summaryrefslogtreecommitdiff
path: root/imap
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2021-04-17 23:22:48 -0600
committerEduardo Chappa <chappa@washington.edu>2021-04-17 23:22:48 -0600
commitec66afcc51369f994cf04960fc4828cb007176bd (patch)
tree2056be54d1b2ff06a02377c41594efe4c29274d3 /imap
parentcd24f8efb57dd2b057ab6a216ff3789876c62420 (diff)
downloadalpine-ec66afcc51369f994cf04960fc4828cb007176bd.tar.xz
* Add new variable ssl-ciphers to list the ciphers that will be used when
negotiating a secure connection with a SSL server. Work in collaboration with professor Martin Trusler.
Diffstat (limited to 'imap')
-rw-r--r--imap/src/c-client/mail.h2
-rw-r--r--imap/src/osdep/unix/env_unix.c8
-rw-r--r--imap/src/osdep/unix/ssl_unix.c4
3 files changed, 13 insertions, 1 deletions
diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h
index 9fc1c714..d40d7ebe 100644
--- a/imap/src/c-client/mail.h
+++ b/imap/src/c-client/mail.h
@@ -248,6 +248,8 @@
#define SET_ENCRYPTION_RANGE_MIN (long) 339
#define GET_ENCRYPTION_RANGE_MAX (long) 340
#define SET_ENCRYPTION_RANGE_MAX (long) 341
+#define GET_SSLCIPHERS (long) 342
+#define SET_SSLCIPHERS (long) 343
/* 4xx: network drivers */
#define GET_MAXLOGINTRIALS (long) 400
diff --git a/imap/src/osdep/unix/env_unix.c b/imap/src/osdep/unix/env_unix.c
index afec59b1..c41a5d04 100644
--- a/imap/src/osdep/unix/env_unix.c
+++ b/imap/src/osdep/unix/env_unix.c
@@ -76,6 +76,7 @@ static char *sslCApath = NIL; /* non-standard CA path */
static char *sslCAfile = NIL; /* non-standard CA container */
static char *sslAppCApath = NIL; /* App SSL CA path */
static char *sslAppCAfile = NIL; /* App SSL CA container */
+static char *sslciphers = NIL; /* ciphers to negotiate with a SSL server */
static short anonymous = NIL; /* is anonymous */
static short blackBox = NIL; /* is a black box */
static short closedBox = NIL; /* is a closed box (uses chroot() jail) */
@@ -370,6 +371,13 @@ void *env_parameters (long function,void *value)
case GET_SSLAPPCAFILE:
ret = (void *) sslAppCAfile;
break;
+ case SET_SSLCIPHERS: /* this can be set null */
+ if (sslciphers) fs_give ((void **) &sslciphers);
+ sslciphers = value ? cpystr ((char *) value) : value;
+ break;
+ case GET_SSLCIPHERS:
+ ret = (void *) sslciphers;
+ break;
case SET_LISTMAXLEVEL:
list_max_level = (long) value;
case GET_LISTMAXLEVEL:
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c
index 1f64b57e..5d3ffcd8 100644
--- a/imap/src/osdep/unix/ssl_unix.c
+++ b/imap/src/osdep/unix/ssl_unix.c
@@ -395,7 +395,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
int minv, maxv;
int masklow, maskhigh;
char *s,*t,*err,tmp[MAILTMPLEN], buf[256];
- char *CAfile, *CApath;
+ char *CAfile, *CApath, *ciphers;
sslcertificatequery_t scq =
(sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
sslclientcert_t scc =
@@ -414,6 +414,8 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ /* set cipher list */
+ ciphers = (char *) mail_parameters (NIL,GET_SSLCIPHERS,NIL);
/* if a non-standard path desired */
CAfile = (char *) mail_parameters (NIL,GET_SSLCAFILE,NIL);
CApath = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL);