diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-07-11 11:14:16 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-07-11 11:14:16 +0300 |
commit | 6ff197ca52419567c123c4e9069e207ec55aadcb (patch) | |
tree | 762998a786886e85c743f96ea91e93555f337108 /libmu_auth | |
parent | 4d642922b63bdf1a312b5f76b1f827e794e23da6 (diff) | |
download | mailutils-6ff197ca52419567c123c4e9069e207ec55aadcb.tar.gz mailutils-6ff197ca52419567c123c4e9069e207ec55aadcb.tar.bz2 |
Log ciphersuite info after successful initiation of TLS connection
* include/mailutils/stream.h (MU_IOCTL_TLSSTREAM): New ioctl code.
(MU_IOCTL_TLS_GET_CIPHER_INFO): New ioctl opcode.
* libmailutils/property/assocprop.c (_assoc_prop_fill)
(_assoc_prop_save): allow for NULL stream pointer.
* libmu_auth/tls.c (_tls_io_ioctl,_tls_ioctl): Handle
MU_IOCTL_TLSSTREAM/MU_IOCTL_TLS_GET_CIPHER_INFO ioctl.
* imap4d/io.c (log_cipher): New function.
(io_setio, imap4d_init_tls_server): Call log_cipher after successfully
establishing the TLS connection.
* imap4d/starttls.c (tls_encryption_on): Remove diagnostic output.
* pop3d/extra.c (log_cipher): New function.
(pop3d_setio,pop3d_init_tls_server): Call log_cipher after successfully
establishing the TLS connection.
Diffstat (limited to 'libmu_auth')
-rw-r--r-- | libmu_auth/tls.c | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c index a50381433..a9bfb7abf 100644 --- a/libmu_auth/tls.c +++ b/libmu_auth/tls.c @@ -34,6 +34,7 @@ #include <mailutils/stream.h> #include <mailutils/errno.h> #include <mailutils/util.h> +#include <mailutils/property.h> struct mu_tls_module_config mu_tls_module_config = { #ifdef WITH_TLS @@ -295,6 +296,34 @@ _tls_wr_wait (struct _mu_stream *stream, int *pflags, struct timeval *tvp) } static int +get_cipher_info (gnutls_session_t session, mu_property_t *pprop) +{ + mu_property_t prop; + const char *s; + int rc; + + if (!pprop) + return EINVAL; + + rc = mu_property_create_init (&prop, mu_assoc_property_init, NULL); + if (rc) + return rc; + + s = gnutls_protocol_get_name (gnutls_protocol_get_version (session)); + mu_property_set_value (prop, "protocol", s, 1); + + s = gnutls_cipher_get_name (gnutls_cipher_get (session)); + mu_property_set_value (prop, "cipher", s, 1); + + s = gnutls_mac_get_name (gnutls_mac_get (session)); + mu_property_set_value (prop, "mac", s, 1); + + *pprop = prop; + + return 0; +} + +static int _tls_io_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg) { struct _mu_tls_io_stream *sp = (struct _mu_tls_io_stream *) stream; @@ -323,6 +352,17 @@ _tls_io_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg) } break; + case MU_IOCTL_TLSSTREAM: + switch (opcode) + { + case MU_IOCTL_TLS_GET_CIPHER_INFO: + return get_cipher_info (sp->up->session, arg); + + default: + return EINVAL; + } + break; + default: return ENOSYS; } @@ -586,6 +626,17 @@ _tls_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg) } break; + case MU_IOCTL_TLSSTREAM: + switch (opcode) + { + case MU_IOCTL_TLS_GET_CIPHER_INFO: + return get_cipher_info (sp->session, arg); + + default: + return EINVAL; + } + break; + default: return ENOSYS; } |