pop3d: make tls more configurable
The "tls" statement can be used both within a server declaration and in the global scope, the former overriding the latter. Its argument can be one of the following: no TLS is not used. The STLS command won't be available even if the tls configuration is otherwise complete. ondemand TLS is initiated when the user issues the STLS command. This is the default when TLS is configured. required Same as above, but the use of STLS is mandatory. The authentication state is entered only after TLS negotiation has succeeded. connection TLS is always forced when the connection is established (pops). For compatibility with prior versions the tls-required statement is retained, but is considered deprecated. It is synonymous with "tls required". The "tls" statement allows for the following alias values: false, off, 0 same as no stls same as ondemand yes, true, on, 1 same as connection Internally, all handler functions receive a pointer to the POP session structure, which configures the current session. In particular, it contains the TLS mode and capability list. * pop3d/capa.c (pop3d_capa): Traverse the capability list, outputting each of its elements. (pop3d_session_init) (pop3d_session_free): New functions. * pop3d/logindelay.c (login_delay_capa): Change signature. * pop3d/pop3d.c (tls_required): Remove. (tls_mode): New variable. (pop3d_srv_config) <tls>: Remove. (pop3d_srv_config) <tls_mode>: New member. (pop3d_srv_param): Change definition of the "tls" statement. (pop3d_cfg_param): New statement "tls". Mark "tls-required" as deprecated. (pop3d_mainloop): Change type of the tls argument. Initialize session and pass it to each handler. (pop3d_connection): Decide whether and how to use TLS using global and per-session settings, the latter overriding the former. * pop3d/pop3d.h (login_delay_capa): Change signature. (tls_mode): New enum. (pop3d_capa_type): New enum. (pop3d_capa, pop3d_session): New structs. (pop3d_session_init) (pop3d_session_free): New protos. (pop3d_command_handler_t): Change signature. All handlers and their uses are changed accordingly. * pop3d/stls.c (pop3d_stls): Return error if session does not allow tls.
Showing
17 changed files
with
289 additions
and
76 deletions
-
Please register or sign in to post a comment