'[SM-CVS] SF.net SVN: squirrelmail:[14258] trunk/imap_proxy'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    [SM-CVS] SF.net SVN: squirrelmail:[14258] trunk/imap_proxy
From:       pdontthink () users ! sourceforge ! net
Date:       2012-01-03 3:49:57
Message-ID: E1RhvNt-0005Ad-6g () sfp-svn-2 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Revision: 14258
          http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=14258&view=rev
Author:   pdontthink
Date:     2012-01-03 03:49:56 +0000 (Tue, 03 Jan 2012)
Log Message:
-----------
Default TLS CA data wasn't being loaded at all (thanks Orion Poplawski); Also fix TLS \
context not being initialized correctly

Modified Paths:
--------------
    trunk/imap_proxy/ChangeLog
    trunk/imap_proxy/src/main.c

Modified: trunk/imap_proxy/ChangeLog
===================================================================
--- trunk/imap_proxy/ChangeLog	2012-01-02 21:56:08 UTC (rev 14257)
+++ trunk/imap_proxy/ChangeLog	2012-01-03 03:49:56 UTC (rev 14258)
@@ -1,3 +1,8 @@
+2012-01-01  Paul Lesniewski <paul@squirrelmail.org>
+	* Fixed problem where default TLS CA data would never
+	  be loaded (thanks to Orion Poplawski)
+	* Fixed bug in SSL context initialization
+
 2011-12-16  Paul Lesniewski <paul@squirrelmail.org>
 	* Minor Makefile cleanup complements Brad Smith
 	* Fixed header include issue for OpenBSD (thanks to Brad Smith)

Modified: trunk/imap_proxy/src/main.c
===================================================================
--- trunk/imap_proxy/src/main.c	2012-01-02 21:56:08 UTC (rev 14257)
+++ trunk/imap_proxy/src/main.c	2012-01-03 03:49:56 UTC (rev 14258)
@@ -442,57 +442,57 @@
 
 
 #if HAVE_LIBSSL
-    /*
-     * If we're going to support using STARTTLS to connect
-     * to the server, at a minimum we need a CA file (or path)
-     */
-    if ( PC_Struct.tls_ca_file || PC_Struct.tls_ca_path )
-    {
-	/* Initialize SSL_CTX */
-	syslog( LOG_INFO, "%s: Enabling openssl library.", fn );
-	SSL_library_init();
+    /* Initialize SSL_CTX */
+    syslog( LOG_INFO, "%s: Enabling openssl library.", fn );
+    SSL_library_init();
 
-	/* Set up OpenSSL thread protection */
-	ssl_thread_setup(fn);
+    /* Set up OpenSSL thread protection */
+    ssl_thread_setup(fn);
 
-	/* Need to seed PRNG, too! */
-	if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) ) == f_randfile ) \
                ? f_randfile : "/.rnd" ) )
-	{
-	    /* Not an EGD, so read and write it. */
-	    if ( RAND_load_file( f_randfile, -1 ) )
-	    RAND_write_file( f_randfile );
-	}
+    /* Need to seed PRNG, too! */
+    if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) ) == \
f_randfile ) ? f_randfile : "/.rnd" ) ) +    {
+	/* Not an EGD, so read and write it. */
+	if ( RAND_load_file( f_randfile, -1 ) )
+	RAND_write_file( f_randfile );
+    }
 
-	SSL_load_error_strings();
-	tls_ctx = SSL_CTX_new( TLSv1_client_method() );
-	if ( tls_ctx == NULL )
-	{ 
-	    syslog(LOG_ERR, "%s: Failed to create new SSL_CTX.  Exiting.", fn);
-	    exit( 1 );
-	}
+    SSL_load_error_strings();
+    tls_ctx = SSL_CTX_new( TLSv1_client_method() );
+    if ( tls_ctx == NULL )
+    { 
+	syslog(LOG_ERR, "%s: Failed to create new SSL_CTX.  Exiting.", fn);
+	exit( 1 );
+    }
  
-	/* Work around all known bugs */
-	SSL_CTX_set_options( tls_ctx, SSL_OP_ALL );
+    /* Work around all known bugs */
+    SSL_CTX_set_options( tls_ctx, SSL_OP_ALL );
  
-	if ( ! SSL_CTX_load_verify_locations( tls_ctx,
-						PC_Struct.tls_ca_file,
-						PC_Struct.tls_ca_path ) ||
-	    ! SSL_CTX_set_default_verify_paths( tls_ctx ) )
-	{ 
-	    syslog(LOG_ERR, "%s: Failed to load CA data.  Exiting.", fn);
-	    exit( 1 );
-	}
+    if ( PC_Struct.tls_ca_file != NULL || PC_Struct.tls_ca_path != NULL )
+    {
+	rc = SSL_CTX_load_verify_locations( tls_ctx,
+					    PC_Struct.tls_ca_file,
+					    PC_Struct.tls_ca_path );
+    }
+    else
+    {
+	rc = SSL_CTX_set_default_verify_paths( tls_ctx );
+    }
+    if ( rc == 0 )
+    { 
+	syslog(LOG_ERR, "%s: Failed to load CA data.  Exiting.", fn);
+	exit( 1 );
+    }
  
-	if ( ! set_cert_stuff( tls_ctx,
-				PC_Struct.tls_cert_file,
-				PC_Struct.tls_key_file ) )
-	{ 
-	    syslog(LOG_ERR, "%s: Failed to load cert/key data.  Exiting.", fn);
-	    exit( 1 );
-	}
+    if ( ! set_cert_stuff( tls_ctx,
+			    PC_Struct.tls_cert_file,
+			    PC_Struct.tls_key_file ) )
+    { 
+	syslog(LOG_ERR, "%s: Failed to load cert/key data.  Exiting.", fn);
+	exit( 1 );
+    }
 
-	SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_NONE, verify_callback);
-    }
+    SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_NONE, verify_callback);
 #endif /* HAVE_LIBSSL */
 
 

This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.


------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
                https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic