diff options
Diffstat (limited to 'camel')
-rw-r--r-- | camel/ChangeLog | 8 | ||||
-rw-r--r-- | camel/Makefile.am | 2 | ||||
-rw-r--r-- | camel/camel-tcp-stream-openssl.c | 531 | ||||
-rw-r--r-- | camel/camel-tcp-stream-openssl.h | 70 | ||||
-rw-r--r-- | camel/camel-types.h | 2 |
5 files changed, 613 insertions, 0 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog index 9aaa348288..29463c3f0b 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,3 +1,11 @@ +2001-03-14 Jeffrey Stedfast <fejj@ximian.com> + + * camel-tcp-stream-openssl.[c,h]: Added + + * Makefile.am: Added camel-tcp-stream-openssl.[c,h] to the build. + + * camel-types.h: Added CamelTcpStreamSSL and CamelTcpStreamOpenSSL + 2001-03-14 Not Zed <NotZed@Ximian.com> * camel-mime-filter-charset.c (filter, complete): re-constify diff --git a/camel/Makefile.am b/camel/Makefile.am index d054ae1538..cd544eb019 100644 --- a/camel/Makefile.am +++ b/camel/Makefile.am @@ -72,6 +72,7 @@ libcamel_la_SOURCES = \ camel-stream.c \ camel-tcp-stream-raw.c \ camel-tcp-stream-ssl.c \ + camel-tcp-stream-openssl.c \ camel-tcp-stream.c \ camel-transport.c \ camel-uid-cache.c \ @@ -140,6 +141,7 @@ libcamelinclude_HEADERS = \ camel-stream.h \ camel-tcp-stream-raw.h \ camel-tcp-stream-ssl.h \ + camel-tcp-stream-openssl.h \ camel-tcp-stream.h \ camel-transport.h \ camel-types.h \ diff --git a/camel/camel-tcp-stream-openssl.c b/camel/camel-tcp-stream-openssl.c new file mode 100644 index 0000000000..d0a6d3f95b --- /dev/null +++ b/camel/camel-tcp-stream-openssl.c @@ -0,0 +1,531 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ +/* + * Authors: Jeffrey Stedfast <fejj@ximian.com> + * + * Copyright 2001 Ximian, Inc. (www.ximian.com) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. + * + */ + + +#include <config.h> + +#ifdef HAVE_OPENSSL +#include "camel-tcp-stream-openssl.h" +#include "camel-operation.h" +#include <sys/time.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> +#include <fcntl.h> +#include <errno.h> +#include <string.h> + +static CamelTcpStreamClass *parent_class = NULL; + +/* Returns the class for a CamelTcpStreamOpenSSL */ +#define CTSR_CLASS(so) CAMEL_TCP_STREAM_OPENSSL_CLASS (CAMEL_OBJECT_GET_CLASS (so)) + +static ssize_t stream_read (CamelStream *stream, char *buffer, size_t n); +static ssize_t stream_write (CamelStream *stream, const char *buffer, size_t n); +static int stream_flush (CamelStream *stream); +static int stream_close (CamelStream *stream); + +static int stream_connect (CamelTcpStream *stream, struct hostent *host, int port); +static int stream_getsockopt (CamelTcpStream *stream, CamelSockOptData *data); +static int stream_setsockopt (CamelTcpStream *stream, const CamelSockOptData *data); + +static void +camel_tcp_stream_openssl_class_init (CamelTcpStreamOpenSSLClass *camel_tcp_stream_openssl_class) +{ + CamelTcpStreamClass *camel_tcp_stream_class = + CAMEL_TCP_STREAM_CLASS (camel_tcp_stream_openssl_class); + CamelStreamClass *camel_stream_class = + CAMEL_STREAM_CLASS (camel_tcp_stream_openssl_class); + + parent_class = CAMEL_TCP_STREAM_CLASS (camel_type_get_global_classfuncs (camel_tcp_stream_get_type ())); + + /* virtual method overload */ + camel_stream_class->read = stream_read; + camel_stream_class->write = stream_write; + camel_stream_class->flush = stream_flush; + camel_stream_class->close = stream_close; + + camel_tcp_stream_class->connect = stream_connect; + camel_tcp_stream_class->getsockopt = stream_getsockopt; + camel_tcp_stream_class->setsockopt = stream_setsockopt; +} + +static void +camel_tcp_stream_openssl_init (gpointer object, gpointer klass) +{ + CamelTcpStreamOpenSSL *stream = CAMEL_TCP_STREAM_OPENSSL (object); + + stream->sockfd = -1; + stream->ssl = NULL; +} + +static void +camel_tcp_stream_openssl_finalize (CamelObject *object) +{ + CamelTcpStreamOpenSSL *stream = CAMEL_TCP_STREAM_OPENSSL (object); + + if (stream->ssl) { + SSL_shutdown (stream->ssl); + + if (stream->ssl->ctx) + SSL_CTX_free (stream->ssl->ctx); + + SSL_free (stream->ssl); + } + + if (stream->sockfd != -1) + close (stream->sockfd); +} + + +CamelType +camel_tcp_stream_openssl_get_type (void) +{ + static CamelType type = CAMEL_INVALID_TYPE; + + if (type == CAMEL_INVALID_TYPE) { + type = camel_type_register (camel_tcp_stream_get_type (), + "CamelTcpStreamOpenSSL", + sizeof (CamelTcpStreamOpenSSL), + sizeof (CamelTcpStreamOpenSSLClass), + (CamelObjectClassInitFunc) camel_tcp_stream_openssl_class_init, + NULL, + (CamelObjectInitFunc) camel_tcp_stream_openssl_init, + (CamelObjectFinalizeFunc) camel_tcp_stream_openssl_finalize); + } + + return type; +} + + +/** + * camel_tcp_stream_openssl_new: + * + * Return value: a tcp stream + **/ +CamelStream * +camel_tcp_stream_openssl_new () +{ + CamelTcpStreamOpenSSL *stream; + + stream = CAMEL_TCP_STREAM_OPENSSL (camel_object_new (camel_tcp_stream_openssl_get_type ())); + + return CAMEL_STREAM (stream); +} + +static ssize_t +stream_read (CamelStream *stream, char *buffer, size_t n) +{ + CamelTcpStreamOpenSSL *tcp_stream_openssl = CAMEL_TCP_STREAM_OPENSSL (stream); + ssize_t nread; + int cancel_fd; + + if (camel_operation_cancel_check (NULL)) { + errno = EINTR; + return -1; + } + + cancel_fd = camel_operation_cancel_fd (NULL); + if (cancel_fd == -1) { + do { + nread = SSL_read (tcp_stream_openssl->ssl, buffer, n); + } while (nread == -1 && errno == EINTR); + } else { + int flags, fdmax; + fd_set rdset; + + flags = fcntl (tcp_stream_openssl->sockfd, F_GETFL); + fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags | O_NONBLOCK); + + FD_ZERO (&rdset); + FD_SET (tcp_stream_openssl->sockfd, &rdset); + FD_SET (cancel_fd, &rdset); + fdmax = MAX (tcp_stream_openssl->sockfd, cancel_fd) + 1; + + select (fdmax, &rdset, 0, 0, NULL); + if (FD_ISSET (cancel_fd, &rdset)) { + fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags); + errno = EINTR; + return -1; + } + + nread = SSL_read (tcp_stream_openssl->ssl, buffer, n); + fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags); + } + + return nread; +} + +static ssize_t +stream_write (CamelStream *stream, const char *buffer, size_t n) +{ + CamelTcpStreamOpenSSL *tcp_stream_openssl = CAMEL_TCP_STREAM_OPENSSL (stream); + ssize_t w, written = 0; + int cancel_fd; + + if (camel_operation_cancel_check (NULL)) { + errno = EINTR; + return -1; + } + + cancel_fd = camel_operation_cancel_fd (NULL); + if (cancel_fd == -1) { + do { + written = SSL_write (tcp_stream_openssl->ssl, buffer, n); + } while (written == -1 && errno == EINTR); + } else { + fd_set rdset, wrset; + int flags, fdmax; + + flags = fcntl (tcp_stream_openssl->sockfd, F_GETFL); + fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags | O_NONBLOCK); + + fdmax = MAX (tcp_stream_openssl->sockfd, cancel_fd) + 1; + do { + FD_ZERO (&rdset); + FD_ZERO (&wrset); + FD_SET (tcp_stream_openssl->sockfd, &wrset); + FD_SET (cancel_fd, &rdset); + + select (fdmax, &rdset, &wrset, 0, NULL); + if (FD_ISSET (cancel_fd, &rdset)) { + fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags); + errno = EINTR; + return -1; + } + + w = SSL_write (tcp_stream_openssl->ssl, buffer + written, n - written); + if (w > 0) + written += w; + } while (w != -1 && written < n); + + fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags); + } + + return written; +} + +static int +stream_flush (CamelStream *stream) +{ + return fsync (((CamelTcpStreamOpenSSL *)stream)->sockfd); +} + + +static void +close_ssl_connection (SSL *ssl) +{ + if (ssl) { + SSL_shutdown (ssl); + + if (ssl->ctx) + SSL_CTX_free (ssl->ctx); + + SSL_free (ssl); + } +} + +static int +stream_close (CamelStream *stream) +{ + close_ssl_connection (((CamelTcpStreamOpenSSL *)stream)->ssl); + ((CamelTcpStreamOpenSSL *)stream)->ssl = NULL; + + if (close (((CamelTcpStreamOpenSSL *)stream)->sockfd) == -1) + return -1; + + ((CamelTcpStreamOpenSSL *)stream)->sockfd = -1; + return 0; +} + +/* this is a 'cancellable' connect, cancellable from camel_operation_cancel etc */ +/* returns -1 & errno == EINTR if the connection was cancelled */ +static int +socket_connect (struct hostent *h, int port) +{ + struct sockaddr_in sin; + int fd; + int ret; + socklen_t len; + struct timeval tv; + int cancel_fd; + + /* see if we're cancelled yet */ + if (camel_operation_cancel_check (NULL)) { + errno = EINTR; + return -1; + } + + /* setup connect, we do it using a nonblocking socket so we can poll it */ + sin.sin_port = htons (port); + sin.sin_family = h->h_addrtype; + memcpy (&sin.sin_addr, h->h_addr, sizeof (sin.sin_addr)); + + fd = socket (h->h_addrtype, SOCK_STREAM, 0); + + cancel_fd = camel_operation_cancel_fd (NULL); + if (cancel_fd == -1) { + ret = connect (fd, (struct sockaddr *)&sin, sizeof (sin)); + if (ret == -1) { + close (fd); + return -1; + } + + return fd; + } else { + fd_set rdset, wrset; + int flags, fdmax; + + flags = fcntl (fd, F_GETFL); + fcntl (fd, F_SETFL, flags | O_NONBLOCK); + + ret = connect (fd, (struct sockaddr *)&sin, sizeof (sin)); + if (ret == 0) { + fcntl (fd, F_SETFL, flags); + return fd; + } + + if (errno != EINPROGRESS) { + close (fd); + return -1; + } + + FD_ZERO (&rdset); + FD_ZERO (&wrset); + FD_SET (fd, &wrset); + FD_SET (cancel_fd, &rdset); + fdmax = MAX (fd, cancel_fd) + 1; + tv.tv_usec = 0; + tv.tv_sec = 60 * 4; + + if (select (fdmax, &rdset, &wrset, 0, &tv) == 0) { + close (fd); + errno = ETIMEDOUT; + return -1; + } + + if (cancel_fd != -1 && FD_ISSET (cancel_fd, &rdset)) { + close (fd); + errno = EINTR; + return -1; + } else { + len = sizeof (int); + + if (getsockopt (fd, SOL_SOCKET, SO_ERROR, &ret, &len) == -1) { + close (fd); + return -1; + } + + if (ret != 0) { + close (fd); + errno = ret; + return -1; + } + } + + fcntl (fd, F_SETFL, flags); + } + + return fd; +} + +static int +verify_callback (int ok, X509_STORE_CTX *ctx) +{ + char *str, buf[256]; + X509 *cert; + int err; + + cert = X509_STORE_CTX_get_current_cert (ctx); + err = X509_STORE_CTX_get_error (ctx); + + str = X509_NAME_oneline (X509_get_subject_name (cert), buf, 256); + if (str) { + if (ok) + d(fprintf (stderr, "CamelTcpStreamSSL: depth=%d %s\n", ctx->error_depth, buf)); + else + d(fprintf (stderr, "CamelTcpStreamSSL: depth=%d error=%d %s\n", + ctx->error_depth, err, buf)); + } + + if (!ok) { + switch (err) { + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + /* FIXME: get user's response */ + ok = 1; + } + } + + return ok; +} + +static SSL * +open_ssl_connection (int sockfd) +{ + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + int n; + + /* SSLv23_client_method will negotiate with SSL v2, v3, or TLS v1 */ + ssl_ctx = SSL_CTX_new (SSLv23_client_method ()); + SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &verify_cb); + ssl = SSL_new (ssl_ctx); + SSL_set_fd (ssl, sockfd); + + n = SSL_connect (ssl); + if (n != 1) { + SSL_shutdown (ssl); + + if (ssl->ctx) + SSL_CTX_free (ssl->ctx); + + SSL_free (ssl); + ssl = NULL; + } + + return ssl; +} + +static int +stream_connect (CamelTcpStream *stream, struct hostent *host, int port) +{ + CamelTcpStreamOpenSSL *openssl = CAMEL_TCP_STREAM_OPENSSL (stream); + SSL *ssl; + int fd; + + g_return_val_if_fail (host != NULL, -1); + + fd = socket_connect (host, port); + if (fd == -1) + return -1; + + ssl = open_ssl_connection (sockfd); + if (!ssl) + return -1; + + openssl->sockfd = fd; + openssl->ssl = ssl; + + return 0; +} + + +static int +get_sockopt_level (const CamelSockOptData *data) +{ + switch (data->option) { + case CAMEL_SOCKOPT_MAXSEGMENT: + case CAMEL_SOCKOPT_NODELAY: + return IPPROTO_TCP; + default: + return SOL_SOCKET; + } +} + +static int +get_sockopt_optname (const CamelSockOptData *data) +{ + switch (data->option) { + case CAMEL_SOCKOPT_MAXSEGMENT: + return TCP_MAXSEG; + case CAMEL_SOCKOPT_NODELAY: + return TCP_NODELAY; + case CAMEL_SOCKOPT_BROADCAST: + return SO_BROADCAST; + case CAMEL_SOCKOPT_KEEPALIVE: + return SO_KEEPALIVE; + case CAMEL_SOCKOPT_LINGER: + return SO_LINGER; + case CAMEL_SOCKOPT_RECVBUFFERSIZE: + return SO_RCVBUF; + case CAMEL_SOCKOPT_SENDBUFFERSIZE: + return SO_SNDBUF; + case CAMEL_SOCKOPT_REUSEADDR: + return SO_REUSEADDR; + case CAMEL_SOCKOPT_IPTYPEOFSERVICE: + return SO_TYPE; + default: + return -1; + } +} + +static int +stream_getsockopt (CamelTcpStream *stream, CamelSockOptData *data) +{ + int optname, optlen; + + if ((optname = get_sockopt_optname (data)) == -1) + return -1; + + if (data->option == CAMEL_SOCKOPT_NONBLOCKING) { + int flags; + + flags = fcntl (((CamelTcpStreamOpenSSL *)stream)->sockfd, F_GETFL); + if (flags == -1) + return -1; + + data->value.non_blocking = flags & O_NONBLOCK; + + return 0; + } + + return getsockopt (((CamelTcpStreamOpenSSL *)stream)->sockfd, + get_sockopt_level (data), + optname, + (void *) &data->value, + &optlen); +} + +static int +stream_setsockopt (CamelTcpStream *stream, const CamelSockOptData *data) +{ + int optname; + + if ((optname = get_sockopt_optname (data)) == -1) + return -1; + + if (data->option == CAMEL_SOCKOPT_NONBLOCKING) { + int flags, set; + + flags = fcntl (((CamelTcpStreamOpenSSL *)stream)->sockfd, F_GETFL); + if (flags == -1) + return -1; + + set = data->value.non_blocking ? 1 : 0; + flags = (flags & ~O_NONBLOCK) | (set & O_NONBLOCK); + + if (fcntl (((CamelTcpStreamOpenSSL *)stream)->sockfd, F_SETFL, flags) == -1) + return -1; + + return 0; + } + + return setsockopt (((CamelTcpStreamOpenSSL *)stream)->sockfd, + get_sockopt_level (data), + optname, + (void *) &data->value, + sizeof (data->value)); +} + +#endif /* HAVE_OPENSSL */ diff --git a/camel/camel-tcp-stream-openssl.h b/camel/camel-tcp-stream-openssl.h new file mode 100644 index 0000000000..8424019968 --- /dev/null +++ b/camel/camel-tcp-stream-openssl.h @@ -0,0 +1,70 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ +/* + * Authors: Jeffrey Stedfast <fejj@ximian.com> + * + * Copyright 2001 Ximian, Inc. (www.ximian.com) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. + * + */ + + +#ifndef CAMEL_TCP_STREAM_OPENSSL_H +#define CAMEL_TCP_STREAM_OPENSSL_H + + +#ifdef __cplusplus +extern "C" { +#pragma } +#endif /* __cplusplus */ + +#ifdef HAVE_OPENSSL + +#include <camel/camel-tcp-stream.h> +#include <openssl/ssl.h> + +#define CAMEL_TCP_STREAM_OPENSSL_TYPE (camel_tcp_stream_openssl_get_type ()) +#define CAMEL_TCP_STREAM_OPENSSL(obj) (CAMEL_CHECK_CAST((obj), CAMEL_TCP_STREAM_OPENSSL_TYPE, CamelTcpStreamOpenSSL)) +#define CAMEL_TCP_STREAM_OPENSSL_CLASS(k) (CAMEL_CHECK_CLASS_CAST ((k), CAMEL_TCP_STREAM_OPENSSL_TYPE, CamelTcpStreamOpenSSLClass)) +#define CAMEL_IS_TCP_STREAM_OPENSSL(o) (CAMEL_CHECK_TYPE((o), CAMEL_TCP_STREAM_OPENSSL_TYPE)) + +struct _CamelTcpStreamOpenSSL +{ + CamelTcpStream parent_object; + + int sockfd; + SSL *ssl; +}; + +typedef struct { + CamelTcpStreamClass parent_class; + + /* virtual functions */ + +} CamelTcpStreamOpenSSLClass; + +/* Standard Camel function */ +CamelType camel_tcp_stream_openssl_get_type (void); + +/* public methods */ +CamelStream *camel_tcp_stream_openssl_new (void); + +#endif /* HAVE_OPENSSL */ + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* CAMEL_TCP_STREAM_OPENSSL_H */ diff --git a/camel/camel-types.h b/camel/camel-types.h index eed0ff99a6..727c0a266c 100644 --- a/camel/camel-types.h +++ b/camel/camel-types.h @@ -66,6 +66,8 @@ typedef struct _CamelStreamFs CamelStreamFs; typedef struct _CamelStreamMem CamelStreamMem; typedef struct _CamelTcpStream CamelTcpStream; typedef struct _CamelTcpStreamRaw CamelTcpStreamRaw; +typedef struct _CamelTcpStreamSSL CamelTcpStreamSSL; +typedef struct _CamelTcpStreamOpenSSL CamelTcpStreamOpenSSL; typedef struct _CamelTransport CamelTransport; #ifdef __cplusplus |