diff options
Diffstat (limited to 'imap/src/osdep/unix/ssl_unix.c')
| -rw-r--r-- | imap/src/osdep/unix/ssl_unix.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 93fb1a9..5793152 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -75,7 +75,7 @@ typedef struct ssl_stream { /* Function prototypes */ int ssl_disable_mask(int ssl_version, int direction); -const SSL_METHOD *ssl_connect_mthd(int flag, int *min, int *max); +const SSL_METHOD *ssl_connect_mthd(int flag, int *minv, int *maxv); static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags); static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags); static int ssl_open_verify (int ok,X509_STORE_CTX *ctx); @@ -257,7 +257,7 @@ int ssl_disable_mask(int ssl_version, int direction) /* ssl_connect_mthd: returns a context pointer to the connection to * a ssl server */ -const SSL_METHOD *ssl_connect_mthd(int flag, int *min, int *max) +const SSL_METHOD *ssl_connect_mthd(int flag, int *minv, int *maxv) { int client_request; client_request = (flag & NET_TRYTLS1) ? TLS1_VERSION @@ -270,17 +270,17 @@ const SSL_METHOD *ssl_connect_mthd(int flag, int *min, int *max) #endif : 0; - *min = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MIN, NULL); - *max = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MAX, NULL); + *minv = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MIN, NULL); + *maxv = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MAX, NULL); /* * if no special request, negotiate the maximum the client is configured * to negotiate */ if(client_request == 0) - client_request = *max; + client_request = *maxv; - if(client_request < *min || client_request > *max) + if(client_request < *minv || client_request > *maxv) return NIL; /* out of range? bail out */ /* Some Linux distributors seem to believe that it is ok to disable some of @@ -392,7 +392,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) BIO *bio; X509 *cert; unsigned long sl,tl; - int min, max; + int minv, maxv; int masklow, maskhigh; char *s,*t,*err,tmp[MAILTMPLEN], buf[256]; sslcertificatequery_t scq = @@ -403,21 +403,21 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) (sslclientkey_t) mail_parameters (NIL,GET_SSLCLIENTKEY,NIL); if (ssl_last_error) fs_give ((void **) &ssl_last_error); ssl_last_host = host; - if (!(stream->context = SSL_CTX_new (ssl_connect_mthd(flags, &min, &max)))) + if (!(stream->context = SSL_CTX_new (ssl_connect_mthd(flags, &minv, &maxv)))) return "SSL context failed"; SSL_CTX_set_options (stream->context,0); - masklow = ssl_disable_mask(min, -1); - maskhigh = ssl_disable_mask(max, 1); + masklow = ssl_disable_mask(minv, -1); + maskhigh = ssl_disable_mask(maxv, 1); SSL_CTX_set_options(stream->context, masklow|maskhigh); /* disable certificate validation? */ if (flags & NET_NOVALIDATECERT) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); - /* set default paths to CAs... */ - SSL_CTX_set_default_verify_paths (stream->context); - /* ...unless a non-standard path desired */ + /* if a non-standard path desired */ if ((s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) != NULL) SSL_CTX_load_verify_locations (stream->context,NIL,s); + else /* set default paths to CAs... */ + SSL_CTX_set_default_verify_paths (stream->context); /* want to send client certificate? */ if (scc && (s = (*scc) ()) && (sl = strlen (s))) { if ((cert = PEM_read_bio_X509 (bio = BIO_new_mem_buf (s,sl),NIL,NIL,NIL)) != NULL) { |