summaryrefslogtreecommitdiff
path: root/pith
diff options
context:
space:
mode:
Diffstat (limited to 'pith')
-rw-r--r--pith/conf.c8
-rw-r--r--pith/conftype.h2
-rw-r--r--pith/folder.c5
-rw-r--r--pith/foldertype.h1
-rw-r--r--pith/pine.hlp62
-rw-r--r--pith/smime.c51
-rw-r--r--pith/smkeys.c13
-rw-r--r--pith/smkeys.h2
8 files changed, 116 insertions, 28 deletions
diff --git a/pith/conf.c b/pith/conf.c
index 10c64cfa..7cd1f83d 100644
--- a/pith/conf.c
+++ b/pith/conf.c
@@ -8041,14 +8041,14 @@ get_supported_options(void)
/*
* Line count:
* Title + blank = 2
- * SSL Title + SSL lines + blank = 4
+ * SSL Title + SSL lines + blank = 5
* Auth title + blank = 2
* Driver title + blank = 2
* LDAP title + LDAP line = 2
* Disabled explanation + blank line = 4
* end = 1
*/
- cnt = 17;
+ cnt = 18;
for(a = mail_lookup_auth(1); a; a = a->next)
cnt++;
for(d = (DRIVER *)mail_parameters(NIL, GET_DRIVERS, NIL);
@@ -8078,6 +8078,10 @@ get_supported_options(void)
config[cnt] = cpystr(_(" TLS and SSL"));
else
config[cnt] = cpystr(_(" None (no TLS or SSL)"));
+#ifdef SSL_SUPPORTS_TLSV1_2
+ if(++cnt < alcnt)
+ config[cnt] = cpystr(" TLSv1.1, TLSv1.2, and DTLSv1");
+#endif
#ifdef SMIME
if(++cnt < alcnt)
config[cnt] = cpystr(" S/MIME");
diff --git a/pith/conftype.h b/pith/conftype.h
index c654f6c5..61472105 100644
--- a/pith/conftype.h
+++ b/pith/conftype.h
@@ -683,7 +683,7 @@ typedef struct smime_stuff {
unsigned entered_passphrase:1; /* user entered a passphrase */
unsigned already_auto_asked:1; /* asked for passphrase automatically, not again */
volatile char passphrase[100]; /* storage for the entered passphrase */
- char *passphrase_emailaddr; /* pointer to allocated storage */
+ char **passphrase_emailaddr; /* pointer to allocated storage */
/*
* If we are using the Container type it is easiest if we
diff --git a/pith/folder.c b/pith/folder.c
index 4536400e..e4ddcfc0 100644
--- a/pith/folder.c
+++ b/pith/folder.c
@@ -966,7 +966,8 @@ build_folder_list(MAILSTREAM **stream, CONTEXT_S *context, char *pat, char *cont
ldata.stream = sp_stream_get(context->context, SP_SAME);
/* gotta open a new one? */
- if(!ldata.stream){
+ if((F_OFF(F_CMBND_FOLDER_DISP, ps_global)
+ || context->update == LUU_INIT) && !ldata.stream){
ldata.stream = mail_cmd_stream(context, &local_open);
if(stream)
*stream = ldata.stream;
@@ -978,6 +979,7 @@ build_folder_list(MAILSTREAM **stream, CONTEXT_S *context, char *pat, char *cont
if(!ldata.stream){
context->use &= ~CNTXT_PARTFIND; /* unset partial find bit */
+ context->update = LUU_NOMORECHK;
if(we_cancel)
cancel_busy_cue(-1);
@@ -1021,6 +1023,7 @@ build_folder_list(MAILSTREAM **stream, CONTEXT_S *context, char *pat, char *cont
set_read_predicted(0);
}
+ context->update = LUU_INIT;
if(context->dir && response.response.delim)
context->dir->delim = response.response.delim;
diff --git a/pith/foldertype.h b/pith/foldertype.h
index 95d8b14a..509b07a3 100644
--- a/pith/foldertype.h
+++ b/pith/foldertype.h
@@ -123,6 +123,7 @@ typedef struct context {
short i; /* index into config list */
} var;
+ time_t update; /* update state */
unsigned short use, /* use flags (see below) */
d_line; /* display line for labels */
SELECTED_S selected;
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 964389f2..8e0feacb 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
reasonable place to be called from.
Dummy change to get revision in pine.hlp
============= h_revision =================
-Alpine Commit 31 2013-09-15 20:38:27
+Alpine Commit 33 2013-10-05 22:46:52
============= h_news =================
<HTML>
<HEAD>
@@ -179,6 +179,13 @@ Additions include:
<P>
<UL>
+ <LI> Alpine does not attempt to automatically reopen a collection that
+ was not opened due to cancellation by the user. Instead, the user
+ must try to open it explicitly.
+ <LI> Alpine searches for a certificate that matches an email address in
+ all addresses in a certificate (instead of just the first one) but
+ when it tries to unlock the certificate, it asks for the password
+ for the first email address in that certificate.
<LI> Add /tls1, /tls1_1, /tls1_2 and /dtls1 to the definition of a
server to use different ways to connect using ssl, for example
{server.com/tls1} will attempt to connect to server.com at the ssl
@@ -19832,6 +19839,59 @@ Alpine must be linked with an SSL library for this option to be operational.
</DD>
+<DT>TLS1</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the TLSv1 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/tls1</SAMP></CENTER>
+<P>
+
+</DD>
+
+<DT>DTLS1</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the DTLSv1 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/dtls1</SAMP></CENTER>
+<P>
+
+</DD>
+
+<DT>TLS1_1</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the TLSv1.1 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/tls1_1</SAMP></CENTER>
+<P>
+
+</DD>
+
+<DT>TLS1_2</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the TLSv1.2 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/tls1_2</SAMP></CENTER>
+<P>
+
+</DD>
+
+
<DT>NoValidate-Cert</DT>
<DD>Do not validate certificates (for TLS or SSL connections) from the server.
This is needed if the server uses self-signed certificates or if Alpine
diff --git a/pith/smime.c b/pith/smime.c
index d212b233..532948bf 100644
--- a/pith/smime.c
+++ b/pith/smime.c
@@ -1166,8 +1166,12 @@ load_private_key(PERSONAL_CERT *pcert)
ps_global->smime->need_passphrase = 1;
if(ps_global->smime){
- if(ps_global->smime->passphrase_emailaddr)
- fs_give((void **) &ps_global->smime->passphrase_emailaddr);
+ if(ps_global->smime->passphrase_emailaddr){
+ int i;
+ for(i = 0; ps_global->smime->passphrase_emailaddr[i] != NULL; i++)
+ fs_give((void **)&ps_global->smime->passphrase_emailaddr[i]);
+ fs_give((void **) ps_global->smime->passphrase_emailaddr);
+ }
ps_global->smime->passphrase_emailaddr = get_x509_subject_email(pcert->cert);
}
@@ -1213,7 +1217,8 @@ match_personal_cert_to_email(ADDRESS *a)
{
PERSONAL_CERT *pcert = NULL;
char buf[MAXPATH];
- char *email;
+ char **email;
+ int i, done;
if(!a || !a->mailbox || !a->host)
return NULL;
@@ -1230,12 +1235,17 @@ match_personal_cert_to_email(ADDRESS *a)
email = get_x509_subject_email(pcert->cert);
- if(email && strucmp(email,buf)==0){
- fs_give((void**) &email);
- break;
+ done = 0;
+ if(email != NULL){
+ for(i = 0; email[i] && strucmp(email[i], buf) != 0; i++);
+ if(email[i] != NULL) done++;
+ for(i = 0; email[i] != NULL; i++)
+ fs_give((void **)&email[i]);
+ fs_give((void **)email);
}
- fs_give((void**) &email);
+ if(done > 0)
+ break;
}
}
@@ -1634,7 +1644,7 @@ do_signature_verify(PKCS7 *p7, BIO *in, BIO *out)
if(signers)
for(i=0; i<sk_X509_num(signers); i++){
- char *email;
+ char **email;
X509 *x = sk_X509_value(signers,i);
X509 *cert;
@@ -1644,13 +1654,16 @@ do_signature_verify(PKCS7 *p7, BIO *in, BIO *out)
email = get_x509_subject_email(x);
if(email){
- cert = get_cert_for(email);
- if(cert)
- X509_free(cert);
- else
- save_cert_for(email, x);
-
- fs_give((void**) &email);
+ int i;
+ for(i = 0; email[i] != NULL; i++){
+ cert = get_cert_for(email[i]);
+ if(cert)
+ X509_free(cert);
+ else
+ save_cert_for(email[i], x);
+ fs_give((void **) &email[i]);
+ }
+ fs_give((void **) email);
}
}
@@ -2338,8 +2351,12 @@ static void
free_smime_struct(SMIME_STUFF_S **smime)
{
if(smime && *smime){
- if((*smime)->passphrase_emailaddr)
- fs_give((void **) &(*smime)->passphrase_emailaddr);
+ if((*smime)->passphrase_emailaddr){
+ int i;
+ for(i = 0; (*smime)->passphrase_emailaddr[i] != NULL; i++)
+ fs_give((void **) &(*smime)->passphrase_emailaddr[i]);
+ fs_give((void **) (*smime)->passphrase_emailaddr);
+ }
if((*smime)->publicpath)
fs_give((void **) &(*smime)->publicpath);
diff --git a/pith/smkeys.c b/pith/smkeys.c
index 5a827070..e815a59a 100644
--- a/pith/smkeys.c
+++ b/pith/smkeys.c
@@ -273,14 +273,17 @@ get_x509_subject_email(X509 *x)
* address not only in the email address field, but also in an
* X509v3 extension field, Subject Altenative Name.
*/
-char *
+char **
get_x509_subject_email(X509 *x)
{
- char *result = NULL;
+ char **result = NULL;
+ int i, n;
STACK_OF(OPENSSL_STRING) *emails = X509_get1_email(x);
- if (sk_OPENSSL_STRING_num(emails) > 0) {
- /* take the first one on the stack */
- result = cpystr(sk_OPENSSL_STRING_value(emails, 0));
+ if ((n = sk_OPENSSL_STRING_num(emails)) > 0) {
+ result = fs_get((n+1)*sizeof(char *));
+ for(i = 0; i < n; i++)
+ result[i] = cpystr(sk_OPENSSL_STRING_value(emails, i));
+ result[i] = NULL;
}
X509_email_free(emails);
return result;
diff --git a/pith/smkeys.h b/pith/smkeys.h
index 0c6db8eb..d3c9031f 100644
--- a/pith/smkeys.h
+++ b/pith/smkeys.h
@@ -48,7 +48,7 @@ X509_STORE *get_ca_store(void);
PERSONAL_CERT *get_personal_certs(char *d);
X509 *get_cert_for(char *email);
void save_cert_for(char *email, X509 *cert);
-char *get_x509_subject_email(X509 *x);
+char **get_x509_subject_email(X509 *x);
EVP_PKEY *load_key(PERSONAL_CERT *pc, char *pass);
CertList *mem_to_certlist(char *contents);
void add_to_end_of_certlist(CertList **cl, char *name, X509 *cert);