sipp11
/
mbsync
mirror of https://git.code.sf.net/p/isync/isync
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

add support for (disabling) TLS v1.1 and v1.2

wip/maildir-uid-dupes-test
Oswald Buddenhagen 12 years ago
parent
c7ebe2da95
commit
fbba8f1cda
4 changed files with 25 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/drv_imap.c
  2. 2
      src/isync.h
  3. 10
      src/mbsync.1
  4. 15
      src/socket.c

4
src/drv_imap.c
Unescape View File

@ -1980,6 +1980,10 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
server->sconf.use_sslv3 = parse_bool( cfg ); server->sconf.use_sslv3 = parse_bool( cfg );
else if (!strcasecmp( "UseTLSv1", cfg->cmd )) else if (!strcasecmp( "UseTLSv1", cfg->cmd ))
server->sconf.use_tlsv1 = parse_bool( cfg ); server->sconf.use_tlsv1 = parse_bool( cfg );
else if (!strcasecmp( "UseTLSv1.1", cfg->cmd ))
server->sconf.use_tlsv11 = parse_bool( cfg );
else if (!strcasecmp( "UseTLSv1.2", cfg->cmd ))
server->sconf.use_tlsv12 = parse_bool( cfg );
else if (!strcasecmp( "RequireCRAM", cfg->cmd )) else if (!strcasecmp( "RequireCRAM", cfg->cmd ))
server->require_cram = parse_bool( cfg ); server->require_cram = parse_bool( cfg );
#endif #endif

2
src/isync.h
Unescape View File

@ -63,6 +63,8 @@ typedef struct server_conf {
unsigned use_sslv2:1; unsigned use_sslv2:1;
unsigned use_sslv3:1; unsigned use_sslv3:1;
unsigned use_tlsv1:1; unsigned use_tlsv1:1;
unsigned use_tlsv11:1;
unsigned use_tlsv12:1;
/* these are actually variables and are leaked at the end */ /* these are actually variables and are leaked at the end */
SSL_CTX *SSLContext; SSL_CTX *SSLContext;

10
src/mbsync.1
Unescape View File

@ -294,6 +294,16 @@ Use TLSv1 for communication with the IMAP server over SSL?
(Default: \fIyes\fR) (Default: \fIyes\fR)
.. ..
.TP .TP
\fBUseTLSv1.1\fR \fIyes\fR|\fIno\fR
Use TLSv1.1 for communication with the IMAP server over SSL?
(Default: \fIno\fR)
..
.TP
\fBUseTLSv1.2\fR \fIyes\fR|\fIno\fR
Use TLSv1.2 for communication with the IMAP server over SSL?
(Default: \fIno\fR)
..
.TP
\fBPipelineDepth\fR \fIdepth\fR \fBPipelineDepth\fR \fIdepth\fR
Maximum number of IMAP commands which can be simultaneously in flight. Maximum number of IMAP commands which can be simultaneously in flight.
Setting this to \fI1\fR disables pipelining. Setting this to \fI1\fR disables pipelining.

15
src/socket.c
Unescape View File

@ -231,14 +231,9 @@ static int
init_ssl_ctx( const server_conf_t *conf ) init_ssl_ctx( const server_conf_t *conf )
{ {
server_conf_t *mconf = (server_conf_t *)conf; server_conf_t *mconf = (server_conf_t *)conf;
const SSL_METHOD *method;
int options = 0; int options = 0;
if (conf->use_tlsv1 && !conf->use_sslv2 && !conf->use_sslv3) mconf->SSLContext = SSL_CTX_new( SSLv23_client_method() );
method = TLSv1_client_method();
else
method = SSLv23_client_method();
mconf->SSLContext = SSL_CTX_new( method );
if (!conf->use_sslv2) if (!conf->use_sslv2)
options |= SSL_OP_NO_SSLv2; options |= SSL_OP_NO_SSLv2;
@ -246,6 +241,14 @@ init_ssl_ctx( const server_conf_t *conf )
options |= SSL_OP_NO_SSLv3; options |= SSL_OP_NO_SSLv3;
if (!conf->use_tlsv1) if (!conf->use_tlsv1)
options |= SSL_OP_NO_TLSv1; options |= SSL_OP_NO_TLSv1;
#ifdef SSL_OP_NO_TLSv1_1
if (!conf->use_tlsv11)
options |= SSL_OP_NO_TLSv1_1;
#endif
#ifdef SSL_OP_NO_TLSv1_2
if (!conf->use_tlsv12)
options |= SSL_OP_NO_TLSv1_2;
#endif
SSL_CTX_set_options( mconf->SSLContext, options ); SSL_CTX_set_options( mconf->SSLContext, options );

Write Preview
Loading…
Cancel
Save