Fix TLS usage.

Remove --tls option.  Make TLS stream open methods call mu_init_tls_libs.
It is now not necessary to call this function explicitly, unless the
application wishes to ensure TLS is initialized (e.g. pop3d or imap4d).

* include/mailutils/libargp.h (mu_tls_cmdline): Remove.
* libmu_argp/tls.c
* libmu_argp/Makefile.am (libmu_argp_a_SOURCES): Remove tls.c
* libmu_argp/cmdline.c (all_cmdline_capa): Remove tls.c
* libmu_auth/tls.c [WITH_TLS] (mu_tls_module_config): Enable by default.
(mu_check_tls_environment): Return 0 if TLS is disabled.
(mu_init_tls_libs): Always call gnutls_global_init, otherwise any call
to TLS library (especially, handshake) can produce a coredump.
* libmu_cfg/tls.c: Fix description string for tls.enable.
* mh/mh_init.c (mh_init): Remove call to mu_init_tls_libs, now unnecessary.
* python/libmu_py/registrar.c: Likewise.
* testsuite/smtpsend.c: Likewise.

@@ -56,7 +56,6 @@ extern struct mu_cmdline_capa mu_debug_cmdline;
   
   
 extern struct mu_cmdline_capa mu_pam_cmdline;
 extern struct mu_cmdline_capa mu_pam_cmdline;
 extern struct mu_cmdline_capa mu_gsasl_cmdline;
 extern struct mu_cmdline_capa mu_gsasl_cmdline;
-extern struct mu_cmdline_capa mu_tls_cmdline;
 extern struct mu_cmdline_capa mu_radius_cmdline;
 extern struct mu_cmdline_capa mu_radius_cmdline;
 extern struct mu_cmdline_capa mu_sql_cmdline;
 extern struct mu_cmdline_capa mu_sql_cmdline;
 extern struct mu_cmdline_capa mu_virtdomain_cmdline;
 extern struct mu_cmdline_capa mu_virtdomain_cmdline;

@@ -30,6 +30,5 @@ libmu_argp_a_SOURCES =\
  common.c\
  common.c\
  mu_argp.c\
  mu_argp.c\
  muinit.c\
  muinit.c\
- sieve.c\
- tls.c
+ sieve.c
 
 

@@ -27,7 +27,6 @@ static struct mu_cmdline_capa *all_cmdline_capa[] = {
   &mu_logging_cmdline,
   &mu_logging_cmdline,
   &mu_mailer_cmdline,
   &mu_mailer_cmdline,
   &mu_debug_cmdline,
   &mu_debug_cmdline,
-  &mu_tls_cmdline,
   &mu_sieve_cmdline,
   &mu_sieve_cmdline,
   NULL
   NULL
 };
 };

-/* GNU Mailutils -- a suite of utilities for electronic mail
-   Copyright (C) 2007, 2009, 2010, 2011 Free Software Foundation, Inc.
-
-   This library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 3 of the License, or (at your option) any later version.
-
-   This library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General
-   Public License along with this library.  If not, see 
-   <http://www.gnu.org/licenses/>. */
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include "cmdline.h"
-
-enum {
-  OPT_TLS = 256,         
-};
-  
-static struct argp_option _tls_argp_options[] = {
-  {"tls", OPT_TLS, N_("BOOL"), OPTION_ARG_OPTIONAL,
-   N_("enable TLS support") },
-  {NULL, 0, NULL, 0, NULL, 0}
-};
-
-static error_t
-_tls_argp_parser (int key, char *arg, struct argp_state *state)
-{
-  static mu_list_t lst;
-  
-  switch (key)
-    {
-    case OPT_TLS:
-      mu_argp_node_list_new (lst, "enable", arg ? arg : "yes");
-      break;
-      
-    case ARGP_KEY_INIT:
-      mu_argp_node_list_init (&lst);
-      break;
-
-    case ARGP_KEY_FINI:
-      mu_argp_node_list_finish (lst, "tls", NULL);
-      break;
-      
-    default:
-      return ARGP_ERR_UNKNOWN;
-    }
-  return 0;
-}
-
-static struct argp _tls_argp = {
-  _tls_argp_options,
-  _tls_argp_parser
-};
-
-static struct argp_child _tls_argp_child = {
-  &_tls_argp,
-  0,
-  NULL,
-  0
-};
-
-struct mu_cmdline_capa mu_tls_cmdline = {
-  "tls", &_tls_argp_child
-};
-

@@ -35,7 +35,13 @@
 #include <mailutils/errno.h>
 #include <mailutils/errno.h>
 #include <mailutils/util.h>
 #include <mailutils/util.h>
 
 
-struct mu_tls_module_config mu_tls_module_config;
+struct mu_tls_module_config mu_tls_module_config = {
+#ifdef WITH_TLS
+  1 /* enable by default */
+#else
+  0
+#endif
+};
   
   
 int
 int
 mu_tls_module_init (enum mu_gocs_op op, void *data)
 mu_tls_module_init (enum mu_gocs_op op, void *data)
@@ -70,6 +76,8 @@ static gnutls_certificate_server_credentials x509_cred;
 int
 int
 mu_check_tls_environment (void)
 mu_check_tls_environment (void)
 {
 {
+  if (!mu_tls_module_config.enable)
+    return 0;
   if (mu_tls_module_config.ssl_cert && mu_tls_module_config.ssl_key)
   if (mu_tls_module_config.ssl_cert && mu_tls_module_config.ssl_key)
     {
     {
       int rc = mu_file_safety_check (mu_tls_module_config.ssl_cert,
       int rc = mu_file_safety_check (mu_tls_module_config.ssl_cert,
@@ -120,7 +128,7 @@ _mu_gtls_logger(int level, const char *text)
 int
 int
 mu_init_tls_libs (void)
 mu_init_tls_libs (void)
 {
 {
-  if (mu_tls_module_config.enable && !mu_tls_enable)
+  if (!mu_tls_enable)
     mu_tls_enable = !gnutls_global_init (); /* Returns 1 on success */
     mu_tls_enable = !gnutls_global_init (); /* Returns 1 on success */
 #ifdef DEBUG_TLS
 #ifdef DEBUG_TLS
   gnutls_global_set_log_function (_mu_gtls_logger);
   gnutls_global_set_log_function (_mu_gtls_logger);
@@ -370,9 +378,13 @@ _tls_server_open (mu_stream_t stream)
   int rc = 0;
   int rc = 0;
   mu_transport_t transport[2];
   mu_transport_t transport[2];
   
   
+  if (!mu_tls_module_config.enable)
+    return MU_ERR_FAILURE; /* FIXME: another error code */
   if (!stream || sp->state != state_init)
   if (!stream || sp->state != state_init)
     return EINVAL;
     return EINVAL;
 
 
+  mu_init_tls_libs ();
+  
   gnutls_certificate_allocate_credentials (&x509_cred);
   gnutls_certificate_allocate_credentials (&x509_cred);
 
 
   if (mu_tls_module_config.ssl_cafile)
   if (mu_tls_module_config.ssl_cafile)
@@ -473,6 +485,7 @@ _tls_client_open (mu_stream_t stream)
       /* FALLTHROUGH */
       /* FALLTHROUGH */
       
       
     case state_init:
     case state_init:
+      mu_init_tls_libs ();
       prepare_client_session (stream);
       prepare_client_session (stream);
       rc = gnutls_handshake (sp->session);
       rc = gnutls_handshake (sp->session);
       if (rc < 0)
       if (rc < 0)

@@ -77,7 +77,7 @@ cb_safety_checks (void *data, mu_config_value_t *arg)
 
 
 static struct mu_cfg_param mu_tls_param[] = {
 static struct mu_cfg_param mu_tls_param[] = {
   { "enable", mu_cfg_bool, &tls_settings.enable, 0, NULL,
   { "enable", mu_cfg_bool, &tls_settings.enable, 0, NULL,
-    N_("Enable client TLS encryption.") },
+    N_("Enable TLS encryption.") },
   { "ssl-cert", mu_cfg_string, &tls_settings.ssl_cert, 0, NULL,
   { "ssl-cert", mu_cfg_string, &tls_settings.ssl_cert, 0, NULL,
     N_("Specify SSL certificate file."),
     N_("Specify SSL certificate file."),
     N_("file") },
     N_("file") },

@@ -47,9 +47,6 @@ mh_init ()
   
   
   /* Register all mailbox and mailer formats */
   /* Register all mailbox and mailer formats */
   mu_register_all_formats ();
   mu_register_all_formats ();
-#ifdef WITH_TLS
-  mu_init_tls_libs ();
-#endif
 
 
   /* Read user's profile */
   /* Read user's profile */
   mh_read_profile ();
   mh_read_profile ();

@@ -131,9 +131,4 @@ _mu_py_attach_registrar ()
 
 
   mu_registrar_record (MU_DEFAULT_RECORD);
   mu_registrar_record (MU_DEFAULT_RECORD);
   mu_registrar_set_default_record (MU_DEFAULT_RECORD);
   mu_registrar_set_default_record (MU_DEFAULT_RECORD);
-
-#ifdef WITH_TLS
-  mu_init_tls_libs ();
-#endif /* WITH_TLS */
-
 }
 }

@@ -103,9 +103,6 @@ main (int argc, char **argv)
   
   
   mu_set_program_name (argv[0]);
   mu_set_program_name (argv[0]);
   mu_stdstream_setup (MU_STDSTREAM_RESET_NONE);
   mu_stdstream_setup (MU_STDSTREAM_RESET_NONE);
-#ifdef WITH_TLS
-  mu_init_tls_libs ();
-#endif  
   
   
   if (argc < 2)
   if (argc < 2)
     usage ();
     usage ();