (stream->context, CAfile, CApath); /* want to send client certificate? */ if (scc && (s = (*scc) ()) && (sl = strlen(s))) { if ((cert = PEM_read_bio_X509(bio = BIO_new_mem_buf(s, sl), NIL, NIL, NIL)) != NIL) { diff --git a/imap/src/osdep/unix/env_unix.c b/imap/src/osdep/unix/env_unix.c index fe1b91d4..afec59b1 100644 --- a/imap/src/osdep/unix/env_unix.c +++ b/imap/src/osdep/unix/env_unix.c @@ -74,6 +74,8 @@ static char *blackBoxDir = NIL; /* black box directory name */ static char *blackBoxDefaultHome = NIL; static char *sslCApath = NIL; /* non-standard CA path */ static char *sslCAfile = NIL; /* non-standard CA container */ +static char *sslAppCApath = NIL; /* App SSL CA path */ +static char *sslAppCAfile = NIL; /* App SSL CA container */ static short anonymous = NIL; /* is anonymous */ static short blackBox = NIL; /* is a black box */ static short closedBox = NIL; /* is a closed box (uses chroot() jail) */ @@ -354,6 +356,20 @@ void *env_parameters (long function,void *value) case GET_SSLCAFILE: ret = (void *) sslCAfile; break; + case SET_SSLAPPCAPATH: /* this can be set null */ + if (sslAppCApath) fs_give ((void **) &sslAppCApath); + sslAppCApath = value ? cpystr ((char *) value) : value; + break; + case GET_SSLAPPCAPATH: + ret = (void *) sslAppCApath; + break; + case SET_SSLAPPCAFILE: /* this can be set null */ + if (sslAppCAfile) fs_give ((void **) &sslAppCAfile); + sslAppCAfile = value ? cpystr ((char *) value) : value; + break; + case GET_SSLAPPCAFILE: + ret = (void *) sslAppCAfile; + break; case SET_LISTMAXLEVEL: list_max_level = (long) value; case GET_LISTMAXLEVEL: diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 4ebe1ae7..1f64b57e 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -421,6 +421,11 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) SSL_CTX_load_verify_locations (stream->context, CAfile, CApath); else /* set default paths to CAs... */ SSL_CTX_set_default_verify_paths (stream->context); + /* Load app certificates */ + CAfile = (char *) mail_parameters (NIL,GET_SSLAPPCAFILE,NIL); + CApath = (char *) mail_parameters (NIL,GET_SSLAPPCAPATH,NIL); + if (CAfile != NIL || CApath != NIL) + SSL_CTX_load_verify_locations (stream->context, CAfile, CApath); /* want to send client certificate? */ if (scc && (s = (*scc) ()) && (sl = strlen (s))) { if ((cert = PEM_read_bio_X509 (bio = BIO_new_mem_buf (s,sl),NIL,NIL,NIL)) != NULL) { |