aboutsummaryrefslogtreecommitdiffstats
path: root/camel
diff options
context:
space:
mode:
Diffstat (limited to 'camel')
-rw-r--r--camel/ChangeLog8
-rw-r--r--camel/Makefile.am2
-rw-r--r--camel/camel-tcp-stream-openssl.c531
-rw-r--r--camel/camel-tcp-stream-openssl.h70
-rw-r--r--camel/camel-types.h2
5 files changed, 613 insertions, 0 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog
index 9aaa348288..29463c3f0b 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -1,3 +1,11 @@
+2001-03-14 Jeffrey Stedfast <fejj@ximian.com>
+
+ * camel-tcp-stream-openssl.[c,h]: Added
+
+ * Makefile.am: Added camel-tcp-stream-openssl.[c,h] to the build.
+
+ * camel-types.h: Added CamelTcpStreamSSL and CamelTcpStreamOpenSSL
+
2001-03-14 Not Zed <NotZed@Ximian.com>
* camel-mime-filter-charset.c (filter, complete): re-constify
diff --git a/camel/Makefile.am b/camel/Makefile.am
index d054ae1538..cd544eb019 100644
--- a/camel/Makefile.am
+++ b/camel/Makefile.am
@@ -72,6 +72,7 @@ libcamel_la_SOURCES = \
camel-stream.c \
camel-tcp-stream-raw.c \
camel-tcp-stream-ssl.c \
+ camel-tcp-stream-openssl.c \
camel-tcp-stream.c \
camel-transport.c \
camel-uid-cache.c \
@@ -140,6 +141,7 @@ libcamelinclude_HEADERS = \
camel-stream.h \
camel-tcp-stream-raw.h \
camel-tcp-stream-ssl.h \
+ camel-tcp-stream-openssl.h \
camel-tcp-stream.h \
camel-transport.h \
camel-types.h \
diff --git a/camel/camel-tcp-stream-openssl.c b/camel/camel-tcp-stream-openssl.c
new file mode 100644
index 0000000000..d0a6d3f95b
--- /dev/null
+++ b/camel/camel-tcp-stream-openssl.c
@@ -0,0 +1,531 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
+/*
+ * Authors: Jeffrey Stedfast <fejj@ximian.com>
+ *
+ * Copyright 2001 Ximian, Inc. (www.ximian.com)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+
+#include <config.h>
+
+#ifdef HAVE_OPENSSL
+#include "camel-tcp-stream-openssl.h"
+#include "camel-operation.h"
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <string.h>
+
+static CamelTcpStreamClass *parent_class = NULL;
+
+/* Returns the class for a CamelTcpStreamOpenSSL */
+#define CTSR_CLASS(so) CAMEL_TCP_STREAM_OPENSSL_CLASS (CAMEL_OBJECT_GET_CLASS (so))
+
+static ssize_t stream_read (CamelStream *stream, char *buffer, size_t n);
+static ssize_t stream_write (CamelStream *stream, const char *buffer, size_t n);
+static int stream_flush (CamelStream *stream);
+static int stream_close (CamelStream *stream);
+
+static int stream_connect (CamelTcpStream *stream, struct hostent *host, int port);
+static int stream_getsockopt (CamelTcpStream *stream, CamelSockOptData *data);
+static int stream_setsockopt (CamelTcpStream *stream, const CamelSockOptData *data);
+
+static void
+camel_tcp_stream_openssl_class_init (CamelTcpStreamOpenSSLClass *camel_tcp_stream_openssl_class)
+{
+ CamelTcpStreamClass *camel_tcp_stream_class =
+ CAMEL_TCP_STREAM_CLASS (camel_tcp_stream_openssl_class);
+ CamelStreamClass *camel_stream_class =
+ CAMEL_STREAM_CLASS (camel_tcp_stream_openssl_class);
+
+ parent_class = CAMEL_TCP_STREAM_CLASS (camel_type_get_global_classfuncs (camel_tcp_stream_get_type ()));
+
+ /* virtual method overload */
+ camel_stream_class->read = stream_read;
+ camel_stream_class->write = stream_write;
+ camel_stream_class->flush = stream_flush;
+ camel_stream_class->close = stream_close;
+
+ camel_tcp_stream_class->connect = stream_connect;
+ camel_tcp_stream_class->getsockopt = stream_getsockopt;
+ camel_tcp_stream_class->setsockopt = stream_setsockopt;
+}
+
+static void
+camel_tcp_stream_openssl_init (gpointer object, gpointer klass)
+{
+ CamelTcpStreamOpenSSL *stream = CAMEL_TCP_STREAM_OPENSSL (object);
+
+ stream->sockfd = -1;
+ stream->ssl = NULL;
+}
+
+static void
+camel_tcp_stream_openssl_finalize (CamelObject *object)
+{
+ CamelTcpStreamOpenSSL *stream = CAMEL_TCP_STREAM_OPENSSL (object);
+
+ if (stream->ssl) {
+ SSL_shutdown (stream->ssl);
+
+ if (stream->ssl->ctx)
+ SSL_CTX_free (stream->ssl->ctx);
+
+ SSL_free (stream->ssl);
+ }
+
+ if (stream->sockfd != -1)
+ close (stream->sockfd);
+}
+
+
+CamelType
+camel_tcp_stream_openssl_get_type (void)
+{
+ static CamelType type = CAMEL_INVALID_TYPE;
+
+ if (type == CAMEL_INVALID_TYPE) {
+ type = camel_type_register (camel_tcp_stream_get_type (),
+ "CamelTcpStreamOpenSSL",
+ sizeof (CamelTcpStreamOpenSSL),
+ sizeof (CamelTcpStreamOpenSSLClass),
+ (CamelObjectClassInitFunc) camel_tcp_stream_openssl_class_init,
+ NULL,
+ (CamelObjectInitFunc) camel_tcp_stream_openssl_init,
+ (CamelObjectFinalizeFunc) camel_tcp_stream_openssl_finalize);
+ }
+
+ return type;
+}
+
+
+/**
+ * camel_tcp_stream_openssl_new:
+ *
+ * Return value: a tcp stream
+ **/
+CamelStream *
+camel_tcp_stream_openssl_new ()
+{
+ CamelTcpStreamOpenSSL *stream;
+
+ stream = CAMEL_TCP_STREAM_OPENSSL (camel_object_new (camel_tcp_stream_openssl_get_type ()));
+
+ return CAMEL_STREAM (stream);
+}
+
+static ssize_t
+stream_read (CamelStream *stream, char *buffer, size_t n)
+{
+ CamelTcpStreamOpenSSL *tcp_stream_openssl = CAMEL_TCP_STREAM_OPENSSL (stream);
+ ssize_t nread;
+ int cancel_fd;
+
+ if (camel_operation_cancel_check (NULL)) {
+ errno = EINTR;
+ return -1;
+ }
+
+ cancel_fd = camel_operation_cancel_fd (NULL);
+ if (cancel_fd == -1) {
+ do {
+ nread = SSL_read (tcp_stream_openssl->ssl, buffer, n);
+ } while (nread == -1 && errno == EINTR);
+ } else {
+ int flags, fdmax;
+ fd_set rdset;
+
+ flags = fcntl (tcp_stream_openssl->sockfd, F_GETFL);
+ fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags | O_NONBLOCK);
+
+ FD_ZERO (&rdset);
+ FD_SET (tcp_stream_openssl->sockfd, &rdset);
+ FD_SET (cancel_fd, &rdset);
+ fdmax = MAX (tcp_stream_openssl->sockfd, cancel_fd) + 1;
+
+ select (fdmax, &rdset, 0, 0, NULL);
+ if (FD_ISSET (cancel_fd, &rdset)) {
+ fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags);
+ errno = EINTR;
+ return -1;
+ }
+
+ nread = SSL_read (tcp_stream_openssl->ssl, buffer, n);
+ fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags);
+ }
+
+ return nread;
+}
+
+static ssize_t
+stream_write (CamelStream *stream, const char *buffer, size_t n)
+{
+ CamelTcpStreamOpenSSL *tcp_stream_openssl = CAMEL_TCP_STREAM_OPENSSL (stream);
+ ssize_t w, written = 0;
+ int cancel_fd;
+
+ if (camel_operation_cancel_check (NULL)) {
+ errno = EINTR;
+ return -1;
+ }
+
+ cancel_fd = camel_operation_cancel_fd (NULL);
+ if (cancel_fd == -1) {
+ do {
+ written = SSL_write (tcp_stream_openssl->ssl, buffer, n);
+ } while (written == -1 && errno == EINTR);
+ } else {
+ fd_set rdset, wrset;
+ int flags, fdmax;
+
+ flags = fcntl (tcp_stream_openssl->sockfd, F_GETFL);
+ fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags | O_NONBLOCK);
+
+ fdmax = MAX (tcp_stream_openssl->sockfd, cancel_fd) + 1;
+ do {
+ FD_ZERO (&rdset);
+ FD_ZERO (&wrset);
+ FD_SET (tcp_stream_openssl->sockfd, &wrset);
+ FD_SET (cancel_fd, &rdset);
+
+ select (fdmax, &rdset, &wrset, 0, NULL);
+ if (FD_ISSET (cancel_fd, &rdset)) {
+ fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags);
+ errno = EINTR;
+ return -1;
+ }
+
+ w = SSL_write (tcp_stream_openssl->ssl, buffer + written, n - written);
+ if (w > 0)
+ written += w;
+ } while (w != -1 && written < n);
+
+ fcntl (tcp_stream_openssl->sockfd, F_SETFL, flags);
+ }
+
+ return written;
+}
+
+static int
+stream_flush (CamelStream *stream)
+{
+ return fsync (((CamelTcpStreamOpenSSL *)stream)->sockfd);
+}
+
+
+static void
+close_ssl_connection (SSL *ssl)
+{
+ if (ssl) {
+ SSL_shutdown (ssl);
+
+ if (ssl->ctx)
+ SSL_CTX_free (ssl->ctx);
+
+ SSL_free (ssl);
+ }
+}
+
+static int
+stream_close (CamelStream *stream)
+{
+ close_ssl_connection (((CamelTcpStreamOpenSSL *)stream)->ssl);
+ ((CamelTcpStreamOpenSSL *)stream)->ssl = NULL;
+
+ if (close (((CamelTcpStreamOpenSSL *)stream)->sockfd) == -1)
+ return -1;
+
+ ((CamelTcpStreamOpenSSL *)stream)->sockfd = -1;
+ return 0;
+}
+
+/* this is a 'cancellable' connect, cancellable from camel_operation_cancel etc */
+/* returns -1 & errno == EINTR if the connection was cancelled */
+static int
+socket_connect (struct hostent *h, int port)
+{
+ struct sockaddr_in sin;
+ int fd;
+ int ret;
+ socklen_t len;
+ struct timeval tv;
+ int cancel_fd;
+
+ /* see if we're cancelled yet */
+ if (camel_operation_cancel_check (NULL)) {
+ errno = EINTR;
+ return -1;
+ }
+
+ /* setup connect, we do it using a nonblocking socket so we can poll it */
+ sin.sin_port = htons (port);
+ sin.sin_family = h->h_addrtype;
+ memcpy (&sin.sin_addr, h->h_addr, sizeof (sin.sin_addr));
+
+ fd = socket (h->h_addrtype, SOCK_STREAM, 0);
+
+ cancel_fd = camel_operation_cancel_fd (NULL);
+ if (cancel_fd == -1) {
+ ret = connect (fd, (struct sockaddr *)&sin, sizeof (sin));
+ if (ret == -1) {
+ close (fd);
+ return -1;
+ }
+
+ return fd;
+ } else {
+ fd_set rdset, wrset;
+ int flags, fdmax;
+
+ flags = fcntl (fd, F_GETFL);
+ fcntl (fd, F_SETFL, flags | O_NONBLOCK);
+
+ ret = connect (fd, (struct sockaddr *)&sin, sizeof (sin));
+ if (ret == 0) {
+ fcntl (fd, F_SETFL, flags);
+ return fd;
+ }
+
+ if (errno != EINPROGRESS) {
+ close (fd);
+ return -1;
+ }
+
+ FD_ZERO (&rdset);
+ FD_ZERO (&wrset);
+ FD_SET (fd, &wrset);
+ FD_SET (cancel_fd, &rdset);
+ fdmax = MAX (fd, cancel_fd) + 1;
+ tv.tv_usec = 0;
+ tv.tv_sec = 60 * 4;
+
+ if (select (fdmax, &rdset, &wrset, 0, &tv) == 0) {
+ close (fd);
+ errno = ETIMEDOUT;
+ return -1;
+ }
+
+ if (cancel_fd != -1 && FD_ISSET (cancel_fd, &rdset)) {
+ close (fd);
+ errno = EINTR;
+ return -1;
+ } else {
+ len = sizeof (int);
+
+ if (getsockopt (fd, SOL_SOCKET, SO_ERROR, &ret, &len) == -1) {
+ close (fd);
+ return -1;
+ }
+
+ if (ret != 0) {
+ close (fd);
+ errno = ret;
+ return -1;
+ }
+ }
+
+ fcntl (fd, F_SETFL, flags);
+ }
+
+ return fd;
+}
+
+static int
+verify_callback (int ok, X509_STORE_CTX *ctx)
+{
+ char *str, buf[256];
+ X509 *cert;
+ int err;
+
+ cert = X509_STORE_CTX_get_current_cert (ctx);
+ err = X509_STORE_CTX_get_error (ctx);
+
+ str = X509_NAME_oneline (X509_get_subject_name (cert), buf, 256);
+ if (str) {
+ if (ok)
+ d(fprintf (stderr, "CamelTcpStreamSSL: depth=%d %s\n", ctx->error_depth, buf));
+ else
+ d(fprintf (stderr, "CamelTcpStreamSSL: depth=%d error=%d %s\n",
+ ctx->error_depth, err, buf));
+ }
+
+ if (!ok) {
+ switch (err) {
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ /* FIXME: get user's response */
+ ok = 1;
+ }
+ }
+
+ return ok;
+}
+
+static SSL *
+open_ssl_connection (int sockfd)
+{
+ SSL_CTX *ssl_ctx = NULL;
+ SSL *ssl = NULL;
+ int n;
+
+ /* SSLv23_client_method will negotiate with SSL v2, v3, or TLS v1 */
+ ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
+ SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_PEER, &verify_cb);
+ ssl = SSL_new (ssl_ctx);
+ SSL_set_fd (ssl, sockfd);
+
+ n = SSL_connect (ssl);
+ if (n != 1) {
+ SSL_shutdown (ssl);
+
+ if (ssl->ctx)
+ SSL_CTX_free (ssl->ctx);
+
+ SSL_free (ssl);
+ ssl = NULL;
+ }
+
+ return ssl;
+}
+
+static int
+stream_connect (CamelTcpStream *stream, struct hostent *host, int port)
+{
+ CamelTcpStreamOpenSSL *openssl = CAMEL_TCP_STREAM_OPENSSL (stream);
+ SSL *ssl;
+ int fd;
+
+ g_return_val_if_fail (host != NULL, -1);
+
+ fd = socket_connect (host, port);
+ if (fd == -1)
+ return -1;
+
+ ssl = open_ssl_connection (sockfd);
+ if (!ssl)
+ return -1;
+
+ openssl->sockfd = fd;
+ openssl->ssl = ssl;
+
+ return 0;
+}
+
+
+static int
+get_sockopt_level (const CamelSockOptData *data)
+{
+ switch (data->option) {
+ case CAMEL_SOCKOPT_MAXSEGMENT:
+ case CAMEL_SOCKOPT_NODELAY:
+ return IPPROTO_TCP;
+ default:
+ return SOL_SOCKET;
+ }
+}
+
+static int
+get_sockopt_optname (const CamelSockOptData *data)
+{
+ switch (data->option) {
+ case CAMEL_SOCKOPT_MAXSEGMENT:
+ return TCP_MAXSEG;
+ case CAMEL_SOCKOPT_NODELAY:
+ return TCP_NODELAY;
+ case CAMEL_SOCKOPT_BROADCAST:
+ return SO_BROADCAST;
+ case CAMEL_SOCKOPT_KEEPALIVE:
+ return SO_KEEPALIVE;
+ case CAMEL_SOCKOPT_LINGER:
+ return SO_LINGER;
+ case CAMEL_SOCKOPT_RECVBUFFERSIZE:
+ return SO_RCVBUF;
+ case CAMEL_SOCKOPT_SENDBUFFERSIZE:
+ return SO_SNDBUF;
+ case CAMEL_SOCKOPT_REUSEADDR:
+ return SO_REUSEADDR;
+ case CAMEL_SOCKOPT_IPTYPEOFSERVICE:
+ return SO_TYPE;
+ default:
+ return -1;
+ }
+}
+
+static int
+stream_getsockopt (CamelTcpStream *stream, CamelSockOptData *data)
+{
+ int optname, optlen;
+
+ if ((optname = get_sockopt_optname (data)) == -1)
+ return -1;
+
+ if (data->option == CAMEL_SOCKOPT_NONBLOCKING) {
+ int flags;
+
+ flags = fcntl (((CamelTcpStreamOpenSSL *)stream)->sockfd, F_GETFL);
+ if (flags == -1)
+ return -1;
+
+ data->value.non_blocking = flags & O_NONBLOCK;
+
+ return 0;
+ }
+
+ return getsockopt (((CamelTcpStreamOpenSSL *)stream)->sockfd,
+ get_sockopt_level (data),
+ optname,
+ (void *) &data->value,
+ &optlen);
+}
+
+static int
+stream_setsockopt (CamelTcpStream *stream, const CamelSockOptData *data)
+{
+ int optname;
+
+ if ((optname = get_sockopt_optname (data)) == -1)
+ return -1;
+
+ if (data->option == CAMEL_SOCKOPT_NONBLOCKING) {
+ int flags, set;
+
+ flags = fcntl (((CamelTcpStreamOpenSSL *)stream)->sockfd, F_GETFL);
+ if (flags == -1)
+ return -1;
+
+ set = data->value.non_blocking ? 1 : 0;
+ flags = (flags & ~O_NONBLOCK) | (set & O_NONBLOCK);
+
+ if (fcntl (((CamelTcpStreamOpenSSL *)stream)->sockfd, F_SETFL, flags) == -1)
+ return -1;
+
+ return 0;
+ }
+
+ return setsockopt (((CamelTcpStreamOpenSSL *)stream)->sockfd,
+ get_sockopt_level (data),
+ optname,
+ (void *) &data->value,
+ sizeof (data->value));
+}
+
+#endif /* HAVE_OPENSSL */
diff --git a/camel/camel-tcp-stream-openssl.h b/camel/camel-tcp-stream-openssl.h
new file mode 100644
index 0000000000..8424019968
--- /dev/null
+++ b/camel/camel-tcp-stream-openssl.h
@@ -0,0 +1,70 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
+/*
+ * Authors: Jeffrey Stedfast <fejj@ximian.com>
+ *
+ * Copyright 2001 Ximian, Inc. (www.ximian.com)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+
+#ifndef CAMEL_TCP_STREAM_OPENSSL_H
+#define CAMEL_TCP_STREAM_OPENSSL_H
+
+
+#ifdef __cplusplus
+extern "C" {
+#pragma }
+#endif /* __cplusplus */
+
+#ifdef HAVE_OPENSSL
+
+#include <camel/camel-tcp-stream.h>
+#include <openssl/ssl.h>
+
+#define CAMEL_TCP_STREAM_OPENSSL_TYPE (camel_tcp_stream_openssl_get_type ())
+#define CAMEL_TCP_STREAM_OPENSSL(obj) (CAMEL_CHECK_CAST((obj), CAMEL_TCP_STREAM_OPENSSL_TYPE, CamelTcpStreamOpenSSL))
+#define CAMEL_TCP_STREAM_OPENSSL_CLASS(k) (CAMEL_CHECK_CLASS_CAST ((k), CAMEL_TCP_STREAM_OPENSSL_TYPE, CamelTcpStreamOpenSSLClass))
+#define CAMEL_IS_TCP_STREAM_OPENSSL(o) (CAMEL_CHECK_TYPE((o), CAMEL_TCP_STREAM_OPENSSL_TYPE))
+
+struct _CamelTcpStreamOpenSSL
+{
+ CamelTcpStream parent_object;
+
+ int sockfd;
+ SSL *ssl;
+};
+
+typedef struct {
+ CamelTcpStreamClass parent_class;
+
+ /* virtual functions */
+
+} CamelTcpStreamOpenSSLClass;
+
+/* Standard Camel function */
+CamelType camel_tcp_stream_openssl_get_type (void);
+
+/* public methods */
+CamelStream *camel_tcp_stream_openssl_new (void);
+
+#endif /* HAVE_OPENSSL */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* CAMEL_TCP_STREAM_OPENSSL_H */
diff --git a/camel/camel-types.h b/camel/camel-types.h
index eed0ff99a6..727c0a266c 100644
--- a/camel/camel-types.h
+++ b/camel/camel-types.h
@@ -66,6 +66,8 @@ typedef struct _CamelStreamFs CamelStreamFs;
typedef struct _CamelStreamMem CamelStreamMem;
typedef struct _CamelTcpStream CamelTcpStream;
typedef struct _CamelTcpStreamRaw CamelTcpStreamRaw;
+typedef struct _CamelTcpStreamSSL CamelTcpStreamSSL;
+typedef struct _CamelTcpStreamOpenSSL CamelTcpStreamOpenSSL;
typedef struct _CamelTransport CamelTransport;
#ifdef __cplusplus