From 32a764399bed6e64b6f03578025bf4255cc63183 Mon Sep 17 00:00:00 2001 From: Jeffrey Stedfast Date: Fri, 28 Feb 2003 21:55:06 +0000 Subject: Same as IMAP and POP. 2003-02-28 Jeffrey Stedfast * providers/smtp/camel-smtp-transport.c (connect_to_server): Same as IMAP and POP. * providers/imap/camel-imap-store.c (connect_to_server): Same as the POP3 code. * providers/pop3/camel-pop3-store.c (connect_to_server): Pass in appropriate flags for camel_tcp_stream_ssl_new*() functions. * camel-tcp-stream-ssl.c (enable_ssl): Not all ssl/tls streams will want to allow each of SSLv2, SSLv3 and TLSv1 so use flags to decide which to enable/disable. (camel_tcp_stream_ssl_new): Now takes a flags argument to mask out which SSL/TLS versions the stream should be compatable with. (camel_tcp_stream_ssl_new_raw): Same. svn path=/trunk/; revision=20111 --- camel/ChangeLog | 20 ++++++++++++++++++++ camel/camel-http-stream.c | 3 ++- camel/camel-tcp-stream-ssl.c | 22 ++++++++++++++++++++-- camel/camel-tcp-stream-ssl.h | 10 ++++++++-- camel/providers/imap/camel-imap-store.c | 11 +++++++---- camel/providers/pop3/camel-pop3-store.c | 11 +++++++---- camel/providers/smtp/camel-smtp-transport.c | 11 +++++++---- 7 files changed, 71 insertions(+), 17 deletions(-) (limited to 'camel') diff --git a/camel/ChangeLog b/camel/ChangeLog index 1e8bfcc94c..b3409df56c 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,3 +1,23 @@ +2003-02-28 Jeffrey Stedfast + + * camel-http-stream.c (http_connect): Here too. + + * providers/smtp/camel-smtp-transport.c (connect_to_server): Same + as IMAP and POP. + + * providers/imap/camel-imap-store.c (connect_to_server): Same as + the POP3 code. + + * providers/pop3/camel-pop3-store.c (connect_to_server): Pass in + appropriate flags for camel_tcp_stream_ssl_new*() functions. + + * camel-tcp-stream-ssl.c (enable_ssl): Not all ssl/tls streams + will want to allow each of SSLv2, SSLv3 and TLSv1 so use flags to + decide which to enable/disable. + (camel_tcp_stream_ssl_new): Now takes a flags argument to mask out + which SSL/TLS versions the stream should be compatable with. + (camel_tcp_stream_ssl_new_raw): Same. + 2003-02-27 Jeffrey Stedfast * camel-stream-filter.c: Add a 'flushed' state variable to the diff --git a/camel/camel-http-stream.c b/camel/camel-http-stream.c index 44c7601e82..5c226cd26c 100644 --- a/camel/camel-http-stream.c +++ b/camel/camel-http-stream.c @@ -167,6 +167,7 @@ camel_http_stream_new (CamelHttpMethod method, CamelService *service, CamelURL * return CAMEL_STREAM (stream); } +#define SSL_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3) static CamelStream * http_connect (CamelService *service, CamelURL *url) @@ -177,7 +178,7 @@ http_connect (CamelService *service, CamelURL *url) if (!strcasecmp (url->protocol, "https")) { #ifdef HAVE_SSL - stream = camel_tcp_stream_ssl_new (service, url->host); + stream = camel_tcp_stream_ssl_new (service, url->host, SSL_FLAGS); #endif } else { stream = camel_tcp_stream_raw_new (); diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c index fcab45b40c..614b3c552e 100644 --- a/camel/camel-tcp-stream-ssl.c +++ b/camel/camel-tcp-stream-ssl.c @@ -89,6 +89,7 @@ struct _CamelTcpStreamSSLPrivate { CamelService *service; char *expected_host; gboolean ssl_mode; + guint32 flags; }; static void @@ -160,6 +161,7 @@ camel_tcp_stream_ssl_get_type (void) * camel_tcp_stream_ssl_new: * @service: camel service * @expected_host: host that the stream is expected to connect with. + * @flags: ENABLE_SSL2, ENABLE_SSL3 and/or ENABLE_TLS * * Since the SSL certificate authenticator may need to prompt the * user, a CamelService is needed. @expected_host is needed as a @@ -168,7 +170,7 @@ camel_tcp_stream_ssl_get_type (void) * Return value: a ssl stream (in ssl mode) **/ CamelStream * -camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host) +camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host, guint32 flags) { CamelTcpStreamSSL *stream; @@ -177,6 +179,7 @@ camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host) stream->priv->service = service; stream->priv->expected_host = g_strdup (expected_host); stream->priv->ssl_mode = TRUE; + stream->priv->flags = flags; return CAMEL_STREAM (stream); } @@ -186,6 +189,7 @@ camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host) * camel_tcp_stream_ssl_new_raw: * @service: camel service * @expected_host: host that the stream is expected to connect with. + * @flags: ENABLE_SSL2, ENABLE_SSL3 and/or ENABLE_TLS * * Since the SSL certificate authenticator may need to prompt the * user, a CamelService is needed. @expected_host is needed as a @@ -194,7 +198,7 @@ camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host) * Return value: a ssl-capable stream (in non ssl mode) **/ CamelStream * -camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host) +camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host, guint32 flags) { CamelTcpStreamSSL *stream; @@ -203,6 +207,7 @@ camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host) stream->priv->service = service; stream->priv->expected_host = g_strdup (expected_host); stream->priv->ssl_mode = FALSE; + stream->priv->flags = flags; return CAMEL_STREAM (stream); } @@ -979,6 +984,19 @@ enable_ssl (CamelTcpStreamSSL *ssl, PRFileDesc *fd) return NULL; SSL_OptionSet (ssl_fd, SSL_SECURITY, PR_TRUE); + if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL2) + SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_TRUE); + else + SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_FALSE); + if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3) + SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_TRUE); + else + SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_FALSE); + if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_TLS) + SSL_OptionSet (ssl_fd, SSL_ENABLE_TLS, PR_TRUE); + else + SSL_OptionSet (ssl_fd, SSL_ENABLE_TLS, PR_FALSE); + SSL_SetURL (ssl_fd, ssl->priv->expected_host); /*SSL_GetClientAuthDataHook (sslSocket, ssl_get_client_auth, (void *) certNickname);*/ diff --git a/camel/camel-tcp-stream-ssl.h b/camel/camel-tcp-stream-ssl.h index 5db4a0eb70..a2b6903aeb 100644 --- a/camel/camel-tcp-stream-ssl.h +++ b/camel/camel-tcp-stream-ssl.h @@ -38,6 +38,12 @@ extern "C" { #define CAMEL_TCP_STREAM_SSL_CLASS(k) (CAMEL_CHECK_CLASS_CAST ((k), CAMEL_TCP_STREAM_SSL_TYPE, CamelTcpStreamSSLClass)) #define CAMEL_IS_TCP_STREAM_SSL(o) (CAMEL_CHECK_TYPE((o), CAMEL_TCP_STREAM_SSL_TYPE)) +enum { + CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 = (1 << 0), + CAMEL_TCP_STREAM_SSL_ENABLE_SSL3 = (1 << 1), + CAMEL_TCP_STREAM_SSL_ENABLE_TLS = (1 << 2), +}; + struct _CamelTcpStreamSSL { CamelTcpStream parent_object; @@ -55,9 +61,9 @@ typedef struct { CamelType camel_tcp_stream_ssl_get_type (void); /* public methods */ -CamelStream *camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host); +CamelStream *camel_tcp_stream_ssl_new (CamelService *service, const char *expected_host, guint32 flags); -CamelStream *camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host); +CamelStream *camel_tcp_stream_ssl_new_raw (CamelService *service, const char *expected_host, guint32 flags); int camel_tcp_stream_ssl_enable_ssl (CamelTcpStreamSSL *ssl); diff --git a/camel/providers/imap/camel-imap-store.c b/camel/providers/imap/camel-imap-store.c index 0537eaf0d9..b94751625d 100644 --- a/camel/providers/imap/camel-imap-store.c +++ b/camel/providers/imap/camel-imap-store.c @@ -544,6 +544,9 @@ enum { USE_SSL_WHEN_POSSIBLE }; +#define SSL_PORT_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3) +#define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS) + static gboolean connect_to_server (CamelService *service, int ssl_mode, int try_starttls, CamelException *ex) { @@ -563,11 +566,11 @@ connect_to_server (CamelService *service, int ssl_mode, int try_starttls, CamelE #ifdef HAVE_SSL if (ssl_mode != USE_SSL_NEVER) { - if (try_starttls) - tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host); - else { + if (try_starttls) { + tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host, STARTTLS_FLAGS); + } else { port = service->url->port ? service->url->port : 993; - tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host); + tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host, SSL_PORT_FLAGS); } } else { tcp_stream = camel_tcp_stream_raw_new (); diff --git a/camel/providers/pop3/camel-pop3-store.c b/camel/providers/pop3/camel-pop3-store.c index f0928ea4cc..a8c693b168 100644 --- a/camel/providers/pop3/camel-pop3-store.c +++ b/camel/providers/pop3/camel-pop3-store.c @@ -141,6 +141,9 @@ enum { USE_SSL_WHEN_POSSIBLE }; +#define SSL_PORT_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3) +#define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS) + static gboolean connect_to_server (CamelService *service, int ssl_mode, int try_starttls, CamelException *ex) { @@ -159,11 +162,11 @@ connect_to_server (CamelService *service, int ssl_mode, int try_starttls, CamelE #ifdef HAVE_SSL if (camel_url_get_param (service->url, "use_ssl")) { - if (try_starttls) - tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host); - else { + if (try_starttls) { + tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host, STARTTLS_FLAGS); + } else { port = service->url->port ? service->url->port : 995; - tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host); + tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host, SSL_PORT_FLAGS); } } else { tcp_stream = camel_tcp_stream_raw_new (); diff --git a/camel/providers/smtp/camel-smtp-transport.c b/camel/providers/smtp/camel-smtp-transport.c index d43f5c6e38..57e1b52779 100644 --- a/camel/providers/smtp/camel-smtp-transport.c +++ b/camel/providers/smtp/camel-smtp-transport.c @@ -228,6 +228,9 @@ smtp_error_string (int error) } } +#define SSL_PORT_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3) +#define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS) + static gboolean connect_to_server (CamelService *service, int try_starttls, CamelException *ex) { @@ -252,11 +255,11 @@ connect_to_server (CamelService *service, int try_starttls, CamelException *ex) #ifdef HAVE_SSL if (transport->flags & CAMEL_SMTP_TRANSPORT_USE_SSL) { - if (try_starttls) - tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host); - else { + if (try_starttls) { + tcp_stream = camel_tcp_stream_ssl_new_raw (service, service->url->host, STARTTLS_FLAGS); + } else { port = service->url->port ? service->url->port : 465; - tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host); + tcp_stream = camel_tcp_stream_ssl_new (service, service->url->host, SSL_PORT_FLAGS); } } else { tcp_stream = camel_tcp_stream_raw_new (); -- cgit v1.2.3