From 32a764399bed6e64b6f03578025bf4255cc63183 Mon Sep 17 00:00:00 2001
From: Jeffrey Stedfast <fejj@ximian.com>
Date: Fri, 28 Feb 2003 21:55:06 +0000
Subject: Same as IMAP and POP.

2003-02-28  Jeffrey Stedfast  <fejj@ximian.com>

	* providers/smtp/camel-smtp-transport.c (connect_to_server): Same
	as IMAP and POP.

	* providers/imap/camel-imap-store.c (connect_to_server): Same as
	the POP3 code.

	* providers/pop3/camel-pop3-store.c (connect_to_server): Pass in
	appropriate flags for camel_tcp_stream_ssl_new*() functions.

	* camel-tcp-stream-ssl.c (enable_ssl): Not all ssl/tls streams
	will want to allow each of SSLv2, SSLv3 and TLSv1 so use flags to
	decide which to enable/disable.
	(camel_tcp_stream_ssl_new): Now takes a flags argument to mask out
	which SSL/TLS versions the stream should be compatable with.
	(camel_tcp_stream_ssl_new_raw): Same.

svn path=/trunk/; revision=20111
---
 camel/camel-tcp-stream-ssl.c | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

(limited to 'camel/camel-tcp-stream-ssl.c')

diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index fcab45b40c..614b3c552e 100644
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -89,6 +89,7 @@ struct _CamelTcpStreamSSLPrivate {
 	CamelService *service;
 	char *expected_host;
 	gboolean ssl_mode;
+	guint32 flags;
 };
 
 static void
@@ -160,6 +161,7 @@ camel_tcp_stream_ssl_get_type (void)
  * camel_tcp_stream_ssl_new:
  * @service: camel service
  * @expected_host: host that the stream is expected to connect with.
+ * @flags: ENABLE_SSL2, ENABLE_SSL3 and/or ENABLE_TLS
  *
  * Since the SSL certificate authenticator may need to prompt the
  * user, a CamelService is needed. @expected_host is needed as a
@@ -168,7 +170,7 @@ camel_tcp_stream_ssl_get_type (void)
  * Return value: a ssl stream (in ssl mode)
  **/
 CamelStream *
-camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host)
+camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host, guint32 flags)
 {
 	CamelTcpStreamSSL *stream;
 	
@@ -177,6 +179,7 @@ camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host)
 	stream->priv->service = service;
 	stream->priv->expected_host = g_strdup (expected_host);
 	stream->priv->ssl_mode = TRUE;
+	stream->priv->flags = flags;
 	
 	return CAMEL_STREAM (stream);
 }
@@ -186,6 +189,7 @@ camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host)
  * camel_tcp_stream_ssl_new_raw:
  * @service: camel service
  * @expected_host: host that the stream is expected to connect with.
+ * @flags: ENABLE_SSL2, ENABLE_SSL3 and/or ENABLE_TLS
  *
  * Since the SSL certificate authenticator may need to prompt the
  * user, a CamelService is needed. @expected_host is needed as a
@@ -194,7 +198,7 @@ camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host)
  * Return value: a ssl-capable stream (in non ssl mode)
  **/
 CamelStream *
-camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host)
+camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host, guint32 flags)
 {
 	CamelTcpStreamSSL *stream;
 	
@@ -203,6 +207,7 @@ camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host)
 	stream->priv->service = service;
 	stream->priv->expected_host = g_strdup (expected_host);
 	stream->priv->ssl_mode = FALSE;
+	stream->priv->flags = flags;
 	
 	return CAMEL_STREAM (stream);
 }
@@ -979,6 +984,19 @@ enable_ssl (CamelTcpStreamSSL *ssl, PRFileDesc *fd)
 		return NULL;
 	
 	SSL_OptionSet (ssl_fd, SSL_SECURITY, PR_TRUE);
+	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL2)
+		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_TRUE);
+	else
+		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_FALSE);
+	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
+		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_TRUE);
+	else
+		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_FALSE);
+	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
+		SSL_OptionSet (ssl_fd, SSL_ENABLE_TLS, PR_TRUE);
+	else
+		SSL_OptionSet (ssl_fd, SSL_ENABLE_TLS, PR_FALSE);
+	
 	SSL_SetURL (ssl_fd, ssl->priv->expected_host);
 	
 	/*SSL_GetClientAuthDataHook (sslSocket, ssl_get_client_auth, (void *) certNickname);*/
-- 
cgit v1.2.3