aboutsummaryrefslogtreecommitdiffstats
path: root/camel
diff options
context:
space:
mode:
Diffstat (limited to 'camel')
-rw-r--r--camel/ChangeLog20
-rw-r--r--camel/camel-http-stream.c3
-rw-r--r--camel/camel-tcp-stream-ssl.c22
-rw-r--r--camel/camel-tcp-stream-ssl.h10
-rw-r--r--camel/providers/imap/camel-imap-store.c11
-rw-r--r--camel/providers/pop3/camel-pop3-store.c11
-rw-r--r--camel/providers/smtp/camel-smtp-transport.c11
7 files changed, 71 insertions, 17 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog
index 1e8bfcc94c..b3409df56c 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -1,3 +1,23 @@
+2003-02-28 Jeffrey Stedfast <fejj@ximian.com>
+
+ * camel-http-stream.c (http_connect): Here too.
+
+ * providers/smtp/camel-smtp-transport.c (connect_to_server): Same
+ as IMAP and POP.
+
+ * providers/imap/camel-imap-store.c (connect_to_server): Same as
+ the POP3 code.
+
+ * providers/pop3/camel-pop3-store.c (connect_to_server): Pass in
+ appropriate flags for camel_tcp_stream_ssl_new*() functions.
+
+ * camel-tcp-stream-ssl.c (enable_ssl): Not all ssl/tls streams
+ will want to allow each of SSLv2, SSLv3 and TLSv1 so use flags to
+ decide which to enable/disable.
+ (camel_tcp_stream_ssl_new): Now takes a flags argument to mask out
+ which SSL/TLS versions the stream should be compatable with.
+ (camel_tcp_stream_ssl_new_raw): Same.
+
2003-02-27 Jeffrey Stedfast <fejj@ximian.com>
* camel-stream-filter.c: Add a 'flushed' state variable to the
diff --git a/camel/camel-http-stream.c b/camel/camel-http-stream.c
index 44c7601e82..5c226cd26c 100644
--- a/camel/camel-http-stream.c
+++ b/camel/camel-http-stream.c
@@ -167,6 +167,7 @@ camel_http_stream_new (CamelHttpMethod method, CamelService *service, CamelURL *
return CAMEL_STREAM (stream);
}
+#define SSL_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
static CamelStream *
http_connect (CamelService *service, CamelURL *url)
@@ -177,7 +178,7 @@ http_connect (CamelService *service, CamelURL *url)
if (!strcasecmp (url->protocol, "https")) {
#ifdef HAVE_SSL
- stream = camel_tcp_stream_ssl_new (service, url->host);
+ stream = camel_tcp_stream_ssl_new (service, url->host, SSL_FLAGS);
#endif
} else {
stream = camel_tcp_stream_raw_new ();
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index fcab45b40c..614b3c552e 100644
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -89,6 +89,7 @@ struct _CamelTcpStreamSSLPrivate {
CamelService *service;
char *expected_host;
gboolean ssl_mode;
+ guint32 flags;
};
static void
@@ -160,6 +161,7 @@ camel_tcp_stream_ssl_get_type (void)
* camel_tcp_stream_ssl_new:
* @service: camel service
* @expected_host: host that the stream is expected to connect with.
+ * @flags: ENABLE_SSL2, ENABLE_SSL3 and/or ENABLE_TLS
*
* Since the SSL certificate authenticator may need to prompt the
* user, a CamelService is needed. @expected_host is needed as a
@@ -168,7 +170,7 @@ camel_tcp_stream_ssl_get_type (void)
* Return value: a ssl stream (in ssl mode)
**/
CamelStream *
-camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host)
+camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host, guint32 flags)
{
CamelTcpStreamSSL *stream;
@@ -177,6 +179,7 @@ camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host)
stream->priv->service = service;
stream->priv->expected_host = g_strdup (expected_host);
stream->priv->ssl_mode = TRUE;
+ stream->priv->flags = flags;
return CAMEL_STREAM (stream);
}
@@ -186,6 +189,7 @@ camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host)
* camel_tcp_stream_ssl_new_raw:
* @service: camel service
* @expected_host: host that the stream is expected to connect with.
+ * @flags: ENABLE_SSL2, ENABLE_SSL3 and/or ENABLE_TLS
*
* Since the SSL certificate authenticator may need to prompt the
* user, a CamelService is needed. @expected_host is needed as a
@@ -194,7 +198,7 @@ camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host)
* Return value: a ssl-capable stream (in non ssl mode)
**/
CamelStream *
-camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host)
+camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host, guint32 flags)
{
CamelTcpStreamSSL *stream;
@@ -203,6 +207,7 @@ camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host)
stream->priv->service = service;
stream->priv->expected_host = g_strdup (expected_host);
stream->priv->ssl_mode = FALSE;
+ stream->priv->flags = flags;
return CAMEL_STREAM (stream);
}
@@ -979,6 +984,19 @@ enable_ssl (CamelTcpStreamSSL *ssl, PRFileDesc *fd)
return NULL;
SSL_OptionSet (ssl_fd, SSL_SECURITY, PR_TRUE);
+ if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL2)
+ SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_TRUE);
+ else
+ SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_FALSE);
+ if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
+ SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_TRUE);
+ else
+ SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_FALSE);
+ if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
+ SSL_OptionSet (ssl_fd, SSL_ENABLE_TLS, PR_TRUE);
+ else
+ SSL_OptionSet (ssl_fd, SSL_ENABLE_TLS, PR_FALSE);
+
SSL_SetURL (ssl_fd, ssl->priv->expected_host);
/*SSL_GetClientAuthDataHook (sslSocket, ssl_get_client_auth, (void *) certNickname);*/
diff --git a/camel/camel-tcp-stream-ssl.h b/camel/camel-tcp-stream-ssl.h
index 5db4a0eb70..a2b6903aeb 100644
--- a/camel/camel-tcp-stream-ssl.h
+++ b/camel/camel-tcp-stream-ssl.h
@@ -38,6 +38,12 @@ extern "C" {
#define CAMEL_TCP_STREAM_SSL_CLASS(k) (CAMEL_CHECK_CLASS_CAST ((k), CAMEL_TCP_STREAM_SSL_TYPE, CamelTcpStreamSSLClass))
#define CAMEL_IS_TCP_STREAM_SSL(o) (CAMEL_CHECK_TYPE((o), CAMEL_TCP_STREAM_SSL_TYPE))
+enum {
+ CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 = (1 << 0),
+ CAMEL_TCP_STREAM_SSL_ENABLE_SSL3 = (1 << 1),
+ CAMEL_TCP_STREAM_SSL_ENABLE_TLS = (1 << 2),
+};
+
struct _CamelTcpStreamSSL {
CamelTcpStream parent_object;
@@ -55,9 +61,9 @@ typedef struct {
CamelType camel_tcp_stream_ssl_get_type (void);
/* public methods */
-CamelStream *camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host);
+CamelStream *camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host, guint32 flags);
-CamelStream *camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host);
+CamelStream *camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host, guint32 flags);
int camel_tcp_stream_ssl_enable_ssl (CamelTcpStreamSSL *ssl);
diff --git a/camel/providers/imap/camel-imap-store.c b/camel/providers/imap/camel-imap-store.c
index 0537eaf0d9..b94751625d 100644
--- a/camel/providers/imap/camel-imap-store.c
+++ b/camel/providers/imap/camel-imap-store.c
@@ -544,6 +544,9 @@ enum {
USE_SSL_WHEN_POSSIBLE
};
+#define SSL_PORT_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
+#define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
+
static gboolean
connect_to_server (CamelService *service, int ssl_mode, int try_starttls, CamelException *ex)
{
@@ -563,11 +566,11 @@ connect_to_server (CamelService *service, int ssl_mode, int try_starttls, CamelE
#ifdef HAVE_SSL
if (ssl_mode != USE_SSL_NEVER) {
- if (try_starttls)
- tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host);
- else {
+ if (try_starttls) {
+ tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host, STARTTLS_FLAGS);
+ } else {
port = service->url->port ? service->url->port : 993;
- tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host);
+ tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host, SSL_PORT_FLAGS);
}
} else {
tcp_stream = camel_tcp_stream_raw_new ();
diff --git a/camel/providers/pop3/camel-pop3-store.c b/camel/providers/pop3/camel-pop3-store.c
index f0928ea4cc..a8c693b168 100644
--- a/camel/providers/pop3/camel-pop3-store.c
+++ b/camel/providers/pop3/camel-pop3-store.c
@@ -141,6 +141,9 @@ enum {
USE_SSL_WHEN_POSSIBLE
};
+#define SSL_PORT_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
+#define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
+
static gboolean
connect_to_server (CamelService *service, int ssl_mode, int try_starttls, CamelException *ex)
{
@@ -159,11 +162,11 @@ connect_to_server (CamelService *service, int ssl_mode, int try_starttls, CamelE
#ifdef HAVE_SSL
if (camel_url_get_param (service->url, "use_ssl")) {
- if (try_starttls)
- tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host);
- else {
+ if (try_starttls) {
+ tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host, STARTTLS_FLAGS);
+ } else {
port = service->url->port ? service->url->port : 995;
- tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host);
+ tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host, SSL_PORT_FLAGS);
}
} else {
tcp_stream = camel_tcp_stream_raw_new ();
diff --git a/camel/providers/smtp/camel-smtp-transport.c b/camel/providers/smtp/camel-smtp-transport.c
index d43f5c6e38..57e1b52779 100644
--- a/camel/providers/smtp/camel-smtp-transport.c
+++ b/camel/providers/smtp/camel-smtp-transport.c
@@ -228,6 +228,9 @@ smtp_error_string (int error)
}
}
+#define SSL_PORT_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
+#define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
+
static gboolean
connect_to_server (CamelService *service, int try_starttls, CamelException *ex)
{
@@ -252,11 +255,11 @@ connect_to_server (CamelService *service, int try_starttls, CamelException *ex)
#ifdef HAVE_SSL
if (transport->flags & CAMEL_SMTP_TRANSPORT_USE_SSL) {
- if (try_starttls)
- tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host);
- else {
+ if (try_starttls) {
+ tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host, STARTTLS_FLAGS);
+ } else {
port = service->url->port ? service->url->port : 465;
- tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host);
+ tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host, SSL_PORT_FLAGS);
}
} else {
tcp_stream = camel_tcp_stream_raw_new ();