summaryrefslogtreecommitdiff
path: root/imap/src/osdep/unix/ssl_unix.c
diff options
context:
space:
mode:
Diffstat (limited to 'imap/src/osdep/unix/ssl_unix.c')
-rw-r--r--imap/src/osdep/unix/ssl_unix.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c
index 93fb1a9a..57931525 100644
--- a/imap/src/osdep/unix/ssl_unix.c
+++ b/imap/src/osdep/unix/ssl_unix.c
@@ -75,7 +75,7 @@ typedef struct ssl_stream {
/* Function prototypes */
int ssl_disable_mask(int ssl_version, int direction);
-const SSL_METHOD *ssl_connect_mthd(int flag, int *min, int *max);
+const SSL_METHOD *ssl_connect_mthd(int flag, int *minv, int *maxv);
static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags);
static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags);
static int ssl_open_verify (int ok,X509_STORE_CTX *ctx);
@@ -257,7 +257,7 @@ int ssl_disable_mask(int ssl_version, int direction)
/* ssl_connect_mthd: returns a context pointer to the connection to
* a ssl server
*/
-const SSL_METHOD *ssl_connect_mthd(int flag, int *min, int *max)
+const SSL_METHOD *ssl_connect_mthd(int flag, int *minv, int *maxv)
{
int client_request;
client_request = (flag & NET_TRYTLS1) ? TLS1_VERSION
@@ -270,17 +270,17 @@ const SSL_METHOD *ssl_connect_mthd(int flag, int *min, int *max)
#endif
: 0;
- *min = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MIN, NULL);
- *max = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MAX, NULL);
+ *minv = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MIN, NULL);
+ *maxv = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MAX, NULL);
/*
* if no special request, negotiate the maximum the client is configured
* to negotiate
*/
if(client_request == 0)
- client_request = *max;
+ client_request = *maxv;
- if(client_request < *min || client_request > *max)
+ if(client_request < *minv || client_request > *maxv)
return NIL; /* out of range? bail out */
/* Some Linux distributors seem to believe that it is ok to disable some of
@@ -392,7 +392,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
BIO *bio;
X509 *cert;
unsigned long sl,tl;
- int min, max;
+ int minv, maxv;
int masklow, maskhigh;
char *s,*t,*err,tmp[MAILTMPLEN], buf[256];
sslcertificatequery_t scq =
@@ -403,21 +403,21 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
(sslclientkey_t) mail_parameters (NIL,GET_SSLCLIENTKEY,NIL);
if (ssl_last_error) fs_give ((void **) &ssl_last_error);
ssl_last_host = host;
- if (!(stream->context = SSL_CTX_new (ssl_connect_mthd(flags, &min, &max))))
+ if (!(stream->context = SSL_CTX_new (ssl_connect_mthd(flags, &minv, &maxv))))
return "SSL context failed";
SSL_CTX_set_options (stream->context,0);
- masklow = ssl_disable_mask(min, -1);
- maskhigh = ssl_disable_mask(max, 1);
+ masklow = ssl_disable_mask(minv, -1);
+ maskhigh = ssl_disable_mask(maxv, 1);
SSL_CTX_set_options(stream->context, masklow|maskhigh);
/* disable certificate validation? */
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
- /* set default paths to CAs... */
- SSL_CTX_set_default_verify_paths (stream->context);
- /* ...unless a non-standard path desired */
+ /* if a non-standard path desired */
if ((s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) != NULL)
SSL_CTX_load_verify_locations (stream->context,NIL,s);
+ else /* set default paths to CAs... */
+ SSL_CTX_set_default_verify_paths (stream->context);
/* want to send client certificate? */
if (scc && (s = (*scc) ()) && (sl = strlen (s))) {
if ((cert = PEM_read_bio_X509 (bio = BIO_new_mem_buf (s,sl),NIL,NIL,NIL)) != NULL) {