* New variable system-certs-path that allows users to indicate the

     location of the directory where folders are located. In PC-Alpine
     this must be C:\libressl\ssl\certs. The C: drive can be replaced by
     the name of the drive where the binary and DLL files are located.

4 files changed, 112 insertions, 1 deletions

diff --git a/pith/conf.c b/pith/conf.c
index 64cd13bd..d7ec5dbb 100644
--- a/pith/conf.c
+++ b/pith/conf.c
@@ -377,6 +377,10 @@ CONF_TXT_T cf_text_mailcap_path[] =	"Sets the search path for the mailcap config
 
 CONF_TXT_T cf_text_mimetype_path[] =	"Sets the search path for the mimetypes configuration file.\n# NOTE: colon delimited under UNIX, semi-colon delimited under DOS/Windows/OS2.";
 
+#if !defined(_WINDOWS) || (defined(ENABLE_WINDOWS_LIBRESSL) && defined(W32BITSBUILD))
+CONF_TXT_T cf_text_system_certs_path[] = "Sets the path for the system ssl certificates issued by a trusted\n# certificate authority. Note that this could be a list of paths, if the same\n# pinerc is used in different systems. Alpine always chooses the first one that\n# it finds. Value must be an absolute path.";
+#endif
+
 CONF_TXT_T cf_text_newmail_fifo_path[] = "Sets the filename for the newmail fifo (named pipe). Unix only.";
 
 CONF_TXT_T cf_text_nmw_width[] = "Sets the width for the NewMail screen.";
@@ -661,6 +665,10 @@ static struct variable variables[] = {
 	NULL,			cf_text_mailcap_path},
 {"mimetype-search-path",		0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0,
 	NULL,			cf_text_mimetype_path},
+#if !defined(_WINDOWS) || (defined(ENABLE_WINDOWS_LIBRESSL) && defined(W32BITSBUILD))
+{"system-certs-path",			0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0,
+	NULL,			cf_text_system_certs_path},
+#endif
 {"url-viewers",				0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0,
 	"URL-Viewers",		cf_text_browser},
 {"default-directories",			0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0,
@@ -746,8 +754,10 @@ static struct variable variables[] = {
 	NULL,			cf_text_disable_drivers},
 {"disable-these-authenticators",	0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0,
 	NULL,			cf_text_disable_auths},
+#ifdef DF_ENCRYPTION_RANGE
 {"encryption-protocol-range",		0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0,
 	NULL,			cf_text_encryption_range},
+#endif
 {"remote-abook-metafile",		0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0,
 	NULL,			cf_text_remote_abook_metafile},
 {"remote-abook-history",		0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0,
@@ -1723,6 +1733,10 @@ init_vars(struct pine *ps, void (*cmds_f) (struct pine *, char **))
     GLO_WP_INDEXHEIGHT          = cpystr("24");
     GLO_WP_AGGSTATE		= cpystr("1");
     GLO_WP_STATE		= cpystr("");
+#if !defined(_WINDOWS) || (defined(ENABLE_WINDOWS_LIBRESSL) && defined(W32BITSBUILD))
+    GLO_SSLCAPATH		= parse_list(DEFAULT_SSLCAPATH, 1,
+					     PL_REMSURRQUOT, NULL);
+#endif
 #ifdef	DF_VAR_SPELLER
     GLO_SPELLER			= cpystr(DF_VAR_SPELLER);
 #endif
@@ -2337,7 +2351,9 @@ init_vars(struct pine *ps, void (*cmds_f) (struct pine *, char **))
     set_current_val(&vars[V_FORCED_ABOOK_ENTRY], TRUE, TRUE);
     set_current_val(&vars[V_DISABLE_DRIVERS], TRUE, TRUE);
     set_current_val(&vars[V_DISABLE_AUTHS], TRUE, TRUE);
+#ifdef DF_ENCRYPTION_RANGE
     set_current_val(&vars[V_ENCRYPTION_RANGE], TRUE, TRUE);
+#endif
 
     set_current_val(&vars[V_VIEW_HEADERS], TRUE, TRUE);
     /* strip spaces and colons */
@@ -2364,6 +2380,9 @@ init_vars(struct pine *ps, void (*cmds_f) (struct pine *, char **))
     set_current_val(&vars[V_DOWNLOAD_CMD_PREFIX], TRUE, TRUE);
     set_current_val(&vars[V_MAILCAP_PATH], TRUE, TRUE);
     set_current_val(&vars[V_MIMETYPE_PATH], TRUE, TRUE);
+#if !defined(_WINDOWS) || (defined(ENABLE_WINDOWS_LIBRESSL) && defined(W32BITSBUILD))
+    set_current_val(&vars[V_SSLCAPATH], TRUE, TRUE);
+#endif
 #if !defined(DOS) && !defined(OS2) && !defined(LEAVEOUTFIFO)
     set_current_val(&vars[V_FIFOPATH], TRUE, TRUE);
 #endif
@@ -7048,6 +7067,22 @@ feature_gets_an_x(struct pine *ps, struct variable *var, FEATURE_S *feature,
 			  test_old_growth_bits(ps, feature->id)))));
 }
 
+#if !defined(_WINDOWS) || (defined(ENABLE_WINDOWS_LIBRESSL) && defined(W32BITSBUILD))
+void
+set_system_certs_path(struct pine *ps)
+{ 
+  char **l;
+
+  for (l = ps->vars[V_SSLCAPATH].current_val.l; l && *l; l++){
+      if(is_absolute_path(*l)
+	  && can_access(*l, ACCESS_EXISTS) == 0
+	  && can_access(*l, READ_ACCESS) == 0){
+           mail_parameters(NULL, SET_SSLCAPATH, (void *) *l);
+           break;
+      }
+  }
+}
+#endif
 
 int
 longest_feature_comment(struct pine *ps, EditWhich ew)
@@ -7837,8 +7872,10 @@ config_help(int var, int feature)
 	return(h_config_disable_drivers);
       case V_DISABLE_AUTHS :
 	return(h_config_disable_auths);
+#ifdef DF_ENCRYPTION_RANGE
       case V_ENCRYPTION_RANGE :
 	return(h_config_encryption_range);
+#endif
       case V_REMOTE_ABOOK_METADATA :
 	return(h_config_abook_metafile);
       case V_REPLY_STRING :
@@ -7903,6 +7940,10 @@ config_help(int var, int feature)
 	return(h_config_mailcap_path);
       case V_MIMETYPE_PATH :
 	return(h_config_mimetype_path);
+#if !defined(_WINDOWS) || (defined(ENABLE_WINDOWS_LIBRESSL) && defined(W32BITSBUILD))
+      case V_SSLCAPATH :
+	return(h_config_system_certs_path);
+#endif
 #if !defined(DOS) && !defined(OS2) && !defined(LEAVEOUTFIFO)
       case V_FIFOPATH :
 	return(h_config_fifopath);
diff --git a/pith/conf.h b/pith/conf.h
index d7769336..3e7844eb 100644
--- a/pith/conf.h
+++ b/pith/conf.h
@@ -133,6 +133,10 @@
 #define VAR_COLOR_STYLE		     vars[V_COLOR_STYLE].current_val.p
 #define GLO_COLOR_STYLE		     vars[V_COLOR_STYLE].global_val.p
 #endif
+#if !defined(_WINDOWS) || (defined(ENABLE_WINDOWS_LIBRESSL) && defined(W32BITSBUILD))
+#define VAR_SSLCAPATH		     vars[V_SSLCAPATH].current_val.l
+#define GLO_SSLCAPATH		     vars[V_SSLCAPATH].global_val.l
+#endif
 #define VAR_INDEX_COLOR_STYLE	     vars[V_INDEX_COLOR_STYLE].current_val.p
 #define GLO_INDEX_COLOR_STYLE	     vars[V_INDEX_COLOR_STYLE].global_val.p
 #define VAR_TITLEBAR_COLOR_STYLE     vars[V_TITLEBAR_COLOR_STYLE].current_val.p
@@ -263,8 +267,10 @@
 #define GLO_REMOTE_ABOOK_HISTORY     vars[V_REMOTE_ABOOK_HISTORY].global_val.p
 #define VAR_REMOTE_ABOOK_VALIDITY    vars[V_REMOTE_ABOOK_VALIDITY].current_val.p
 #define GLO_REMOTE_ABOOK_VALIDITY    vars[V_REMOTE_ABOOK_VALIDITY].global_val.p
+#ifdef DF_ENCRYPTION_RANGE
 #define GLO_ENCRYPTION_RANGE         vars[V_ENCRYPTION_RANGE].global_val.p
 #define VAR_ENCRYPTION_RANGE	     vars[V_ENCRYPTION_RANGE].current_val.p
+#endif
   /* Elm style save is obsolete in Pine 3.81 (see saved msg name rule) */
 #define VAR_ELM_STYLE_SAVE           vars[V_ELM_STYLE_SAVE].current_val.p
 #define GLO_ELM_STYLE_SAVE           vars[V_ELM_STYLE_SAVE].global_val.p
@@ -914,6 +920,9 @@ char     **get_supported_options(void);
 unsigned   reset_startup_rule(MAILSTREAM *);
 void	   free_pinerc_lines(PINERC_LINE **);
 void	   panic1(char *, char *);
+#if !defined(_WINDOWS) || (defined(ENABLE_WINDOWS_LIBRESSL) && defined(W32BITSBUILD))
+void	   set_system_certs_path(struct pine *);
+#endif
 
 /* mandatory to implement prototypes */
 int	   set_input_timeout(int);
diff --git a/pith/conftype.h b/pith/conftype.h
index 4278dc59..09112724 100644
--- a/pith/conftype.h
+++ b/pith/conftype.h
@@ -125,6 +125,9 @@ typedef	enum {    V_PERSONAL_NAME = 0
 		, V_DOWNLOAD_CMD_PREFIX
 		, V_MAILCAP_PATH
 		, V_MIMETYPE_PATH
+#if !defined(_WINDOWS) || (defined(ENABLE_WINDOWS_LIBRESSL) && defined(W32BITSBUILD))
+		, V_SSLCAPATH
+#endif
 		, V_BROWSER
 		, V_HISTORY
 		, V_MAXREMSTREAM
@@ -171,7 +174,9 @@ typedef	enum {    V_PERSONAL_NAME = 0
 		, V_NEW_VER_QUELL
 		, V_DISABLE_DRIVERS
 		, V_DISABLE_AUTHS
+#ifdef DF_ENCRYPTION_RANGE
 		, V_ENCRYPTION_RANGE
+#endif
 		, V_REMOTE_ABOOK_METADATA
 		, V_REMOTE_ABOOK_HISTORY
 		, V_REMOTE_ABOOK_VALIDITY
diff --git a/pith/pine.hlp b/pith/pine.hlp
index d81bd397..2dda8a13 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
 reasonable place to be called from.
 Dummy change to get revision in pine.hlp
 ============= h_revision =================
-Alpine Commit 395 2020-01-19 10:57:47
+Alpine Commit 396 2020-01-25 11:12:17
 ============= h_news =================
 <HTML>
 <HEAD>
@@ -173,6 +173,19 @@ Apache web server.
 
 <H2>New in Alpine <!--#echo var="ALPINE_VERSION"--> (<!--#echo var="ALPINE_REVISION"-->)</H2>
 
+This is a development version of Alpine. These enhancements are
+released after the release of version 
+<!--#echo var="ALPINE_VERSION"--> (<!--#echo var="ALPINE_REVISION"-->). Please report
+any problems you find with this release. New enhancements
+
+<UL>
+<LI> New variable system-certs-path that allows users to indicate the location
+of the directory where folders are located. In PC-Alpine this must be
+C:\\libressl\\ssl\\certs. The C: drive can be replaced by the name of the drive
+where the binary and DLL files are located.
+</UL>
+
+<P>
 Version <!--#echo var="ALPINE_VERSION"--> (<!--#echo var="ALPINE_REVISION"-->)
 addresses bugs found in previous releases and has a few additions as well.
 
@@ -22196,6 +22209,49 @@ by a colon (:) under UNIX and a semi-colon (;) under Windows.
 <P>
 &lt;End of help on this topic&gt;
 </BODY></HTML>
+====== h_config_system_certs_path ======
+<HTML>
+<HEAD>
+<TITLE>OPTION: <!--#echo var="VAR_system-certs-path"--></TITLE>
+</HEAD>
+<BODY>
+<H1>OPTION: <!--#echo var="VAR_system-certs-path"--></H1>
+
+When Alpine is built to support secure connections to remote servers, a directory
+must be reserved in the system to store certificates that will be used to validate
+remote servers. This is normally configured at the time that Alpine is built, but
+there might be circumstances under which a user might want to use a different
+directory. For example, the directory might not be accessible, or has not been 
+updated and contains old certificates that have expired.
+
+<P>
+When a user wants to override the default, this variable can be used to list
+the directory where such certificates can be found. Alpine will use the first
+directory in this list that exists in your system and can be accessed. This
+allows for users to be able to use the same pinerc file in different systems.
+
+<P>
+Example of values for this option might be:
+
+<PRE>
+System Certs Path = /etc/ssl/certs
+                    /usr/local/ssl/certs
+                    C:\\libressl\\ssl\\certs
+<PRE>
+
+<P>
+In unix systems, the default location of the certificates for openssl can
+be obtained by first executing the command
+
+<PRE>openssl version -d</PRE>
+
+and adding &quot;/certs&quot; to that value. In Windows the default location
+for the certificates is C:\\libressl\\ssl\\certs. This value was set by LibreSSL
+developers, and this option can be used to override this default.
+
+<P>
+&lt;End of help on this topic&gt;
+</BODY></HTML>
 ====== h_config_set_att_ansi ======
 <HTML><HEAD>
 <TITLE>OPTION: Set printer to attached ansi printer</TITLE>