[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Mailutils branch, master, updated. release-2.2-674-ge8bc268
|
From: |
Sergey Poznyakoff |
|
Subject: |
[SCM] GNU Mailutils branch, master, updated. release-2.2-674-ge8bc268 |
|
Date: |
Wed, 26 Feb 2014 18:58:38 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Mailutils".
http://git.savannah.gnu.org/cgit/mailutils.git/commit/?id=e8bc2682289c3e78dc29dd1ec833a654b6b03186
The branch, master has been updated
via e8bc2682289c3e78dc29dd1ec833a654b6b03186 (commit)
via f9c205de215c6a94d38f40f718f6787416fc4e01 (commit)
from 25df2275c794c9f223715473494ab3b10a420d40 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e8bc2682289c3e78dc29dd1ec833a654b6b03186
Author: Sergey Poznyakoff <address@hidden>
Date: Wed Feb 26 20:49:08 2014 +0200
imap client: fix handling of ID response without untagged part
* libproto/imap/id.c: Make sure returned mu_assoc_t is valid
even if no untagged response was received (equivalent to NIL).
commit f9c205de215c6a94d38f40f718f6787416fc4e01
Author: Sergey Poznyakoff <address@hidden>
Date: Wed Feb 26 19:55:57 2014 +0200
Improve tls support
Remove deprecated types and function calls. Make cipher, mac, and other
priorities configurable.
* include/mailutils/sys/tls-stream.h (_mu_tls_stream): Use gnutls_session_t.
* include/mailutils/tls.h (mu_tls_module_config): New member: priorities.
* libmu_auth/tls.c: Remove deprecated types.
(intialize_tls_session): Make priorities configurable.
(prepare_client_session): Set default priorities.
* libmu_cfg/tls.c: New configuration statement: ssl-priorities.
-----------------------------------------------------------------------
Summary of changes:
include/mailutils/sys/tls-stream.h | 2 +-
include/mailutils/tls.h | 2 +
libmu_auth/tls.c | 42 +++++++++++++++++------------------
libmu_cfg/tls.c | 4 +++
libproto/imap/id.c | 30 +++++++++++++++++--------
5 files changed, 47 insertions(+), 33 deletions(-)
diff --git a/include/mailutils/sys/tls-stream.h
b/include/mailutils/sys/tls-stream.h
index 3644345..6d49c1b 100644
--- a/include/mailutils/sys/tls-stream.h
+++ b/include/mailutils/sys/tls-stream.h
@@ -40,7 +40,7 @@ struct _mu_tls_stream
{
struct _mu_stream stream;
enum _mu_tls_stream_state state;
- gnutls_session session;
+ gnutls_session_t session;
int tls_err;
mu_stream_t transport[2];
};
diff --git a/include/mailutils/tls.h b/include/mailutils/tls.h
index 9efcad0..d60d1e5 100644
--- a/include/mailutils/tls.h
+++ b/include/mailutils/tls.h
@@ -37,6 +37,8 @@ struct mu_tls_module_config
char *ssl_cafile;
int ssl_cafile_safety_checks;
+
+ char *priorities;
};
extern int mu_tls_module_init (enum mu_gocs_op, void *);
diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c
index 4609d59..0ed8660 100644
--- a/libmu_auth/tls.c
+++ b/libmu_auth/tls.c
@@ -173,13 +173,19 @@ mu_deinit_tls_libs (void)
mu_tls_enable = 0;
}
-static gnutls_session
+static char default_priority_string[] = "NORMAL";
+
+static gnutls_session_t
initialize_tls_session (void)
{
- gnutls_session session = 0;
+ gnutls_session_t session = 0;
gnutls_init (&session, GNUTLS_SERVER);
- gnutls_set_default_priority (session);
+ gnutls_priority_set_direct (session,
+ mu_tls_module_config.priorities
+ ? mu_tls_module_config.priorities
+ : default_priority_string,
+ NULL);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
@@ -357,7 +363,7 @@ _mu_tls_io_stream_create (mu_stream_t *pstream,
�
static ssize_t
-_tls_stream_pull (gnutls_transport_ptr fd, void *buf, size_t size)
+_tls_stream_pull (gnutls_transport_ptr_t fd, void *buf, size_t size)
{
mu_stream_t stream = fd;
int rc;
@@ -372,7 +378,7 @@ _tls_stream_pull (gnutls_transport_ptr fd, void *buf,
size_t size)
}
static ssize_t
-_tls_stream_push (gnutls_transport_ptr fd, const void *buf, size_t size)
+_tls_stream_push (gnutls_transport_ptr_t fd, const void *buf, size_t size)
{
mu_stream_t stream = fd;
int rc;
@@ -407,8 +413,8 @@ _tls_server_open (mu_stream_t stream)
sp->session = initialize_tls_session ();
mu_stream_ioctl (stream, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET, transport);
gnutls_transport_set_ptr2 (sp->session,
- (gnutls_transport_ptr) transport[0],
- (gnutls_transport_ptr) transport[1]);
+ (gnutls_transport_ptr_t) transport[0],
+ (gnutls_transport_ptr_t) transport[1]);
gnutls_transport_set_pull_function (sp->session, _tls_stream_pull);
gnutls_transport_set_push_function (sp->session, _tls_stream_push);
@@ -429,21 +435,13 @@ prepare_client_session (mu_stream_t stream)
struct _mu_tls_stream *sp = (struct _mu_tls_stream *) stream;
int rc;
mu_transport_t transport[2];
- static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0};
- static int kx_priority[] = {GNUTLS_KX_RSA, 0};
- static int cipher_priority[] = {GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_ARCFOUR_128,
- 0};
- static int comp_priority[] = {GNUTLS_COMP_NULL, 0};
- static int mac_priority[] = {GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0};
gnutls_init (&sp->session, GNUTLS_CLIENT);
- gnutls_protocol_set_priority (sp->session, protocol_priority);
- gnutls_cipher_set_priority (sp->session, cipher_priority);
- gnutls_compression_set_priority (sp->session, comp_priority);
- gnutls_kx_set_priority (sp->session, kx_priority);
- gnutls_mac_set_priority (sp->session, mac_priority);
-
+ gnutls_priority_set_direct (sp->session,
+ mu_tls_module_config.priorities
+ ? mu_tls_module_config.priorities
+ : default_priority_string,
+ NULL);
gnutls_certificate_allocate_credentials (&x509_cred);
if (mu_tls_module_config.ssl_cafile)
{
@@ -461,8 +459,8 @@ prepare_client_session (mu_stream_t stream)
mu_stream_ioctl (stream, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET, transport);
gnutls_transport_set_ptr2 (sp->session,
- (gnutls_transport_ptr) transport[0],
- (gnutls_transport_ptr) transport[1]);
+ (gnutls_transport_ptr_t) transport[0],
+ (gnutls_transport_ptr_t) transport[1]);
gnutls_transport_set_pull_function (sp->session, _tls_stream_pull);
gnutls_transport_set_push_function (sp->session, _tls_stream_push);
diff --git a/libmu_cfg/tls.c b/libmu_cfg/tls.c
index e9b91af..dad4cb3 100644
--- a/libmu_cfg/tls.c
+++ b/libmu_cfg/tls.c
@@ -88,6 +88,10 @@ static struct mu_cfg_param mu_tls_param[] = {
{ "ssl-cafile", mu_cfg_string, &tls_settings.ssl_cafile, 0, NULL,
N_("Specify trusted CAs file."),
N_("file") },
+ { "ssl-priorities", mu_cfg_string, &tls_settings.priorities, 0, NULL,
+ N_("Set the priorities to use on the ciphers, key exchange methods, "
+ "macs and compression methods."),
+ NULL },
{ "key-file-safety-checks", mu_cfg_callback,
&tls_settings.ssl_key_safety_checks, 0,
cb_safety_checks,
diff --git a/libproto/imap/id.c b/libproto/imap/id.c
index fbf29cd..db6b94d 100644
--- a/libproto/imap/id.c
+++ b/libproto/imap/id.c
@@ -48,10 +48,20 @@ _id_mapper (void **itmv, size_t itmc, void *call_data)
return rc;
}
+static mu_assoc_t
+create_id_assoc (void)
+{
+ mu_assoc_t assoc;
+ int rc = mu_assoc_create (&assoc, sizeof (char**), MU_ASSOC_ICASE);
+ if (rc)
+ return NULL;
+ mu_assoc_set_free (assoc, _id_free);
+ return assoc;
+}
+
static void
parse_id_reply (mu_imap_t imap, mu_list_t resp, void *data)
{
- int rc;
mu_assoc_t *passoc = data;
struct imap_list_element *elt;
@@ -63,14 +73,12 @@ parse_id_reply (mu_imap_t imap, mu_list_t resp, void *data)
elt = _mu_imap_list_at (resp, 1);
if (elt->type == imap_eltype_list)
{
- mu_assoc_t assoc;
-
- rc = mu_assoc_create (&assoc, sizeof (char**), MU_ASSOC_ICASE);
- if (rc)
- return;
- mu_assoc_set_free (assoc, _id_free);
- mu_list_gmap (elt->v.list, _id_mapper, 2, assoc);
- *passoc = assoc;
+ mu_assoc_t assoc = create_id_assoc ();
+ if (assoc)
+ {
+ mu_list_gmap (elt->v.list, _id_mapper, 2, assoc);
+ *passoc = assoc;
+ }
}
}
}
@@ -79,6 +87,7 @@ int
mu_imap_id (mu_imap_t imap, char **idenv, mu_assoc_t *passoc)
{
int status;
+ mu_assoc_t assoc = NULL;
if (imap == NULL)
return EINVAL;
@@ -124,12 +133,13 @@ mu_imap_id (mu_imap_t imap, char **idenv, mu_assoc_t
*passoc)
imap->client_state = MU_IMAP_CLIENT_ID_RX;
case MU_IMAP_CLIENT_ID_RX:
- status = _mu_imap_response (imap, parse_id_reply, passoc);
+ status = _mu_imap_response (imap, parse_id_reply, &assoc);
MU_IMAP_CHECK_EAGAIN (imap, status);
switch (imap->response)
{
case MU_IMAP_OK:
status = 0;
+ *passoc = assoc ? assoc : create_id_assoc ();
break;
case MU_IMAP_NO:
hooks/post-receive
--
GNU Mailutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Mailutils branch, master, updated. release-2.2-674-ge8bc268,
Sergey Poznyakoff <=