Commit 457d70d6 authored by Marco d'Itri's avatar Marco d'Itri

GNUTLS support. Used in Debian since Nov. 2001.

parent ab99b0d0
......@@ -109,11 +109,17 @@ WHERE char *Signature;
WHERE char *SimpleSearch;
WHERE char *Spoolfile;
WHERE char *SpamSep;
#if defined(USE_SSL) || defined(USE_NSS)
#if defined(USE_SSL) || defined(USE_NSS) || defined(USE_GNUTLS)
WHERE char *SslCertFile INITVAL (NULL);
#endif
#if defined(USE_SSL) || defined(USE_NSS)
WHERE char *SslEntropyFile INITVAL (NULL);
WHERE char *SslClientCert INITVAL (NULL);
#endif
#ifdef USE_GNUTLS
WHERE short SslDHPrimeBits;
WHERE char *SslCACertFile INITVAL (NULL);
#endif
WHERE char *StChars;
WHERE char *Status;
WHERE char *Tempdir;
......
......@@ -29,7 +29,7 @@
#include "browser.h"
#include "message.h"
#include "imap_private.h"
#ifdef USE_SSL
#if defined(USE_SSL) || defined(USE_GNUTLS)
# include "mutt_ssl.h"
#endif
......@@ -408,7 +408,7 @@ int imap_open_connection (IMAP_DATA* idata)
/* TODO: Parse new tagged CAPABILITY data (* OK [CAPABILITY...]) */
if (imap_check_capabilities (idata))
goto bail;
#if defined(USE_SSL) && !defined(USE_NSS)
#if defined(USE_SSL) || defined(USE_GNUTLS)
/* Attempt STARTTLS if available and desired. */
if (mutt_bit_isset (idata->capabilities, STARTTLS) && !idata->conn->ssf)
{
......@@ -422,7 +422,11 @@ int imap_open_connection (IMAP_DATA* idata)
goto bail;
if (rc != -2)
{
#ifdef USE_SSL
if (mutt_ssl_starttls (idata->conn))
#elif USE_GNUTLS
if (mutt_gnutls_starttls (idata->conn))
#endif
{
mutt_error (_("Could not negotiate TLS connection"));
mutt_sleep (1);
......
......@@ -164,7 +164,7 @@ int imap_parse_path (const char* path, IMAP_MBOX* mx)
}
}
#ifdef USE_SSL
#if defined(USE_SSL) || defined(USE_GNUTLS)
if (option (OPTIMAPFORCESSL))
mx->account.flags |= M_ACCT_SSL;
#endif
......
......@@ -27,7 +27,7 @@
#include "mutt_crypt.h"
#include "mutt_idna.h"
#if defined(USE_SSL) || defined(USE_NSS)
#if defined(USE_SSL) || defined(USE_NSS) || defined(USE_GNUTLS)
#include "mutt_ssl.h"
#endif
......
......@@ -800,7 +800,7 @@ struct option_t MuttVars[] = {
** as folder separators for displaying IMAP paths. In particular it
** helps in using the '=' shortcut for your \fIfolder\fP variable.
*/
# ifdef USE_SSL
# if defined(USE_SSL) || defined(USE_GNUTLS)
{ "imap_force_ssl", DT_BOOL, R_NONE, OPTIMAPFORCESSL, 0 },
/*
** .pp
......@@ -1812,8 +1812,8 @@ struct option_t MuttVars[] = {
** (S/MIME only)
*/
#if defined(USE_SSL)||defined(USE_NSS)
# ifndef USE_NSS
#if defined(USE_SSL)||defined(USE_NSS)||defined(USE_GNUTLS)
# if defined(USE_SSL)||defined(USE_GNUTLS)
{ "ssl_starttls", DT_QUAD, R_NONE, OPT_SSLSTARTTLS, M_YES },
/*
** .pp
......@@ -1822,7 +1822,7 @@ struct option_t MuttVars[] = {
** use STARTTLS regardless of the server's capabilities.
*/
# endif
{ "certificate_file", DT_PATH, R_NONE, UL &SslCertFile, 0 },
{ "certificate_file", DT_PATH, R_NONE, UL &SslCertFile, UL "~/.mutt_certificates" },
/*
** .pp
** This variable specifies the file where the certificates you trust
......@@ -1837,6 +1837,7 @@ struct option_t MuttVars[] = {
** .pp
** Example: set certificate_file=~/.mutt/certificates
*/
# ifndef USE_GNUTLS
{ "ssl_usesystemcerts", DT_BOOL, R_NONE, OPTSSLSYSTEMCERTS, 1 },
/*
** .pp
......@@ -1856,6 +1857,7 @@ struct option_t MuttVars[] = {
** This variables specifies whether to attempt to use SSLv2 in the
** SSL authentication process.
*/
# endif
{ "ssl_use_sslv3", DT_BOOL, R_NONE, OPTSSLV3, 1 },
/*
** .pp
......@@ -1874,6 +1876,24 @@ struct option_t MuttVars[] = {
** The file containing a client certificate and its associated private
** key.
*/
#ifdef USE_GNUTLS
{ "ssl_min_dh_prime_bits", DT_NUM, R_NONE, UL &SslDHPrimeBits, 0 },
/*
** .pp
** This variable specifies the minimum acceptable prime size (in bits)
** for use in any Diffie-Hellman key exchange. A value of 0 will use
** the default from the GNUTLS library.
*/
{ "ssl_ca_certificates_file", DT_PATH, R_NONE, UL &SslCACertFile, 0 },
/*
** .pp
** This variable specifies a file containing trusted CA certificates.
** Any server certificate that is signed with one of these CA
** certificates are also automatically accepted.
** .pp
** Example: set ssl_ca_certificates_file=/etc/ssl/certs/ca-certificates.crt
*/
#endif
#endif
{ "pipe_split", DT_BOOL, R_NONE, OPTPIPESPLIT, 0 },
......
......@@ -242,6 +242,12 @@ static void show_version (void)
"-USE_SSL "
#endif
#ifdef USE_GNUTLS
"+USE_GNUTLS "
#else
"-USE_GNUTLS "
#endif
#ifdef USE_SASL
"+USE_SASL "
#else
......
......@@ -291,7 +291,7 @@ enum
OPT_QUIT,
OPT_REPLYTO,
OPT_RECALL,
#ifdef USE_SSL
#if defined(USE_SSL) || defined(USE_GNUTLS)
OPT_SSLSTARTTLS,
#endif
OPT_SUBJECT,
......@@ -368,15 +368,19 @@ enum
OPTIMAPPASSIVE,
OPTIMAPPEEK,
OPTIMAPSERVERNOISE,
# ifdef USE_SSL
# if defined(USE_SSL) || defined(USE_GNUTLS)
OPTIMAPFORCESSL,
# endif
#endif
#if defined(USE_SSL) || defined(USE_NSS)
#if defined(USE_SSL) || defined(USE_NSS) || defined(USE_GNUTLS)
# ifndef USE_GNUTLS
OPTSSLV2,
# endif
OPTSSLV3,
OPTTLSV1,
# ifndef USE_GNUTLS
OPTSSLSYSTEMCERTS,
# endif
#endif
OPTIMPLICITAUTOVIEW,
OPTINCLUDEONLYFIRST,
......
......@@ -294,7 +294,7 @@ dprint(1,(debugfile, "local ip: %s, remote ip:%s\n", iplocalport, ipremoteport))
* If someone does it'd probably be trivial to write mutt_nss_get_ssf().
* I have a feeling more SSL code could be shared between those two files,
* but I haven't looked into it yet, since I still don't know the APIs. */
#if defined(USE_SSL)
#if defined(USE_SSL) || defined(USE_GNUTLS)
if (conn->ssf)
{
#ifdef USE_SASL2 /* I'm not sure this actually has an effect, at least with SASLv2 */
......
......@@ -22,7 +22,7 @@
#include "globals.h"
#include "mutt_socket.h"
#include "mutt_tunnel.h"
#ifdef USE_SSL
#if defined(USE_SSL) || defined(USE_GNUTLS) || defined(USE_NSS)
# include "mutt_ssl.h"
#endif
......@@ -257,6 +257,12 @@ CONNECTION* mutt_conn_find (const CONNECTION* start, const ACCOUNT* account)
ssl_socket_setup (conn);
#elif USE_NSS
mutt_nss_socket_setup (conn);
#elif USE_GNUTLS
if (mutt_gnutls_socket_setup (conn) < 0)
{
mutt_socket_free (conn);
return NULL;
}
#else
mutt_error _("SSL is unavailable.");
mutt_sleep (2);
......
......@@ -21,8 +21,17 @@
#include "mutt_socket.h"
#ifdef USE_SSL
int mutt_ssl_starttls (CONNECTION* conn);
extern int ssl_socket_setup (CONNECTION *conn);
#endif
#ifdef USE_GNUTLS
int mutt_gnutls_starttls (CONNECTION* conn);
extern int mutt_gnutls_socket_setup (CONNECTION *conn);
#endif
#ifdef USE_NSS
int mutt_nss_socket_setup (CONNECTION* conn);
#endif
#endif /* _MUTT_SSL_H_ */
This diff is collapsed.
......@@ -270,7 +270,7 @@ int pop_open_connection (POP_DATA *pop_data)
return -2;
}
#if defined(USE_SSL) && !defined(USE_NSS)
#if (defined(USE_SSL) || defined(USE_GNUTLS)) && !defined(USE_NSS)
/* Attempt STLS if available and desired. */
if (pop_data->cmd_stls && !pop_data->conn->ssf)
{
......@@ -295,7 +295,11 @@ int pop_open_connection (POP_DATA *pop_data)
mutt_error ("%s", pop_data->err_msg);
mutt_sleep (2);
}
#ifdef USE_SSL
else if (mutt_ssl_starttls (pop_data->conn))
#elif USE_GNUTLS
else if (mutt_gnutls_starttls (pop_data->conn))
#endif
{
mutt_error (_("Could not negotiate TLS connection"));
mutt_sleep (2);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment