Skip to content

John McEleney / mailutils

Go to a project
Toggle navigation
Toggle navigation pinning
Commit 325c864e 325c864eb1b88ac73c39ca3681a02f5194021806 by Sergey Poznyakoff
Options

Fix TLS usage. 

Remove --tls option.  Make TLS stream open methods call mu_init_tls_libs.
It is now not necessary to call this function explicitly, unless the
application wishes to ensure TLS is initialized (e.g. pop3d or imap4d).

* include/mailutils/libargp.h (mu_tls_cmdline): Remove.
* libmu_argp/tls.c
* libmu_argp/Makefile.am (libmu_argp_a_SOURCES): Remove tls.c
* libmu_argp/cmdline.c (all_cmdline_capa): Remove tls.c
* libmu_auth/tls.c [WITH_TLS] (mu_tls_module_config): Enable by default.
(mu_check_tls_environment): Return 0 if TLS is disabled.
(mu_init_tls_libs): Always call gnutls_global_init, otherwise any call
to TLS library (especially, handshake) can produce a coredump.
* libmu_cfg/tls.c: Fix description string for tls.enable.
* mh/mh_init.c (mh_init): Remove call to mu_init_tls_libs, now unnecessary.
* python/libmu_py/registrar.c: Likewise.
* testsuite/smtpsend.c: Likewise.
1 parent 4fe85f71
Inline Side-by-side
Showing 10 changed files with 18 additions and 93 deletions
...@@ -56,7 +56,6 @@ extern struct mu_cmdline_capa mu_debug_cmdline; ...@@ -56,7 +56,6 @@ extern struct mu_cmdline_capa mu_debug_cmdline;
56 56
57 extern struct mu_cmdline_capa mu_pam_cmdline; 57 extern struct mu_cmdline_capa mu_pam_cmdline;
58 extern struct mu_cmdline_capa mu_gsasl_cmdline; 58 extern struct mu_cmdline_capa mu_gsasl_cmdline;
59 extern struct mu_cmdline_capa mu_tls_cmdline;
60 extern struct mu_cmdline_capa mu_radius_cmdline; 59 extern struct mu_cmdline_capa mu_radius_cmdline;
61 extern struct mu_cmdline_capa mu_sql_cmdline; 60 extern struct mu_cmdline_capa mu_sql_cmdline;
62 extern struct mu_cmdline_capa mu_virtdomain_cmdline; 61 extern struct mu_cmdline_capa mu_virtdomain_cmdline;
......
...@@ -30,6 +30,5 @@ libmu_argp_a_SOURCES =\ ...@@ -30,6 +30,5 @@ libmu_argp_a_SOURCES =\
30 common.c\ 30 common.c\
31 mu_argp.c\ 31 mu_argp.c\
32 muinit.c\ 32 muinit.c\
33 sieve.c\ 33 sieve.c
34 tls.c
35 34
......
...@@ -27,7 +27,6 @@ static struct mu_cmdline_capa *all_cmdline_capa[] = { ...@@ -27,7 +27,6 @@ static struct mu_cmdline_capa *all_cmdline_capa[] = {
27 &mu_logging_cmdline, 27 &mu_logging_cmdline,
28 &mu_mailer_cmdline, 28 &mu_mailer_cmdline,
29 &mu_debug_cmdline, 29 &mu_debug_cmdline,
30 &mu_tls_cmdline,
31 &mu_sieve_cmdline, 30 &mu_sieve_cmdline,
32 NULL 31 NULL
33 }; 32 };
......
1 /* GNU Mailutils -- a suite of utilities for electronic mail
2 Copyright (C) 2007, 2009, 2010, 2011 Free Software Foundation, Inc.
3
4 This library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 3 of the License, or (at your option) any later version.
8
9 This library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General
15 Public License along with this library. If not, see
16 <http://www.gnu.org/licenses/>. */
17
18 #ifdef HAVE_CONFIG_H
19 # include <config.h>
20 #endif
21
22 #include "cmdline.h"
23
24 enum {
25 OPT_TLS = 256,
26 };
27
28 static struct argp_option _tls_argp_options[] = {
29 {"tls", OPT_TLS, N_("BOOL"), OPTION_ARG_OPTIONAL,
30 N_("enable TLS support") },
31 {NULL, 0, NULL, 0, NULL, 0}
32 };
33
34 static error_t
35 _tls_argp_parser (int key, char *arg, struct argp_state *state)
36 {
37 static mu_list_t lst;
38
39 switch (key)
40 {
41 case OPT_TLS:
42 mu_argp_node_list_new (lst, "enable", arg ? arg : "yes");
43 break;
44
45 case ARGP_KEY_INIT:
46 mu_argp_node_list_init (&lst);
47 break;
48
49 case ARGP_KEY_FINI:
50 mu_argp_node_list_finish (lst, "tls", NULL);
51 break;
52
53 default:
54 return ARGP_ERR_UNKNOWN;
55 }
56 return 0;
57 }
58
59 static struct argp _tls_argp = {
60 _tls_argp_options,
61 _tls_argp_parser
62 };
63
64 static struct argp_child _tls_argp_child = {
65 &_tls_argp,
66 0,
67 NULL,
68 0
69 };
70
71 struct mu_cmdline_capa mu_tls_cmdline = {
72 "tls", &_tls_argp_child
73 };
74
...@@ -35,7 +35,13 @@ ...@@ -35,7 +35,13 @@
35 #include <mailutils/errno.h> 35 #include <mailutils/errno.h>
36 #include <mailutils/util.h> 36 #include <mailutils/util.h>
37 37
38 struct mu_tls_module_config mu_tls_module_config; 38 struct mu_tls_module_config mu_tls_module_config = {
39 #ifdef WITH_TLS
40 1 /* enable by default */
41 #else
42 0
43 #endif
44 };
39 45
40 int 46 int
41 mu_tls_module_init (enum mu_gocs_op op, void *data) 47 mu_tls_module_init (enum mu_gocs_op op, void *data)
...@@ -70,6 +76,8 @@ static gnutls_certificate_server_credentials x509_cred; ...@@ -70,6 +76,8 @@ static gnutls_certificate_server_credentials x509_cred;
70 int 76 int
71 mu_check_tls_environment (void) 77 mu_check_tls_environment (void)
72 { 78 {
79 if (!mu_tls_module_config.enable)
80 return 0;
73 if (mu_tls_module_config.ssl_cert && mu_tls_module_config.ssl_key) 81 if (mu_tls_module_config.ssl_cert && mu_tls_module_config.ssl_key)
74 { 82 {
75 int rc = mu_file_safety_check (mu_tls_module_config.ssl_cert, 83 int rc = mu_file_safety_check (mu_tls_module_config.ssl_cert,
...@@ -120,7 +128,7 @@ _mu_gtls_logger(int level, const char *text) ...@@ -120,7 +128,7 @@ _mu_gtls_logger(int level, const char *text)
120 int 128 int
121 mu_init_tls_libs (void) 129 mu_init_tls_libs (void)
122 { 130 {
123 if (mu_tls_module_config.enable && !mu_tls_enable) 131 if (!mu_tls_enable)
124 mu_tls_enable = !gnutls_global_init (); /* Returns 1 on success */ 132 mu_tls_enable = !gnutls_global_init (); /* Returns 1 on success */
125 #ifdef DEBUG_TLS 133 #ifdef DEBUG_TLS
126 gnutls_global_set_log_function (_mu_gtls_logger); 134 gnutls_global_set_log_function (_mu_gtls_logger);
...@@ -370,9 +378,13 @@ _tls_server_open (mu_stream_t stream) ...@@ -370,9 +378,13 @@ _tls_server_open (mu_stream_t stream)
370 int rc = 0; 378 int rc = 0;
371 mu_transport_t transport[2]; 379 mu_transport_t transport[2];
372 380
381 if (!mu_tls_module_config.enable)
382 return MU_ERR_FAILURE; /* FIXME: another error code */
373 if (!stream || sp->state != state_init) 383 if (!stream || sp->state != state_init)
374 return EINVAL; 384 return EINVAL;
375 385
386 mu_init_tls_libs ();
387
376 gnutls_certificate_allocate_credentials (&x509_cred); 388 gnutls_certificate_allocate_credentials (&x509_cred);
377 389
378 if (mu_tls_module_config.ssl_cafile) 390 if (mu_tls_module_config.ssl_cafile)
...@@ -473,6 +485,7 @@ _tls_client_open (mu_stream_t stream) ...@@ -473,6 +485,7 @@ _tls_client_open (mu_stream_t stream)
473 /* FALLTHROUGH */ 485 /* FALLTHROUGH */
474 486
475 case state_init: 487 case state_init:
488 mu_init_tls_libs ();
476 prepare_client_session (stream); 489 prepare_client_session (stream);
477 rc = gnutls_handshake (sp->session); 490 rc = gnutls_handshake (sp->session);
478 if (rc < 0) 491 if (rc < 0)
......
...@@ -77,7 +77,7 @@ cb_safety_checks (void *data, mu_config_value_t *arg) ...@@ -77,7 +77,7 @@ cb_safety_checks (void *data, mu_config_value_t *arg)
77 77
78 static struct mu_cfg_param mu_tls_param[] = { 78 static struct mu_cfg_param mu_tls_param[] = {
79 { "enable", mu_cfg_bool, &tls_settings.enable, 0, NULL, 79 { "enable", mu_cfg_bool, &tls_settings.enable, 0, NULL,
80 N_("Enable client TLS encryption.") }, 80 N_("Enable TLS encryption.") },
81 { "ssl-cert", mu_cfg_string, &tls_settings.ssl_cert, 0, NULL, 81 { "ssl-cert", mu_cfg_string, &tls_settings.ssl_cert, 0, NULL,
82 N_("Specify SSL certificate file."), 82 N_("Specify SSL certificate file."),
83 N_("file") }, 83 N_("file") },
......
...@@ -47,9 +47,6 @@ mh_init () ...@@ -47,9 +47,6 @@ mh_init ()
47 47
48 /* Register all mailbox and mailer formats */ 48 /* Register all mailbox and mailer formats */
49 mu_register_all_formats (); 49 mu_register_all_formats ();
50 #ifdef WITH_TLS
51 mu_init_tls_libs ();
52 #endif
53 50
54 /* Read user's profile */ 51 /* Read user's profile */
55 mh_read_profile (); 52 mh_read_profile ();
......
...@@ -677,7 +677,7 @@ mutool_pop (int argc, char **argv) ...@@ -677,7 +677,7 @@ mutool_pop (int argc, char **argv)
677 677
678 if (argp_parse (&pop_argp, argc, argv, ARGP_IN_ORDER, &index, NULL)) 678 if (argp_parse (&pop_argp, argc, argv, ARGP_IN_ORDER, &index, NULL))
679 return 1; 679 return 1;
680 680
681 argc -= index; 681 argc -= index;
682 argv += index; 682 argv += index;
683 683
......
...@@ -131,9 +131,4 @@ _mu_py_attach_registrar () ...@@ -131,9 +131,4 @@ _mu_py_attach_registrar ()
131 131
132 mu_registrar_record (MU_DEFAULT_RECORD); 132 mu_registrar_record (MU_DEFAULT_RECORD);
133 mu_registrar_set_default_record (MU_DEFAULT_RECORD); 133 mu_registrar_set_default_record (MU_DEFAULT_RECORD);
134
135 #ifdef WITH_TLS
136 mu_init_tls_libs ();
137 #endif /* WITH_TLS */
138
139 } 134 }
......
...@@ -103,9 +103,6 @@ main (int argc, char **argv) ...@@ -103,9 +103,6 @@ main (int argc, char **argv)
103 103
104 mu_set_program_name (argv[0]); 104 mu_set_program_name (argv[0]);
105 mu_stdstream_setup (MU_STDSTREAM_RESET_NONE); 105 mu_stdstream_setup (MU_STDSTREAM_RESET_NONE);
106 #ifdef WITH_TLS
107 mu_init_tls_libs ();
108 #endif
109 106
110 if (argc < 2) 107 if (argc < 2)
111 usage (); 108 usage ();
......