Skip to content

John McEleney / mailutils

Go to a project
Toggle navigation
Toggle navigation pinning
Commit 325c864e 325c864eb1b88ac73c39ca3681a02f5194021806 by Sergey Poznyakoff
Options

Fix TLS usage. 

Remove --tls option.  Make TLS stream open methods call mu_init_tls_libs.
It is now not necessary to call this function explicitly, unless the
application wishes to ensure TLS is initialized (e.g. pop3d or imap4d).

* include/mailutils/libargp.h (mu_tls_cmdline): Remove.
* libmu_argp/tls.c
* libmu_argp/Makefile.am (libmu_argp_a_SOURCES): Remove tls.c
* libmu_argp/cmdline.c (all_cmdline_capa): Remove tls.c
* libmu_auth/tls.c [WITH_TLS] (mu_tls_module_config): Enable by default.
(mu_check_tls_environment): Return 0 if TLS is disabled.
(mu_init_tls_libs): Always call gnutls_global_init, otherwise any call
to TLS library (especially, handshake) can produce a coredump.
* libmu_cfg/tls.c: Fix description string for tls.enable.
* mh/mh_init.c (mh_init): Remove call to mu_init_tls_libs, now unnecessary.
* python/libmu_py/registrar.c: Likewise.
* testsuite/smtpsend.c: Likewise.
1 parent 4fe85f71
Inline Side-by-side
Showing 10 changed files with 18 additions and 93 deletions
......@@ -56,7 +56,6 @@ extern struct mu_cmdline_capa mu_debug_cmdline;
extern struct mu_cmdline_capa mu_pam_cmdline;
extern struct mu_cmdline_capa mu_gsasl_cmdline;
extern struct mu_cmdline_capa mu_tls_cmdline;
extern struct mu_cmdline_capa mu_radius_cmdline;
extern struct mu_cmdline_capa mu_sql_cmdline;
extern struct mu_cmdline_capa mu_virtdomain_cmdline;
......
......@@ -30,6 +30,5 @@ libmu_argp_a_SOURCES =\
common.c\
mu_argp.c\
muinit.c\
sieve.c\
tls.c
sieve.c
......
......@@ -27,7 +27,6 @@ static struct mu_cmdline_capa *all_cmdline_capa[] = {
&mu_logging_cmdline,
&mu_mailer_cmdline,
&mu_debug_cmdline,
&mu_tls_cmdline,
&mu_sieve_cmdline,
NULL
};
......
/* GNU Mailutils -- a suite of utilities for electronic mail
Copyright (C) 2007, 2009, 2010, 2011 Free Software Foundation, Inc.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General
Public License along with this library. If not, see
<http://www.gnu.org/licenses/>. */
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include "cmdline.h"
enum {
OPT_TLS = 256,
};
static struct argp_option _tls_argp_options[] = {
{"tls", OPT_TLS, N_("BOOL"), OPTION_ARG_OPTIONAL,
N_("enable TLS support") },
{NULL, 0, NULL, 0, NULL, 0}
};
static error_t
_tls_argp_parser (int key, char *arg, struct argp_state *state)
{
static mu_list_t lst;
switch (key)
{
case OPT_TLS:
mu_argp_node_list_new (lst, "enable", arg ? arg : "yes");
break;
case ARGP_KEY_INIT:
mu_argp_node_list_init (&lst);
break;
case ARGP_KEY_FINI:
mu_argp_node_list_finish (lst, "tls", NULL);
break;
default:
return ARGP_ERR_UNKNOWN;
}
return 0;
}
static struct argp _tls_argp = {
_tls_argp_options,
_tls_argp_parser
};
static struct argp_child _tls_argp_child = {
&_tls_argp,
0,
NULL,
0
};
struct mu_cmdline_capa mu_tls_cmdline = {
"tls", &_tls_argp_child
};
......@@ -35,7 +35,13 @@
#include <mailutils/errno.h>
#include <mailutils/util.h>
struct mu_tls_module_config mu_tls_module_config;
struct mu_tls_module_config mu_tls_module_config = {
#ifdef WITH_TLS
1 /* enable by default */
#else
0
#endif
};
int
mu_tls_module_init (enum mu_gocs_op op, void *data)
......@@ -70,6 +76,8 @@ static gnutls_certificate_server_credentials x509_cred;
int
mu_check_tls_environment (void)
{
if (!mu_tls_module_config.enable)
return 0;
if (mu_tls_module_config.ssl_cert && mu_tls_module_config.ssl_key)
{
int rc = mu_file_safety_check (mu_tls_module_config.ssl_cert,
......@@ -120,7 +128,7 @@ _mu_gtls_logger(int level, const char *text)
int
mu_init_tls_libs (void)
{
if (mu_tls_module_config.enable && !mu_tls_enable)
if (!mu_tls_enable)
mu_tls_enable = !gnutls_global_init (); /* Returns 1 on success */
#ifdef DEBUG_TLS
gnutls_global_set_log_function (_mu_gtls_logger);
......@@ -370,9 +378,13 @@ _tls_server_open (mu_stream_t stream)
int rc = 0;
mu_transport_t transport[2];
if (!mu_tls_module_config.enable)
return MU_ERR_FAILURE; /* FIXME: another error code */
if (!stream || sp->state != state_init)
return EINVAL;
mu_init_tls_libs ();
gnutls_certificate_allocate_credentials (&x509_cred);
if (mu_tls_module_config.ssl_cafile)
......@@ -473,6 +485,7 @@ _tls_client_open (mu_stream_t stream)
/* FALLTHROUGH */
case state_init:
mu_init_tls_libs ();
prepare_client_session (stream);
rc = gnutls_handshake (sp->session);
if (rc < 0)
......
......@@ -77,7 +77,7 @@ cb_safety_checks (void *data, mu_config_value_t *arg)
static struct mu_cfg_param mu_tls_param[] = {
{ "enable", mu_cfg_bool, &tls_settings.enable, 0, NULL,
N_("Enable client TLS encryption.") },
N_("Enable TLS encryption.") },
{ "ssl-cert", mu_cfg_string, &tls_settings.ssl_cert, 0, NULL,
N_("Specify SSL certificate file."),
N_("file") },
......
......@@ -47,9 +47,6 @@ mh_init ()
/* Register all mailbox and mailer formats */
mu_register_all_formats ();
#ifdef WITH_TLS
mu_init_tls_libs ();
#endif
/* Read user's profile */
mh_read_profile ();
......
......@@ -677,7 +677,7 @@ mutool_pop (int argc, char **argv)
if (argp_parse (&pop_argp, argc, argv, ARGP_IN_ORDER, &index, NULL))
return 1;
argc -= index;
argv += index;
......
......@@ -131,9 +131,4 @@ _mu_py_attach_registrar ()
mu_registrar_record (MU_DEFAULT_RECORD);
mu_registrar_set_default_record (MU_DEFAULT_RECORD);
#ifdef WITH_TLS
mu_init_tls_libs ();
#endif /* WITH_TLS */
}
......
......@@ -103,9 +103,6 @@ main (int argc, char **argv)
mu_set_program_name (argv[0]);
mu_stdstream_setup (MU_STDSTREAM_RESET_NONE);
#ifdef WITH_TLS
mu_init_tls_libs ();
#endif
if (argc < 2)
usage ();
......