Skip to content

John McEleney / mailutils

Go to a project
Toggle navigation
Toggle navigation pinning
Switch branch/tag
tlsvar.c 2.49 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 
/* GNU Mailutils -- a suite of utilities for electronic mail
   Copyright (C) 2003-2004, 2007-2012, 2014-2017 Free Software
   Foundation, Inc.

   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 3 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General
   Public License along with this library.  If not, see
   <http://www.gnu.org/licenses/>. */

#if HAVE_CONFIG_H
# include <config.h>
#endif

#include <mailutils/tls.h>
#include <mailutils/errno.h>

int mu_tls_enable = 0;
int mu_tls_cert_file_checks = MU_TLS_CERT_FILE_CHECKS;
int mu_tls_key_file_checks  = MU_TLS_KEY_FILE_CHECKS;
int mu_tls_ca_file_checks   = MU_TLS_CA_FILE_CHECKS;

static int
check_err(int rc)
{
  switch (rc)
    {
    case MU_ERR_PERM_OWNER_MISMATCH:
    case MU_ERR_PERM_GROUP_WRITABLE:
    case MU_ERR_PERM_WORLD_WRITABLE:
    case MU_ERR_PERM_GROUP_READABLE:
    case MU_ERR_PERM_WORLD_READABLE:
    case MU_ERR_PERM_LINKED_WRDIR:
    case MU_ERR_PERM_DIR_IWGRP:
    case MU_ERR_PERM_DIR_IWOTH:
      return MU_TLS_CONFIG_UNSAFE;
    default:
      return MU_TLS_CONFIG_FAIL;
    }
}

int
mu_tls_config_check (struct mu_tls_config const *conf, int verbose)
{
  int rc;
  int res = MU_TLS_CONFIG_NULL;
  
  if (conf->cert_file)
    {
      rc = mu_file_safety_check (conf->cert_file, mu_tls_cert_file_checks,
				 -1, NULL);
      if (rc)
	{
	  if (verbose)
	    mu_error ("%s: %s", conf->cert_file, mu_strerror (rc));
	  return check_err (rc);
	}
      res = MU_TLS_CONFIG_OK;
    }

  if (conf->key_file)
    {
      rc = mu_file_safety_check (conf->key_file, mu_tls_key_file_checks,
				 -1, NULL);
      if (rc)
	{
	  if (verbose)
	    mu_error ("%s: %s", conf->key_file, mu_strerror (rc));
	  return check_err (rc);
	}
      res = MU_TLS_CONFIG_OK;
    }

  if (conf->ca_file)
    {
      rc = mu_file_safety_check (conf->ca_file, mu_tls_ca_file_checks,
				 -1, NULL);
      if (rc)
	{
	  if (verbose)
	    mu_error ("%s: %s", conf->ca_file, mu_strerror (rc));
	  return check_err (rc);
	}
      res = MU_TLS_CONFIG_OK;
    }

  if (conf->priorities)
    res = MU_TLS_CONFIG_OK;
  
  return res;

}