Browse Source

supersede SSLVersions option with TLSVersions

the new one isn't an exhaustive set anymore, but a delta to the default
(or previous setting). this has the advantage that new versions aren't
automatically disabled anymore as soon as mbsync learns about them if
the user has a setting they fail to adjust.
wip/maildir-path-under-inbox
Oswald Buddenhagen 3 years ago
parent
commit
e3056b26e9
  1. 2
      NEWS
  2. 36
      src/drv_imap.c
  3. 8
      src/mbsync.1
  4. 4
      src/mbsyncrc.sample

2
NEWS

@ -12,6 +12,8 @@ they are flagged on the source side.
Renamed the ReNew/--renew/-N options to Upgrade/--upgrade/-u
and Delete/--delete/-d to Gone/--gone/-g.
Superseded SSLVersions option with TLSVersions.
Made the Channel side to expire with MaxMessages configurable.
MaxMessages and MaxSize can be used together now.

36
src/drv_imap.c

@ -3797,8 +3797,44 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
error( "%s:%d: Invalid SSL type\n", cfg->file, cfg->line );
cfg->err = 1;
}
} else if (!strcasecmp( "TLSVersions", cfg->cmd )) {
arg = cfg->val;
do {
int or_mask = 0, and_mask = 0, val;
if (*arg == '+') {
or_mask = ~0;
} else if (*arg == '-') {
and_mask = ~0;
} else {
error( "%s:%d: TLSVersions arguments must start with +/-\n", cfg->file, cfg->line );
cfg->err = 1;
continue;
}
arg++;
if (!strcmp( "1.0", arg )) {
val = TLSv1;
} else if (!strcmp( "1.1", arg )) {
val = TLSv1_1;
} else if (!strcmp( "1.2", arg )) {
val = TLSv1_2;
} else if (!strcmp( "1.3", arg )) {
val = TLSv1_3;
} else {
error( "%s:%d: Unrecognized TLS version '%s'\n", cfg->file, cfg->line, arg );
cfg->err = 1;
continue;
}
or_mask &= val;
and_mask &= val;
server->sconf.ssl_versions = (server->sconf.ssl_versions & ~and_mask) | or_mask;
} while ((arg = get_arg( cfg, ARG_OPTIONAL, NULL )));
} else if (!strcasecmp( "SSLVersion", cfg->cmd ) ||
!strcasecmp( "SSLVersions", cfg->cmd )) {
static int sslv_warned;
if (!sslv_warned) {
sslv_warned = 1;
warn( "Notice: SSLVersions is deprecated. Use TLSVersions instead.\n" );
}
server->sconf.ssl_versions = 0;
arg = cfg->val;
do {

8
src/mbsync.1

@ -414,10 +414,12 @@ so it is the default (unless a tunnel is used).
right after connecting the secure IMAP port 993.
.
.TP
\fBSSLVersions\fR [\fBSSLv3\fR] [\fBTLSv1\fR] [\fBTLSv1.1\fR] [\fBTLSv1.2\fR] [\fBTLSv1.3\fR]
Select the acceptable SSL/TLS versions.
\fBTLSVersions\fR {\fB+\fR|\fB-\fR}{\fB1.0\fR|\fB1.1\fR|\fB1.2\fR|\fB1.3\fR} ...
Add/remove the specified TLS versions to/from the set of acceptable choices.
Use old versions only when the server has problems with newer ones.
(Default: [\fBTLSv1\fR] [\fBTLSv1.1\fR] [\fBTLSv1.2\fR] [\fBTLSv1.3\fR]).
Note that new versions are automatically enabled as soon as OpenSSL supports
them, even if \fBmbsync\fR does not recognize them yet.
(Default: All starting with 1.0).
.
.TP
\fBSystemCertificates\fR \fByes\fR|\fBno\fR

4
src/mbsyncrc.sample

@ -36,7 +36,7 @@ Sync PullNew Push
IMAPStore personal
Host host.play.com
Port 6789
SSLType None
TLSType None
Channel personal
Far :personal:
@ -66,7 +66,7 @@ CertificateFile ~/.st1-certificate.crt
IMAPStore st2
Host imap.another-domain.com
Path non-standard/
SSLVersions TLSv1.3
TLSVersions -1.2
Channel rst
Far :st1:somebox

Loading…
Cancel
Save