diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2011-11-04 11:40:20 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2011-11-04 11:40:20 +0200 |
commit | 325c864eb1b88ac73c39ca3681a02f5194021806 (patch) | |
tree | 1d8f93978cf405b5f808c6cb4d70879218a94b2d /libmu_auth | |
parent | 4fe85f71cba8d7063f30a4b45fc0cc2f557f8681 (diff) | |
download | mailutils-325c864eb1b88ac73c39ca3681a02f5194021806.tar.gz mailutils-325c864eb1b88ac73c39ca3681a02f5194021806.tar.bz2 |
Fix TLS usage.
Remove --tls option. Make TLS stream open methods call mu_init_tls_libs.
It is now not necessary to call this function explicitly, unless the
application wishes to ensure TLS is initialized (e.g. pop3d or imap4d).
* include/mailutils/libargp.h (mu_tls_cmdline): Remove.
* libmu_argp/tls.c
* libmu_argp/Makefile.am (libmu_argp_a_SOURCES): Remove tls.c
* libmu_argp/cmdline.c (all_cmdline_capa): Remove tls.c
* libmu_auth/tls.c [WITH_TLS] (mu_tls_module_config): Enable by default.
(mu_check_tls_environment): Return 0 if TLS is disabled.
(mu_init_tls_libs): Always call gnutls_global_init, otherwise any call
to TLS library (especially, handshake) can produce a coredump.
* libmu_cfg/tls.c: Fix description string for tls.enable.
* mh/mh_init.c (mh_init): Remove call to mu_init_tls_libs, now unnecessary.
* python/libmu_py/registrar.c: Likewise.
* testsuite/smtpsend.c: Likewise.
Diffstat (limited to 'libmu_auth')
-rw-r--r-- | libmu_auth/tls.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c index b225921b8..e944e16f8 100644 --- a/libmu_auth/tls.c +++ b/libmu_auth/tls.c @@ -35,7 +35,13 @@ #include <mailutils/errno.h> #include <mailutils/util.h> -struct mu_tls_module_config mu_tls_module_config; +struct mu_tls_module_config mu_tls_module_config = { +#ifdef WITH_TLS + 1 /* enable by default */ +#else + 0 +#endif +}; int mu_tls_module_init (enum mu_gocs_op op, void *data) @@ -70,6 +76,8 @@ static gnutls_certificate_server_credentials x509_cred; int mu_check_tls_environment (void) { + if (!mu_tls_module_config.enable) + return 0; if (mu_tls_module_config.ssl_cert && mu_tls_module_config.ssl_key) { int rc = mu_file_safety_check (mu_tls_module_config.ssl_cert, @@ -120,7 +128,7 @@ _mu_gtls_logger(int level, const char *text) int mu_init_tls_libs (void) { - if (mu_tls_module_config.enable && !mu_tls_enable) + if (!mu_tls_enable) mu_tls_enable = !gnutls_global_init (); /* Returns 1 on success */ #ifdef DEBUG_TLS gnutls_global_set_log_function (_mu_gtls_logger); @@ -370,9 +378,13 @@ _tls_server_open (mu_stream_t stream) int rc = 0; mu_transport_t transport[2]; + if (!mu_tls_module_config.enable) + return MU_ERR_FAILURE; /* FIXME: another error code */ if (!stream || sp->state != state_init) return EINVAL; + mu_init_tls_libs (); + gnutls_certificate_allocate_credentials (&x509_cred); if (mu_tls_module_config.ssl_cafile) @@ -473,6 +485,7 @@ _tls_client_open (mu_stream_t stream) /* FALLTHROUGH */ case state_init: + mu_init_tls_libs (); prepare_client_session (stream); rc = gnutls_handshake (sp->session); if (rc < 0) |