summaryrefslogtreecommitdiff
path: root/libmu_auth
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2015-07-11 11:14:16 +0300
committerSergey Poznyakoff <gray@gnu.org.ua>2015-07-11 11:14:16 +0300
commit6ff197ca52419567c123c4e9069e207ec55aadcb (patch)
tree762998a786886e85c743f96ea91e93555f337108 /libmu_auth
parent4d642922b63bdf1a312b5f76b1f827e794e23da6 (diff)
downloadmailutils-6ff197ca52419567c123c4e9069e207ec55aadcb.tar.gz
mailutils-6ff197ca52419567c123c4e9069e207ec55aadcb.tar.bz2
Log ciphersuite info after successful initiation of TLS connection
* include/mailutils/stream.h (MU_IOCTL_TLSSTREAM): New ioctl code. (MU_IOCTL_TLS_GET_CIPHER_INFO): New ioctl opcode. * libmailutils/property/assocprop.c (_assoc_prop_fill) (_assoc_prop_save): allow for NULL stream pointer. * libmu_auth/tls.c (_tls_io_ioctl,_tls_ioctl): Handle MU_IOCTL_TLSSTREAM/MU_IOCTL_TLS_GET_CIPHER_INFO ioctl. * imap4d/io.c (log_cipher): New function. (io_setio, imap4d_init_tls_server): Call log_cipher after successfully establishing the TLS connection. * imap4d/starttls.c (tls_encryption_on): Remove diagnostic output. * pop3d/extra.c (log_cipher): New function. (pop3d_setio,pop3d_init_tls_server): Call log_cipher after successfully establishing the TLS connection.
Diffstat (limited to 'libmu_auth')
-rw-r--r--libmu_auth/tls.c51
1 files changed, 51 insertions, 0 deletions
diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c
index a50381433..a9bfb7abf 100644
--- a/libmu_auth/tls.c
+++ b/libmu_auth/tls.c
@@ -34,6 +34,7 @@
#include <mailutils/stream.h>
#include <mailutils/errno.h>
#include <mailutils/util.h>
+#include <mailutils/property.h>
struct mu_tls_module_config mu_tls_module_config = {
#ifdef WITH_TLS
@@ -295,6 +296,34 @@ _tls_wr_wait (struct _mu_stream *stream, int *pflags, struct timeval *tvp)
}
static int
+get_cipher_info (gnutls_session_t session, mu_property_t *pprop)
+{
+ mu_property_t prop;
+ const char *s;
+ int rc;
+
+ if (!pprop)
+ return EINVAL;
+
+ rc = mu_property_create_init (&prop, mu_assoc_property_init, NULL);
+ if (rc)
+ return rc;
+
+ s = gnutls_protocol_get_name (gnutls_protocol_get_version (session));
+ mu_property_set_value (prop, "protocol", s, 1);
+
+ s = gnutls_cipher_get_name (gnutls_cipher_get (session));
+ mu_property_set_value (prop, "cipher", s, 1);
+
+ s = gnutls_mac_get_name (gnutls_mac_get (session));
+ mu_property_set_value (prop, "mac", s, 1);
+
+ *pprop = prop;
+
+ return 0;
+}
+
+static int
_tls_io_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg)
{
struct _mu_tls_io_stream *sp = (struct _mu_tls_io_stream *) stream;
@@ -323,6 +352,17 @@ _tls_io_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg)
}
break;
+ case MU_IOCTL_TLSSTREAM:
+ switch (opcode)
+ {
+ case MU_IOCTL_TLS_GET_CIPHER_INFO:
+ return get_cipher_info (sp->up->session, arg);
+
+ default:
+ return EINVAL;
+ }
+ break;
+
default:
return ENOSYS;
}
@@ -586,6 +626,17 @@ _tls_ioctl (struct _mu_stream *stream, int code, int opcode, void *arg)
}
break;
+ case MU_IOCTL_TLSSTREAM:
+ switch (opcode)
+ {
+ case MU_IOCTL_TLS_GET_CIPHER_INFO:
+ return get_cipher_info (sp->session, arg);
+
+ default:
+ return EINVAL;
+ }
+ break;
+
default:
return ENOSYS;
}

Return to:

Send suggestions and report system problems to the System administrator.