* new version 2.11.8

* Fix in configure script for recognition of SSL files in Ubuntu 12.04 * Alpine does not attempt to automatically reopen a collection that was not opened due to cancellation by the user. Instead, the user must try to open it explicitly. * few improvements on new /tls1, /tls1_1, etc. options.
author: Eduardo Chappa <chappa@washington.edu> 2013-10-06 23:58:51 -0600
committer: Eduardo Chappa <chappa@washington.edu> 2013-10-06 23:58:51 -0600
commit: 30a979ab1460a57d466a6a5cc6adb96eac452ce4 (patch)
tree: 1aec0ebb21be40922bc5a708c7780fb0db602202 /pith
parent: c5bb25b1320af6cda4cc62ea9e15fbb03ee92026 (diff)
download: alpine-30a979ab1460a57d466a6a5cc6adb96eac452ce4.tar.xz
8 files changed, 116 insertions, 28 deletions
diff --git a/pith/conf.c b/pith/conf.c
index 10c64cfa..7cd1f83d 100644
--- a/pith/conf.c
+++ b/pith/conf.c
@@ -8041,14 +8041,14 @@ get_supported_options(void)
     /*
      * Line count:
      *   Title + blank			= 2
-     *   SSL Title + SSL lines + blank	= 4
+     *   SSL Title + SSL lines + blank	= 5
      *   Auth title + blank		= 2
      *   Driver title + blank		= 2
      *   LDAP title + LDAP line 	= 2
      *   Disabled explanation + blank line = 4
      *   end				= 1
      */
-    cnt = 17;
+    cnt = 18;
     for(a = mail_lookup_auth(1); a; a = a->next)
       cnt++;
     for(d = (DRIVER *)mail_parameters(NIL, GET_DRIVERS, NIL);
@@ -8078,6 +8078,10 @@ get_supported_options(void)
       config[cnt] = cpystr(_("  TLS and SSL"));
     else
       config[cnt] = cpystr(_("  None (no TLS or SSL)"));
+#ifdef SSL_SUPPORTS_TLSV1_2
+    if(++cnt < alcnt)
+      config[cnt] = cpystr("  TLSv1.1, TLSv1.2, and DTLSv1");
+#endif
 #ifdef SMIME
     if(++cnt < alcnt)
       config[cnt] = cpystr("  S/MIME");
diff --git a/pith/conftype.h b/pith/conftype.h
index c654f6c5..61472105 100644
--- a/pith/conftype.h
+++ b/pith/conftype.h
@@ -683,7 +683,7 @@ typedef struct smime_stuff {
     unsigned entered_passphrase:1;	/* user entered a passphrase */
     unsigned already_auto_asked:1;	/* asked for passphrase automatically, not again */
     volatile char passphrase[100];	/* storage for the entered passphrase */
-    char    *passphrase_emailaddr;	/* pointer to allocated storage */
+    char   **passphrase_emailaddr;	/* pointer to allocated storage */
 
     /*
      * If we are using the Container type it is easiest if we
diff --git a/pith/folder.c b/pith/folder.c
index 4536400e..e4ddcfc0 100644
--- a/pith/folder.c
+++ b/pith/folder.c
@@ -966,7 +966,8 @@ build_folder_list(MAILSTREAM **stream, CONTEXT_S *context, char *pat, char *cont
 	  ldata.stream = sp_stream_get(context->context, SP_SAME);
 
 	/* gotta open a new one? */
-	if(!ldata.stream){
+	if((F_OFF(F_CMBND_FOLDER_DISP, ps_global) 
+		|| context->update == LUU_INIT) && !ldata.stream){
 	    ldata.stream = mail_cmd_stream(context, &local_open);
 	    if(stream)
 	      *stream = ldata.stream;
@@ -978,6 +979,7 @@ build_folder_list(MAILSTREAM **stream, CONTEXT_S *context, char *pat, char *cont
 
 	if(!ldata.stream){
 	    context->use &= ~CNTXT_PARTFIND;	/* unset partial find bit */
+	    context->update = LUU_NOMORECHK;
 	    if(we_cancel)
 	      cancel_busy_cue(-1);
 
@@ -1021,6 +1023,7 @@ build_folder_list(MAILSTREAM **stream, CONTEXT_S *context, char *pat, char *cont
       set_read_predicted(0);
     }
 
+    context->update = LUU_INIT;
     if(context->dir && response.response.delim)
       context->dir->delim = response.response.delim;
 
diff --git a/pith/foldertype.h b/pith/foldertype.h
index 95d8b14a..509b07a3 100644
--- a/pith/foldertype.h
+++ b/pith/foldertype.h
@@ -123,6 +123,7 @@ typedef struct context {
 	short		 i;			/* index into config list  */
     } var;
 
+    time_t	     update;			/* update state		   */
     unsigned short   use,			/* use flags (see below)   */
 		     d_line;			/* display line for labels */
     SELECTED_S       selected;
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 964389f2..8e0feacb 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
 reasonable place to be called from.
 Dummy change to get revision in pine.hlp
 ============= h_revision =================
-Alpine Commit 31 2013-09-15 20:38:27
+Alpine Commit 33 2013-10-05 22:46:52
 ============= h_news =================
 <HTML>
 <HEAD>
@@ -179,6 +179,13 @@ Additions include:
 <P>
 
 <UL>
+  <LI> Alpine does not attempt to automatically reopen a collection that 
+       was not opened due to cancellation by the user. Instead, the user
+       must try to open it explicitly.
+  <LI> Alpine searches for a certificate that matches an email address in
+       all addresses in a certificate (instead of just the first one) but 
+       when it tries to unlock the certificate, it asks for the password 
+       for the first email address in that certificate.
   <LI> Add /tls1, /tls1_1, /tls1_2 and /dtls1 to the definition of a 
        server to use different ways to connect using ssl, for example 
        {server.com/tls1} will attempt to connect to server.com at the ssl 
@@ -19832,6 +19839,59 @@ Alpine must be linked with an SSL library for this option to be operational.
 
 </DD>
 
+<DT>TLS1</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the TLSv1 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/tls1</SAMP></CENTER>
+<P>
+
+</DD>
+
+<DT>DTLS1</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the DTLSv1 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/dtls1</SAMP></CENTER>
+<P>
+
+</DD>
+
+<DT>TLS1_1</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the TLSv1.1 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/tls1_1</SAMP></CENTER>
+<P>
+
+</DD>
+
+<DT>TLS1_2</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the TLSv1.2 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/tls1_2</SAMP></CENTER>
+<P>
+
+</DD>
+
+
 <DT>NoValidate-Cert</DT>
 <DD>Do not validate certificates (for TLS or SSL connections) from the server.
 This is needed if the server uses self-signed certificates or if Alpine
diff --git a/pith/smime.c b/pith/smime.c
index d212b233..532948bf 100644
--- a/pith/smime.c
+++ b/pith/smime.c
@@ -1166,8 +1166,12 @@ load_private_key(PERSONAL_CERT *pcert)
 	      ps_global->smime->need_passphrase = 1;
 	    
 	    if(ps_global->smime){
-		if(ps_global->smime->passphrase_emailaddr)
-		  fs_give((void **) &ps_global->smime->passphrase_emailaddr);
+		if(ps_global->smime->passphrase_emailaddr){
+		  int i;
+		  for(i = 0; ps_global->smime->passphrase_emailaddr[i] != NULL; i++)
+		     fs_give((void **)&ps_global->smime->passphrase_emailaddr[i]);
+		  fs_give((void **) ps_global->smime->passphrase_emailaddr);
+		}
 
 		ps_global->smime->passphrase_emailaddr = get_x509_subject_email(pcert->cert);
 	    }
@@ -1213,7 +1217,8 @@ match_personal_cert_to_email(ADDRESS *a)
 {
     PERSONAL_CERT   *pcert = NULL;
     char	buf[MAXPATH];
-    char    	*email;
+    char    	**email;
+    int i, done;
 
     if(!a || !a->mailbox || !a->host)
       return NULL;
@@ -1230,12 +1235,17 @@ match_personal_cert_to_email(ADDRESS *a)
 	
 	    email = get_x509_subject_email(pcert->cert);
 
-	    if(email && strucmp(email,buf)==0){
-		fs_give((void**) &email);
-		break;
+	    done = 0;
+	    if(email != NULL){
+		for(i = 0; email[i] && strucmp(email[i], buf) != 0; i++);
+		if(email[i] != NULL) done++;
+		for(i = 0; email[i] != NULL; i++)
+		   fs_give((void **)&email[i]);
+		fs_give((void **)email);
 	    }
 
-	    fs_give((void**) &email);
+	    if(done > 0)
+	      break;
 	}
     }
     
@@ -1634,7 +1644,7 @@ do_signature_verify(PKCS7 *p7, BIO *in, BIO *out)
 
         if(signers)
             for(i=0; i<sk_X509_num(signers); i++){
-		char	*email;
+		char	**email;
                 X509	*x = sk_X509_value(signers,i);
 		X509	*cert;
 		
@@ -1644,13 +1654,16 @@ do_signature_verify(PKCS7 *p7, BIO *in, BIO *out)
     	    	email = get_x509_subject_email(x);
     	    	
 		if(email){
-		    cert = get_cert_for(email);
-		    if(cert)
-		      X509_free(cert);
-		    else
-    	    	      save_cert_for(email, x);
-
-		    fs_give((void**) &email);
+		    int i;
+		    for(i = 0; email[i] != NULL; i++){
+			cert = get_cert_for(email[i]);
+			if(cert)
+			  X509_free(cert);
+			else
+			  save_cert_for(email[i], x);
+			fs_give((void **) &email[i]);
+		    }
+		    fs_give((void **) email);
     	    	}
             }
 
@@ -2338,8 +2351,12 @@ static void
 free_smime_struct(SMIME_STUFF_S **smime)
 {
     if(smime && *smime){
-	if((*smime)->passphrase_emailaddr)
-	  fs_give((void **) &(*smime)->passphrase_emailaddr);
+	if((*smime)->passphrase_emailaddr){
+	  int i;
+	  for(i = 0; (*smime)->passphrase_emailaddr[i] != NULL; i++)
+	     fs_give((void **) &(*smime)->passphrase_emailaddr[i]);
+	  fs_give((void **) (*smime)->passphrase_emailaddr);
+	}
 
 	if((*smime)->publicpath)
 	  fs_give((void **) &(*smime)->publicpath);
diff --git a/pith/smkeys.c b/pith/smkeys.c
index 5a827070..e815a59a 100644
--- a/pith/smkeys.c
+++ b/pith/smkeys.c
@@ -273,14 +273,17 @@ get_x509_subject_email(X509 *x)
  * address not only in the email address field, but also in an
  * X509v3 extension field, Subject Altenative Name.
  */
-char *
+char **
 get_x509_subject_email(X509 *x)
 {
-    char *result = NULL;
+    char **result = NULL;
+    int i, n;
     STACK_OF(OPENSSL_STRING) *emails = X509_get1_email(x);
-    if (sk_OPENSSL_STRING_num(emails) > 0) {
-	/* take the first one on the stack */
-	result = cpystr(sk_OPENSSL_STRING_value(emails, 0));
+    if ((n = sk_OPENSSL_STRING_num(emails)) > 0) {
+	result = fs_get((n+1)*sizeof(char *));
+	for(i = 0; i < n; i++)
+	  result[i] = cpystr(sk_OPENSSL_STRING_value(emails, i));
+	result[i] = NULL;
     }
     X509_email_free(emails);
     return result;
diff --git a/pith/smkeys.h b/pith/smkeys.h
index 0c6db8eb..d3c9031f 100644
--- a/pith/smkeys.h
+++ b/pith/smkeys.h
@@ -48,7 +48,7 @@ X509_STORE    *get_ca_store(void);
 PERSONAL_CERT *get_personal_certs(char *d);
 X509          *get_cert_for(char *email);
 void           save_cert_for(char *email, X509 *cert);
-char          *get_x509_subject_email(X509 *x);
+char         **get_x509_subject_email(X509 *x);
 EVP_PKEY      *load_key(PERSONAL_CERT *pc, char *pass);
 CertList      *mem_to_certlist(char *contents);
 void           add_to_end_of_certlist(CertList **cl, char *name, X509 *cert);
author	Eduardo Chappa <chappa@washington.edu>	2013-10-06 23:58:51 -0600
committer	Eduardo Chappa <chappa@washington.edu>	2013-10-06 23:58:51 -0600
commit	30a979ab1460a57d466a6a5cc6adb96eac452ce4 (patch)
tree	1aec0ebb21be40922bc5a708c7780fb0db602202 /pith
parent	c5bb25b1320af6cda4cc62ea9e15fbb03ee92026 (diff)
download	alpine-30a979ab1460a57d466a6a5cc6adb96eac452ce4.tar.xz