summaryrefslogtreecommitdiff
path: root/libmu_auth
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2011-11-04 11:40:20 +0200
committerSergey Poznyakoff <gray@gnu.org.ua>2011-11-04 11:40:20 +0200
commit325c864eb1b88ac73c39ca3681a02f5194021806 (patch)
tree1d8f93978cf405b5f808c6cb4d70879218a94b2d /libmu_auth
parent4fe85f71cba8d7063f30a4b45fc0cc2f557f8681 (diff)
downloadmailutils-325c864eb1b88ac73c39ca3681a02f5194021806.tar.gz
mailutils-325c864eb1b88ac73c39ca3681a02f5194021806.tar.bz2
Fix TLS usage.
Remove --tls option. Make TLS stream open methods call mu_init_tls_libs. It is now not necessary to call this function explicitly, unless the application wishes to ensure TLS is initialized (e.g. pop3d or imap4d). * include/mailutils/libargp.h (mu_tls_cmdline): Remove. * libmu_argp/tls.c * libmu_argp/Makefile.am (libmu_argp_a_SOURCES): Remove tls.c * libmu_argp/cmdline.c (all_cmdline_capa): Remove tls.c * libmu_auth/tls.c [WITH_TLS] (mu_tls_module_config): Enable by default. (mu_check_tls_environment): Return 0 if TLS is disabled. (mu_init_tls_libs): Always call gnutls_global_init, otherwise any call to TLS library (especially, handshake) can produce a coredump. * libmu_cfg/tls.c: Fix description string for tls.enable. * mh/mh_init.c (mh_init): Remove call to mu_init_tls_libs, now unnecessary. * python/libmu_py/registrar.c: Likewise. * testsuite/smtpsend.c: Likewise.
Diffstat (limited to 'libmu_auth')
-rw-r--r--libmu_auth/tls.c17
1 files changed, 15 insertions, 2 deletions
diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c
index b225921b8..e944e16f8 100644
--- a/libmu_auth/tls.c
+++ b/libmu_auth/tls.c
@@ -35,7 +35,13 @@
#include <mailutils/errno.h>
#include <mailutils/util.h>
-struct mu_tls_module_config mu_tls_module_config;
+struct mu_tls_module_config mu_tls_module_config = {
+#ifdef WITH_TLS
+ 1 /* enable by default */
+#else
+ 0
+#endif
+};
int
mu_tls_module_init (enum mu_gocs_op op, void *data)
@@ -70,6 +76,8 @@ static gnutls_certificate_server_credentials x509_cred;
int
mu_check_tls_environment (void)
{
+ if (!mu_tls_module_config.enable)
+ return 0;
if (mu_tls_module_config.ssl_cert && mu_tls_module_config.ssl_key)
{
int rc = mu_file_safety_check (mu_tls_module_config.ssl_cert,
@@ -120,7 +128,7 @@ _mu_gtls_logger(int level, const char *text)
int
mu_init_tls_libs (void)
{
- if (mu_tls_module_config.enable && !mu_tls_enable)
+ if (!mu_tls_enable)
mu_tls_enable = !gnutls_global_init (); /* Returns 1 on success */
#ifdef DEBUG_TLS
gnutls_global_set_log_function (_mu_gtls_logger);
@@ -370,9 +378,13 @@ _tls_server_open (mu_stream_t stream)
int rc = 0;
mu_transport_t transport[2];
+ if (!mu_tls_module_config.enable)
+ return MU_ERR_FAILURE; /* FIXME: another error code */
if (!stream || sp->state != state_init)
return EINVAL;
+ mu_init_tls_libs ();
+
gnutls_certificate_allocate_credentials (&x509_cred);
if (mu_tls_module_config.ssl_cafile)
@@ -473,6 +485,7 @@ _tls_client_open (mu_stream_t stream)
/* FALLTHROUGH */
case state_init:
+ mu_init_tls_libs ();
prepare_client_session (stream);
rc = gnutls_handshake (sp->session);
if (rc < 0)

Return to:

Send suggestions and report system problems to the System administrator.