sipp11
/
mbsync
mirror of https://git.code.sf.net/p/isync/isync
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

prune SSL 2 support 

OpenSSL actually did that a while ago already, so this was dead code.
wip/unchecked-remove
Oswald Buddenhagen 7 years ago
parent
d2e5134ebd
commit
3a2e6b3793
7 changed files with 11 additions and 23 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      src/compat/config.c
  2. 1
      src/compat/isync.h
  3. 1
      src/compat/main.c
  4. 11
      src/drv_imap.c
  5. 4
      src/mbsync.1
  6. 2
      src/socket.c
  7. 1
      src/socket.h

14
src/compat/config.c
Unescape View File

@ -148,7 +148,6 @@ load_config( const char *path, config_t ***stor )
val += 6;
cfg->use_imaps = 1;
cfg->port = 993;
cfg->use_sslv2 = 1;
cfg->use_sslv3 = 1;
}
cfg->host = nfstrdup( val );
@ -187,7 +186,7 @@ load_config( const char *path, config_t ***stor )
else if (!strcasecmp( "RequireSSL", cmd ))
cfg->require_ssl = is_true( val );
else if (!strcasecmp( "UseSSLv2", cmd ))
cfg->use_sslv2 = is_true( val );
fprintf( stderr, "Warning: UseSSLv2 is no longer supported\n" );
else if (!strcasecmp( "UseSSLv3", cmd ))
cfg->use_sslv3 = is_true( val );
else if (!strcasecmp( "UseTLSv1", cmd ))
@ -316,12 +315,10 @@ write_imap_server( FILE *fp, config_t *cfg )
if (cfg->pass)
fprintf( fp, "Pass %s\n", quotify( cfg->pass ) );
fprintf( fp, "RequireCRAM %s\nRequireSSL %s\n"
"UseSSLv2 %s\nUseSSLv3 %s\nUseTLSv1 %s\nUseTLSv1.1 %s\nUseTLSv1.2 %s\n",
"UseSSLv3 %s\nUseTLSv1 %s\nUseTLSv1.1 %s\nUseTLSv1.2 %s\n",
tb(cfg->require_cram), tb(cfg->require_ssl),
tb(cfg->use_sslv2), tb(cfg->use_sslv3),
tb(cfg->use_tlsv1), tb(cfg->use_tlsv1), tb(cfg->use_tlsv1) );
if ((cfg->use_imaps || cfg->use_sslv2 || cfg->use_sslv3 || cfg->use_tlsv1) &&
cfg->cert_file)
tb(cfg->use_sslv3), tb(cfg->use_tlsv1), tb(cfg->use_tlsv1), tb(cfg->use_tlsv1) );
if ((cfg->use_imaps || cfg->use_sslv3 || cfg->use_tlsv1) && cfg->cert_file)
fprintf( fp, "CertificateFile %s\n", quotify( cfg->cert_file ) );
fputc( '\n', fp );
}
@ -417,12 +414,11 @@ write_config( int fd )
if (mstrcmp( pbox->user, box->user ) ||
mstrcmp( pbox->pass, box->pass )) /* nonsense */
continue;
if ((box->use_imaps || box->use_sslv2 ||
if ((box->use_imaps ||
box->use_sslv3 || box->use_tlsv1) &&
mstrcmp( pbox->cert_file, box->cert_file )) /* nonsense */
continue;
if (pbox->use_imaps != box->use_imaps ||
pbox->use_sslv2 != box->use_sslv2 ||
pbox->use_sslv3 != box->use_sslv3 ||
pbox->use_tlsv1 != box->use_tlsv1)
continue;

1
src/compat/isync.h
Unescape View File

@ -55,7 +55,6 @@ typedef struct config {
unsigned int require_cram:1;
unsigned int require_ssl:1;
unsigned int use_imaps:1;
unsigned int use_sslv2:1;
unsigned int use_sslv3:1;
unsigned int use_tlsv1:1;
char *cert_file;

1
src/compat/main.c
Unescape View File

@ -254,7 +254,6 @@ main( int argc, char **argv )
if (!strncasecmp( "imaps:", optarg, 6 )) {
global.use_imaps = 1;
global.port = 993;
global.use_sslv2 = 0;
global.use_sslv3 = 1;
optarg += 6;
}

11
src/drv_imap.c
Unescape View File

@ -3075,7 +3075,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
#ifdef HAVE_LIBSSL
/* Legacy SSL options */
int require_ssl = -1, use_imaps = -1;
int use_sslv2 = -1, use_sslv3 = -1, use_tlsv1 = -1, use_tlsv11 = -1, use_tlsv12 = -1;
int use_sslv3 = -1, use_tlsv1 = -1, use_tlsv11 = -1, use_tlsv12 = -1;
#endif
/* Legacy SASL option */
int require_cram = -1;
@ -3115,7 +3115,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
arg += 6;
server->ssl_type = SSL_IMAPS;
if (server->sconf.ssl_versions == -1)
server->sconf.ssl_versions = SSLv2 | SSLv3 | TLSv1 | TLSv1_1 | TLSv1_2;
server->sconf.ssl_versions = SSLv3 | TLSv1 | TLSv1_1 | TLSv1_2;
} else
#endif
if (starts_with( arg, -1, "imap:", 5 ))
@ -3197,7 +3197,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
arg = cfg->val;
do {
if (!strcasecmp( "SSLv2", arg )) {
server->sconf.ssl_versions |= SSLv2;
warn( "Warning: SSLVersion SSLv2 is no longer supported\n" );
} else if (!strcasecmp( "SSLv3", arg )) {
server->sconf.ssl_versions |= SSLv3;
} else if (!strcasecmp( "TLSv1", arg )) {
@ -3216,7 +3216,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
else if (!strcasecmp( "UseIMAPS", cfg->cmd ))
use_imaps = parse_bool( cfg );
else if (!strcasecmp( "UseSSLv2", cfg->cmd ))
use_sslv2 = parse_bool( cfg );
warn( "Warning: UseSSLv2 is no longer supported\n" );
else if (!strcasecmp( "UseSSLv3", cfg->cmd ))
use_sslv3 = parse_bool( cfg );
else if (!strcasecmp( "UseTLSv1", cfg->cmd ))
@ -3283,7 +3283,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
return 1;
}
#ifdef HAVE_LIBSSL
if ((use_sslv2 & use_sslv3 & use_tlsv1 & use_tlsv11 & use_tlsv12) != -1 || use_imaps >= 0 || require_ssl >= 0) {
if ((use_sslv3 & use_tlsv1 & use_tlsv11 & use_tlsv12) != -1 || use_imaps >= 0 || require_ssl >= 0) {
if (server->ssl_type >= 0 || server->sconf.ssl_versions >= 0) {
error( "%s '%s': The deprecated UseSSL*, UseTLS*, UseIMAPS, and RequireSSL options are mutually exclusive with SSLType and SSLVersions.\n", type, name );
cfg->err = 1;
@ -3291,7 +3291,6 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
}
warn( "Notice: %s '%s': UseSSL*, UseTLS*, UseIMAPS, and RequireSSL are deprecated. Use SSLType and SSLVersions instead.\n", type, name );
server->sconf.ssl_versions =
(use_sslv2 != 1 ? 0 : SSLv2) |
(use_sslv3 != 1 ? 0 : SSLv3) |
(use_tlsv1 == 0 ? 0 : TLSv1) |
(use_tlsv11 != 1 ? 0 : TLSv1_1) |

4
src/mbsync.1
Unescape View File

@ -364,10 +364,8 @@ so it is the default (unless a tunnel is used).
right after connecting the secure IMAP port 993.
..
.TP
\fBSSLVersions\fR [\fBSSLv2\fR] [\fBSSLv3\fR] [\fBTLSv1\fR] [\fBTLSv1.1\fR] [\fBTLSv1.2\fR]
\fBSSLVersions\fR [\fBSSLv3\fR] [\fBTLSv1\fR] [\fBTLSv1.1\fR] [\fBTLSv1.2\fR]
Select the acceptable SSL/TLS versions.
Use of SSLv2 is strongly discouraged for security reasons, but might be the
only option on some very old servers.
Use old versions only when the server has problems with newer ones.
(Default: [\fBTLSv1\fR] [\fBTLSv1.1\fR] [\fBTLSv1.2\fR]).
..

2
src/socket.c
Unescape View File

@ -204,8 +204,6 @@ init_ssl_ctx( const server_conf_t *conf )
mconf->SSLContext = SSL_CTX_new( SSLv23_client_method() );
if (!(conf->ssl_versions & SSLv2))
options |= SSL_OP_NO_SSLv2;
if (!(conf->ssl_versions & SSLv3))
options |= SSL_OP_NO_SSLv3;
if (!(conf->ssl_versions & TLSv1))

1
src/socket.h
Unescape View File

@ -35,7 +35,6 @@ typedef struct ssl_ctx_st SSL_CTX;
typedef struct stack_st _STACK;
enum {
SSLv2 = 1,
SSLv3 = 2,
TLSv1 = 4,
TLSv1_1 = 8,

Write Preview
Loading…
Cancel
Save