Rewrite TLS support
The new implementation allows for per-server certificates. * libmu_auth/Makefile.am: Build tls support depending on the value of MU_COND_GNUTLS. * libmu_auth/notls.c: New file. * libmu_auth/tls.c: Rewrite. * libmu_auth/tlsiostr.c: New file. * libmu_auth/tlsvar.c: New file. * libmu_auth/tlsconf.c: New file. * include/mailutils/sys/tls-stream.h (_mu_tls_stream): New members: session_type, conf, cred. (mu_tls_io_stream_create): New proto. * include/mailutils/tls.h (mu_tls_module_config): Remove definition. (mu_tls_config): New structure. (mu_tls_server_stream_create): Remove proto. (mu_tls_cert_file_checks) (mu_tls_key_file_checksr) (mu_tls_ca_file_checks): New globals (MU_TLS_CERT_FILE_CHECKS) (MU_TLS_KEY_FILE_CHECKS) (MU_TLS_CA_FILE_CHECKS): New defines. (mu_tls_stream_create): New proto. (mu_tls_config_status): New constants. (mu_tls_check_config): Remove. (mu_tls_config_check): New function. * include/mailutils/server.h (mu_m_server_preflight_fp): New typedef. (mu_m_server_set_preflight): New proto. * libmailutils/diag/debcat (tls): New category. * libmailutils/server/ipsrv.c (mu_ip_server_get_data): New function. * libmailutils/server/msrv.c (_mu_m_server) <preflight>: New method. (mu_m_server_set_preflight): New function. (mu_m_server_destroy): Destroy the srvlist. (open_connection): New function. (mu_m_server_run): Remove from srvlist only those servers that failed to open. Run preflight check, if registered. * include/mailutils/cfg.h (mu_cfg_section): New member: data. * libmailutils/cfg/driver.c (dup_container): Copy the "data" pointer. (mu_cfg_section_add_params): Preserve original pointer and offset when necessary. * libmailutils/cfg/parser.y (_scan_tree_helper): Use the section data pointer (if set) as data target. * configure.ac (MU_COND_GNUTLS): New conditional. * imap4d/commands.c: Remove #ifdef WITH_TLS preprocessor conditional. * imap4d/imap4d.c (tls_mode): Remove variable. (imap4d_srv_config): Move definition to the header file. Remove #ifdef WITH_TLS preprocessor conditionals. Rename the tls configuration statement to tls-mode. Add new subsection .server.tls; Remove the legacy tls-required configuration statement. (imap4d_mainloop): Change signature: take a pointer to the struct imap4d_srv_config as the 3rd argument, Use the cfg->tls_mode member to decide on TLS state. (main): Call mu_tls_cfg_init. Install server preflight checker. * imap4d/imap4d.h: Remove #ifdef WITH_TLS preprocessor conditionals. (imap4d_srv_config): Moved from imap4d.c New member: tls_conf (imap4d_session): New member: tls_conf (global_tls_conf): New global. (io_setio, imap4d_init_tls_server): Change prototypes. * imap4d/io.c (io_setio): Change signature: take a pointer to the struct mu_tls_config as the 3rd argument. Rewrite TLS support. (imap4d_init_tls_server): Take a pointer to the struct mu_tls_config. * imap4d/starttls.c (tls_available, tls_done): Remove globals. (global_tls_conf): New global. (imap4d_starttls): Keep TLS state in the session. (tls_encryption_on): Likewise. (starttls_init): Rewrite as a mserver preflight check function. * pop3d/capa.c: Remove #ifdef WITH_TLS preprocessor conditional. (capa_stls): Rewrite. * pop3d/cmd.c (global_tls_conf): New global. (stls_preflight): New function. (pop3d_error_string): Rewrite using char ** array. * pop3d/extra.c (pop3d_setio): Take a pointer to struct mu_tls_config as the 3rd argument. Decide on TLS using it. (pop3d_init_tls_server): Take a pointer to struct mu_tls_config. * pop3d/pop3d.c: Rename the tls configuration statement to tls-mode. Add new subsection .server.tls; Remove the legacy tls-required configuration statement. (pop3d_mainloop) Take a pointer to struct mu_tls_config as the 3rd argument. Decide on TLS using it. (main): Call mu_tls_cfg_init. Install server preflight check. * pop3d/pop3d.h (pop3d_session): New member tls_conf. (pop3d_srv_config): New definition. (global_tls_conf): New extern. * pop3d/stls.c: Rewrite TLS support. * NEWS: Document new features. * configure.ac: Version 3.2.90. * doc/texinfo/programs.texi: Update.
Showing
29 changed files
with
1426 additions
and
930 deletions
libmu_auth/notls.c
0 → 100644
libmu_auth/tlsconf.c
0 → 100644
libmu_auth/tlsiostr.c
0 → 100644
libmu_auth/tlsvar.c
0 → 100644
-
Please register or sign in to post a comment