summaryrefslogtreecommitdiff
path: root/libmu_auth
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2014-02-26 19:55:57 +0200
committerSergey Poznyakoff <gray@gnu.org.ua>2014-02-26 20:17:59 +0200
commitf9c205de215c6a94d38f40f718f6787416fc4e01 (patch)
treeab9437bb0396f24c0e2dcafb134d4c45e3973b5a /libmu_auth
parent25df2275c794c9f223715473494ab3b10a420d40 (diff)
downloadmailutils-f9c205de215c6a94d38f40f718f6787416fc4e01.tar.gz
mailutils-f9c205de215c6a94d38f40f718f6787416fc4e01.tar.bz2
Improve tls support
Remove deprecated types and function calls. Make cipher, mac, and other priorities configurable. * include/mailutils/sys/tls-stream.h (_mu_tls_stream): Use gnutls_session_t. * include/mailutils/tls.h (mu_tls_module_config): New member: priorities. * libmu_auth/tls.c: Remove deprecated types. (intialize_tls_session): Make priorities configurable. (prepare_client_session): Set default priorities. * libmu_cfg/tls.c: New configuration statement: ssl-priorities.
Diffstat (limited to 'libmu_auth')
-rw-r--r--libmu_auth/tls.c42
1 files changed, 20 insertions, 22 deletions
diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c
index 4609d59c3..0ed866048 100644
--- a/libmu_auth/tls.c
+++ b/libmu_auth/tls.c
@@ -173,13 +173,19 @@ mu_deinit_tls_libs (void)
mu_tls_enable = 0;
}
-static gnutls_session
+static char default_priority_string[] = "NORMAL";
+
+static gnutls_session_t
initialize_tls_session (void)
{
- gnutls_session session = 0;
+ gnutls_session_t session = 0;
gnutls_init (&session, GNUTLS_SERVER);
- gnutls_set_default_priority (session);
+ gnutls_priority_set_direct (session,
+ mu_tls_module_config.priorities
+ ? mu_tls_module_config.priorities
+ : default_priority_string,
+ NULL);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
@@ -357,7 +363,7 @@ _mu_tls_io_stream_create (mu_stream_t *pstream,
static ssize_t
-_tls_stream_pull (gnutls_transport_ptr fd, void *buf, size_t size)
+_tls_stream_pull (gnutls_transport_ptr_t fd, void *buf, size_t size)
{
mu_stream_t stream = fd;
int rc;
@@ -372,7 +378,7 @@ _tls_stream_pull (gnutls_transport_ptr fd, void *buf, size_t size)
}
static ssize_t
-_tls_stream_push (gnutls_transport_ptr fd, const void *buf, size_t size)
+_tls_stream_push (gnutls_transport_ptr_t fd, const void *buf, size_t size)
{
mu_stream_t stream = fd;
int rc;
@@ -407,8 +413,8 @@ _tls_server_open (mu_stream_t stream)
sp->session = initialize_tls_session ();
mu_stream_ioctl (stream, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET, transport);
gnutls_transport_set_ptr2 (sp->session,
- (gnutls_transport_ptr) transport[0],
- (gnutls_transport_ptr) transport[1]);
+ (gnutls_transport_ptr_t) transport[0],
+ (gnutls_transport_ptr_t) transport[1]);
gnutls_transport_set_pull_function (sp->session, _tls_stream_pull);
gnutls_transport_set_push_function (sp->session, _tls_stream_push);
@@ -429,21 +435,13 @@ prepare_client_session (mu_stream_t stream)
struct _mu_tls_stream *sp = (struct _mu_tls_stream *) stream;
int rc;
mu_transport_t transport[2];
- static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0};
- static int kx_priority[] = {GNUTLS_KX_RSA, 0};
- static int cipher_priority[] = {GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_ARCFOUR_128,
- 0};
- static int comp_priority[] = {GNUTLS_COMP_NULL, 0};
- static int mac_priority[] = {GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0};
gnutls_init (&sp->session, GNUTLS_CLIENT);
- gnutls_protocol_set_priority (sp->session, protocol_priority);
- gnutls_cipher_set_priority (sp->session, cipher_priority);
- gnutls_compression_set_priority (sp->session, comp_priority);
- gnutls_kx_set_priority (sp->session, kx_priority);
- gnutls_mac_set_priority (sp->session, mac_priority);
-
+ gnutls_priority_set_direct (sp->session,
+ mu_tls_module_config.priorities
+ ? mu_tls_module_config.priorities
+ : default_priority_string,
+ NULL);
gnutls_certificate_allocate_credentials (&x509_cred);
if (mu_tls_module_config.ssl_cafile)
{
@@ -461,8 +459,8 @@ prepare_client_session (mu_stream_t stream)
mu_stream_ioctl (stream, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET, transport);
gnutls_transport_set_ptr2 (sp->session,
- (gnutls_transport_ptr) transport[0],
- (gnutls_transport_ptr) transport[1]);
+ (gnutls_transport_ptr_t) transport[0],
+ (gnutls_transport_ptr_t) transport[1]);
gnutls_transport_set_pull_function (sp->session, _tls_stream_pull);
gnutls_transport_set_push_function (sp->session, _tls_stream_push);

Return to:

Send suggestions and report system problems to the System administrator.