diff options
Diffstat (limited to 'pith')
| -rw-r--r-- | pith/conf.c | 97 | ||||
| -rw-r--r-- | pith/conf.h | 6 | ||||
| -rw-r--r-- | pith/conftype.h | 2 | ||||
| -rw-r--r-- | pith/pine.hlp | 80 |
4 files changed, 179 insertions, 6 deletions
diff --git a/pith/conf.c b/pith/conf.c index f856c961..e4f64c71 100644 --- a/pith/conf.c +++ b/pith/conf.c @@ -381,6 +381,10 @@ CONF_TXT_T cf_text_mimetype_path[] = "Sets the search path for the mimetypes con CONF_TXT_T cf_text_system_certs_path[] = "Sets the path for the system ssl certificates issued by a trusted\n# certificate authority. Note that this could be a list of paths, if the same\n# pinerc is used in different systems. Alpine always chooses the first one that\n# it finds. Value must be an absolute path."; CONF_TXT_T cf_text_system_certs_file[] = "Sets the path for the system ssl file container of certificates issued by a\n# certificate authority. Note that this could be a list of container files,\n# if the same pinerc is used in different systems. Alpine always chooses the,\n# first one that it finds. Value must be an absolute path."; + +CONF_TXT_T cf_text_user_certs_path[] = "Sets the path for additional ssl certificates that the user trusts. Note\n#that this could be a list of paths, if the same\n# pinerc is used in different systems. Alpine always chooses the first one that\n# it finds. Value must be an absolute path."; + +CONF_TXT_T cf_text_user_certs_file[] = "Sets the path for a file that contains certificates that a user trusts.\nNote that this could be a list of container files,\n# if the same pinerc is used in different systems. Alpine always chooses the,\n# first one that it finds. Value must be an absolute path."; #endif CONF_TXT_T cf_text_newmail_fifo_path[] = "Sets the filename for the newmail fifo (named pipe). Unix only."; @@ -670,6 +674,10 @@ static struct variable variables[] = { "System CACerts Dir", cf_text_system_certs_path}, {"system-certs-file", 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, "System CACerts File", cf_text_system_certs_file}, +{"user-certs-path", 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, + "User Certs Dir", cf_text_user_certs_file}, +{"user-certs-file", 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, + "User Certs File", cf_text_user_certs_file}, #endif {"url-viewers", 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, "URL-Viewers", cf_text_browser}, @@ -1740,6 +1748,56 @@ init_vars(struct pine *ps, void (*cmds_f) (struct pine *, char **)) GLO_SSLCAFILE = parse_list(DEFAULT_SSLCAFILE, 1, PL_REMSURRQUOT, NULL); #endif /* DEFAULT_SSLCAFILE */ +#ifdef DEFAULT_SSLUSERCAPATH + { char **l, path[MAXPATH+1]; + int i; + l = parse_list(DEFAULT_SSLUSERCAPATH, 1, + PL_REMSURRQUOT, NULL); + if(l && *l && **l){ + for(i = 0; l[i] && *l[i]; i++){ + path[0] = '\0'; + if(ps_global->VAR_OPER_DIR){ + if(strlen(ps_global->VAR_OPER_DIR) + strlen(l[i]) < MAXPATH) + build_path(path, ps_global->VAR_OPER_DIR, l[i], MAXPATH); + } + else if(ps_global->home_dir){ + if(strlen(ps_global->home_dir) + strlen(l[i]) < MAXPATH) + build_path(path, ps_global->home_dir, l[i], MAXPATH); + } + if(path[0]){ + fs_give((void **) &l[i]); + l[i] = cpystr(path); + } + } + } + GLO_SSLUSERCAPATH = l; + } +#endif /* DEFAULT_SSLUSERCAPATH */ +#ifdef DEFAULT_SSLUSERCAFILE + { char **l, path[MAXPATH+1]; + int i; + l = parse_list(DEFAULT_SSLUSERCAFILE, 1, + PL_REMSURRQUOT, NULL); + if(l && *l && **l){ + for(i = 0; l[i] && *l[i]; i++){ + path[0] = '\0'; + if(ps_global->VAR_OPER_DIR){ + if(strlen(ps_global->VAR_OPER_DIR) + strlen(l[i]) < MAXPATH) + build_path(path, ps_global->VAR_OPER_DIR, l[i], MAXPATH); + } + else if(ps_global->home_dir){ + if(strlen(ps_global->home_dir) + strlen(l[i]) < MAXPATH) + build_path(path, ps_global->home_dir, l[i], MAXPATH); + } + if(path[0]){ + fs_give((void **) &l[i]); + l[i] = cpystr(path); + } + } + } + GLO_SSLUSERCAFILE = l; + } +#endif /* DEFAULT_SSLUSERCAFILE */ #ifdef DF_VAR_SPELLER GLO_SPELLER = cpystr(DF_VAR_SPELLER); #endif @@ -2379,6 +2437,8 @@ init_vars(struct pine *ps, void (*cmds_f) (struct pine *, char **)) #if !defined(_WINDOWS) || defined(WINDOWS_UNIXSSL_CERTS) set_current_val(&vars[V_SSLCAPATH], TRUE, TRUE); set_current_val(&vars[V_SSLCAFILE], TRUE, TRUE); + set_current_val(&vars[V_USERSSLCAPATH], TRUE, TRUE); + set_current_val(&vars[V_USERSSLCAFILE], TRUE, TRUE); #endif #if !defined(DOS) && !defined(OS2) && !defined(LEAVEOUTFIFO) set_current_val(&vars[V_FIFOPATH], TRUE, TRUE); @@ -7088,7 +7148,7 @@ set_system_certs_container(struct pine *ps) { char **l; - for (l = ps->vars[V_SSLCAPATH].current_val.l; l && *l; l++){ + for (l = ps->vars[V_SSLCAFILE].current_val.l; l && *l; l++){ if(is_absolute_path(*l) && can_access(*l, ACCESS_EXISTS) == 0 && can_access(*l, READ_ACCESS) == 0){ @@ -7097,6 +7157,37 @@ set_system_certs_container(struct pine *ps) } } } + +void +set_user_certs_path(struct pine *ps) +{ + char **l; + + for (l = ps->vars[V_USERSSLCAPATH].current_val.l; l && *l; l++){ + if(is_absolute_path(*l) + && can_access(*l, ACCESS_EXISTS) == 0 + && can_access(*l, READ_ACCESS) == 0){ + mail_parameters(NULL, SET_SSLAPPCAPATH, (void *) *l); + break; + } + } +} + + +void +set_user_certs_container(struct pine *ps) +{ + char **l; + + for (l = ps->vars[V_USERSSLCAFILE].current_val.l; l && *l; l++){ + if(is_absolute_path(*l) + && can_access(*l, ACCESS_EXISTS) == 0 + && can_access(*l, READ_ACCESS) == 0){ + mail_parameters(NULL, SET_SSLAPPCAFILE, (void *) *l); + break; + } + } +} #endif int @@ -7958,6 +8049,10 @@ config_help(int var, int feature) return(h_config_system_certs_path); case V_SSLCAFILE : return(h_config_system_certs_file); + case V_USERSSLCAPATH : + return(h_config_user_certs_path); + case V_USERSSLCAFILE : + return(h_config_user_certs_file); #endif #if !defined(DOS) && !defined(OS2) && !defined(LEAVEOUTFIFO) case V_FIFOPATH : diff --git a/pith/conf.h b/pith/conf.h index 100224bc..90c2325c 100644 --- a/pith/conf.h +++ b/pith/conf.h @@ -138,6 +138,10 @@ #define GLO_SSLCAPATH vars[V_SSLCAPATH].global_val.l #define VAR_SSLCAFILE vars[V_SSLCAFILE].current_val.l #define GLO_SSLCAFILE vars[V_SSLCAFILE].global_val.l +#define VAR_SSLUSERCAPATH vars[V_USERSSLCAPATH].current_val.l +#define GLO_SSLUSERCAPATH vars[V_USERSSLCAPATH].global_val.l +#define VAR_SSLUSERCAFILE vars[V_USERSSLCAFILE].current_val.l +#define GLO_SSLUSERCAFILE vars[V_USERSSLCAFILE].global_val.l #endif #define VAR_INDEX_COLOR_STYLE vars[V_INDEX_COLOR_STYLE].current_val.p #define GLO_INDEX_COLOR_STYLE vars[V_INDEX_COLOR_STYLE].global_val.p @@ -919,6 +923,8 @@ void panic1(char *, char *); #if !defined(_WINDOWS) || defined(WINDOWS_UNIXSSL_CERTS) void set_system_certs_path(struct pine *); void set_system_certs_container(struct pine *); +void set_user_certs_path(struct pine *); +void set_user_certs_container(struct pine *); #endif /* mandatory to implement prototypes */ diff --git a/pith/conftype.h b/pith/conftype.h index 4ea7993e..3ed5040f 100644 --- a/pith/conftype.h +++ b/pith/conftype.h @@ -127,6 +127,8 @@ typedef enum { V_PERSONAL_NAME = 0 #if !defined(_WINDOWS) || defined(WINDOWS_UNIXSSL_CERTS) , V_SSLCAPATH , V_SSLCAFILE + , V_USERSSLCAPATH + , V_USERSSLCAFILE #endif , V_BROWSER , V_HISTORY diff --git a/pith/pine.hlp b/pith/pine.hlp index c6c1a2e4..b9729c77 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 494 2020-07-17 01:43:03 +Alpine Commit 495 2020-07-18 00:53:30 ============= h_news ================= <HTML> <HEAD> @@ -192,7 +192,7 @@ problems you find with this release. <UL> <LI> Expansion of the configuration screen for XOAUTH2 to include - username, and tenant. + username, authorization flow, and tenant. <LI> If a user has more than one client-id for a service, Alpine tries to asks the user which client-id to use and associates that client-id to @@ -241,6 +241,11 @@ problems you find with this release. <LI> Experimental: Attempt to implement the Encryption Range in Windows. It works in Windows 10, and it should work in Windows 8.1. It needs testing in Windows 7 and Windows Vista. + +<LI> Addition of variables <A HREF="h_config_user_certs_path"><!--#echo var="VAR_user-certs-path"--></A> + and <A HREF="h_config_user_certs_file"><!--#echo var="VAR_user-certs-file"--></A> + which allow a user to specify locations for certificates that the user + trusts. </UL> <P> @@ -22518,9 +22523,9 @@ allows for users to be able to use the same pinerc file in different systems. Example of values for this option might be: <PRE> -System Certs Path = /etc/ssl/certs/cert.pem - /usr/local/ssl/ca-root-nss.crt - C:\\libressl\\ssl\\certs\\cert.pem +System CACerts File = /etc/ssl/certs/cert.pem + /usr/local/ssl/ca-root-nss.crt + C:\\libressl\\ssl\\certs\\cert.pem <PRE> <P> @@ -22536,6 +22541,71 @@ by LibreSSL developers, and this option can be used to override this default. <P> <End of help on this topic> </BODY></HTML> +====== h_config_user_certs_path ====== +<HTML> +<HEAD> +<TITLE>OPTION: <!--#echo var="VAR_user-certs-path"--></TITLE> +</HEAD> +<BODY> +<H1>OPTION: <!--#echo var="VAR_user-certs-path"--></H1> + +(UNIX ALPINE ONLY) +This directory is used by Alpine to store certificates that a user +trusts. Alpine will use the first directory in this list that exists in your +system and can be accessed. This allows for users to be able to +use the same pinerc file in different systems. The default location +is ~/.alpine-certs. + +<P> +In addition to the certificates stored in this directory, Alpine also +trusts certificates saved in the container file referenced in the +configuration variable +<A HREF="h_config_user_certs_file"><!--#echo var="VAR_user-certs-file"--></A>. + +<P> +Example of values for this option might be: + +<PRE> +User Certs Dir = /home/fred/.alpine-certs + C:\\Users\\Admin\\alpine-certs +<PRE> + +<P> +<End of help on this topic> +</BODY></HTML> +====== h_config_user_certs_file ====== +<HTML> +<HEAD> +<TITLE>OPTION: <!--#echo var="VAR_user-certs-file"--></TITLE> +</HEAD> +<BODY> +<H1>OPTION: <!--#echo var="VAR_user-certs-file"--></H1> + +(UNIX ALPINE ONLY) +This option sets the location of a container file that holds certificate +authority (CA) certificates that the user trusts. Its value is the +full path referencing the location of this file. Alpine will use the first +container in this list that exists and can be accessed in your system. This +allows for users to be able to use the same pinerc file in different +systems. The default location is ~/.alpine-certs/certs.pem. + +<P> +In addition to the certificates stored in this directory, Alpine also +trusts certificates saved in the directory referenced in the +configuration variable +<A HREF="h_config_user_certs_path"><!--#echo var="VAR_user-certs-path"--></A>. + +<P> +Example of values for this option might be: + +<PRE> +User Certs File = /home/fred/.alpine-certs/certs.pem + C:\\libressl\\ssl\\certs\\cert.pem +<PRE> + +<P> +<End of help on this topic> +</BODY></HTML> ====== h_config_set_att_ansi ====== <HTML><HEAD> <TITLE>OPTION: Set printer to attached ansi printer</TITLE> |