From d75d2841dcf33329544fdc6e697f2402d55226d6 Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sat, 25 Jan 2020 11:12:24 -0700 Subject: * New variable system-certs-path that allows users to indicate the location of the directory where folders are located. In PC-Alpine this must be C:\libressl\ssl\certs. The C: drive can be replaced by the name of the drive where the binary and DLL files are located. --- imap/src/osdep/unix/ssl_unix.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'imap/src/osdep/unix/ssl_unix.c') diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 93fb1a9a..57931525 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -75,7 +75,7 @@ typedef struct ssl_stream { /* Function prototypes */ int ssl_disable_mask(int ssl_version, int direction); -const SSL_METHOD *ssl_connect_mthd(int flag, int *min, int *max); +const SSL_METHOD *ssl_connect_mthd(int flag, int *minv, int *maxv); static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags); static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags); static int ssl_open_verify (int ok,X509_STORE_CTX *ctx); @@ -257,7 +257,7 @@ int ssl_disable_mask(int ssl_version, int direction) /* ssl_connect_mthd: returns a context pointer to the connection to * a ssl server */ -const SSL_METHOD *ssl_connect_mthd(int flag, int *min, int *max) +const SSL_METHOD *ssl_connect_mthd(int flag, int *minv, int *maxv) { int client_request; client_request = (flag & NET_TRYTLS1) ? TLS1_VERSION @@ -270,17 +270,17 @@ const SSL_METHOD *ssl_connect_mthd(int flag, int *min, int *max) #endif : 0; - *min = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MIN, NULL); - *max = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MAX, NULL); + *minv = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MIN, NULL); + *maxv = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MAX, NULL); /* * if no special request, negotiate the maximum the client is configured * to negotiate */ if(client_request == 0) - client_request = *max; + client_request = *maxv; - if(client_request < *min || client_request > *max) + if(client_request < *minv || client_request > *maxv) return NIL; /* out of range? bail out */ /* Some Linux distributors seem to believe that it is ok to disable some of @@ -392,7 +392,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) BIO *bio; X509 *cert; unsigned long sl,tl; - int min, max; + int minv, maxv; int masklow, maskhigh; char *s,*t,*err,tmp[MAILTMPLEN], buf[256]; sslcertificatequery_t scq = @@ -403,21 +403,21 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) (sslclientkey_t) mail_parameters (NIL,GET_SSLCLIENTKEY,NIL); if (ssl_last_error) fs_give ((void **) &ssl_last_error); ssl_last_host = host; - if (!(stream->context = SSL_CTX_new (ssl_connect_mthd(flags, &min, &max)))) + if (!(stream->context = SSL_CTX_new (ssl_connect_mthd(flags, &minv, &maxv)))) return "SSL context failed"; SSL_CTX_set_options (stream->context,0); - masklow = ssl_disable_mask(min, -1); - maskhigh = ssl_disable_mask(max, 1); + masklow = ssl_disable_mask(minv, -1); + maskhigh = ssl_disable_mask(maxv, 1); SSL_CTX_set_options(stream->context, masklow|maskhigh); /* disable certificate validation? */ if (flags & NET_NOVALIDATECERT) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); - /* set default paths to CAs... */ - SSL_CTX_set_default_verify_paths (stream->context); - /* ...unless a non-standard path desired */ + /* if a non-standard path desired */ if ((s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) != NULL) SSL_CTX_load_verify_locations (stream->context,NIL,s); + else /* set default paths to CAs... */ + SSL_CTX_set_default_verify_paths (stream->context); /* want to send client certificate? */ if (scc && (s = (*scc) ()) && (sl = strlen (s))) { if ((cert = PEM_read_bio_X509 (bio = BIO_new_mem_buf (s,sl),NIL,NIL,NIL)) != NULL) { -- cgit v1.2.3-54-g00ecf