From ec66afcc51369f994cf04960fc4828cb007176bd Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sat, 17 Apr 2021 23:22:48 -0600 Subject: * Add new variable ssl-ciphers to list the ciphers that will be used when negotiating a secure connection with a SSL server. Work in collaboration with professor Martin Trusler. --- imap/src/c-client/mail.h | 2 ++ imap/src/osdep/unix/env_unix.c | 8 ++++++++ imap/src/osdep/unix/ssl_unix.c | 4 +++- 3 files changed, 13 insertions(+), 1 deletion(-) (limited to 'imap/src') diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h index 9fc1c714..d40d7ebe 100644 --- a/imap/src/c-client/mail.h +++ b/imap/src/c-client/mail.h @@ -248,6 +248,8 @@ #define SET_ENCRYPTION_RANGE_MIN (long) 339 #define GET_ENCRYPTION_RANGE_MAX (long) 340 #define SET_ENCRYPTION_RANGE_MAX (long) 341 +#define GET_SSLCIPHERS (long) 342 +#define SET_SSLCIPHERS (long) 343 /* 4xx: network drivers */ #define GET_MAXLOGINTRIALS (long) 400 diff --git a/imap/src/osdep/unix/env_unix.c b/imap/src/osdep/unix/env_unix.c index afec59b1..c41a5d04 100644 --- a/imap/src/osdep/unix/env_unix.c +++ b/imap/src/osdep/unix/env_unix.c @@ -76,6 +76,7 @@ static char *sslCApath = NIL; /* non-standard CA path */ static char *sslCAfile = NIL; /* non-standard CA container */ static char *sslAppCApath = NIL; /* App SSL CA path */ static char *sslAppCAfile = NIL; /* App SSL CA container */ +static char *sslciphers = NIL; /* ciphers to negotiate with a SSL server */ static short anonymous = NIL; /* is anonymous */ static short blackBox = NIL; /* is a black box */ static short closedBox = NIL; /* is a closed box (uses chroot() jail) */ @@ -370,6 +371,13 @@ void *env_parameters (long function,void *value) case GET_SSLAPPCAFILE: ret = (void *) sslAppCAfile; break; + case SET_SSLCIPHERS: /* this can be set null */ + if (sslciphers) fs_give ((void **) &sslciphers); + sslciphers = value ? cpystr ((char *) value) : value; + break; + case GET_SSLCIPHERS: + ret = (void *) sslciphers; + break; case SET_LISTMAXLEVEL: list_max_level = (long) value; case GET_LISTMAXLEVEL: diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 1f64b57e..5d3ffcd8 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -395,7 +395,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) int minv, maxv; int masklow, maskhigh; char *s,*t,*err,tmp[MAILTMPLEN], buf[256]; - char *CAfile, *CApath; + char *CAfile, *CApath, *ciphers; sslcertificatequery_t scq = (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); sslclientcert_t scc = @@ -414,6 +414,8 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) if (flags & NET_NOVALIDATECERT) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); + /* set cipher list */ + ciphers = (char *) mail_parameters (NIL,GET_SSLCIPHERS,NIL); /* if a non-standard path desired */ CAfile = (char *) mail_parameters (NIL,GET_SSLCAFILE,NIL); CApath = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL); -- cgit v1.2.3-54-g00ecf