[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail:[14258] trunk/imap_proxy
From: pdontthink () users ! sourceforge ! net
Date: 2012-01-03 3:49:57
Message-ID: E1RhvNt-0005Ad-6g () sfp-svn-2 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 14258
http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=14258&view=rev
Author: pdontthink
Date: 2012-01-03 03:49:56 +0000 (Tue, 03 Jan 2012)
Log Message:
-----------
Default TLS CA data wasn't being loaded at all (thanks Orion Poplawski); Also fix TLS \
context not being initialized correctly
Modified Paths:
--------------
trunk/imap_proxy/ChangeLog
trunk/imap_proxy/src/main.c
Modified: trunk/imap_proxy/ChangeLog
===================================================================
--- trunk/imap_proxy/ChangeLog 2012-01-02 21:56:08 UTC (rev 14257)
+++ trunk/imap_proxy/ChangeLog 2012-01-03 03:49:56 UTC (rev 14258)
@@ -1,3 +1,8 @@
+2012-01-01 Paul Lesniewski <paul@squirrelmail.org>
+ * Fixed problem where default TLS CA data would never
+ be loaded (thanks to Orion Poplawski)
+ * Fixed bug in SSL context initialization
+
2011-12-16 Paul Lesniewski <paul@squirrelmail.org>
* Minor Makefile cleanup complements Brad Smith
* Fixed header include issue for OpenBSD (thanks to Brad Smith)
Modified: trunk/imap_proxy/src/main.c
===================================================================
--- trunk/imap_proxy/src/main.c 2012-01-02 21:56:08 UTC (rev 14257)
+++ trunk/imap_proxy/src/main.c 2012-01-03 03:49:56 UTC (rev 14258)
@@ -442,57 +442,57 @@
#if HAVE_LIBSSL
- /*
- * If we're going to support using STARTTLS to connect
- * to the server, at a minimum we need a CA file (or path)
- */
- if ( PC_Struct.tls_ca_file || PC_Struct.tls_ca_path )
- {
- /* Initialize SSL_CTX */
- syslog( LOG_INFO, "%s: Enabling openssl library.", fn );
- SSL_library_init();
+ /* Initialize SSL_CTX */
+ syslog( LOG_INFO, "%s: Enabling openssl library.", fn );
+ SSL_library_init();
- /* Set up OpenSSL thread protection */
- ssl_thread_setup(fn);
+ /* Set up OpenSSL thread protection */
+ ssl_thread_setup(fn);
- /* Need to seed PRNG, too! */
- if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) ) == f_randfile ) \
? f_randfile : "/.rnd" ) )
- {
- /* Not an EGD, so read and write it. */
- if ( RAND_load_file( f_randfile, -1 ) )
- RAND_write_file( f_randfile );
- }
+ /* Need to seed PRNG, too! */
+ if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) ) == \
f_randfile ) ? f_randfile : "/.rnd" ) ) + {
+ /* Not an EGD, so read and write it. */
+ if ( RAND_load_file( f_randfile, -1 ) )
+ RAND_write_file( f_randfile );
+ }
- SSL_load_error_strings();
- tls_ctx = SSL_CTX_new( TLSv1_client_method() );
- if ( tls_ctx == NULL )
- {
- syslog(LOG_ERR, "%s: Failed to create new SSL_CTX. Exiting.", fn);
- exit( 1 );
- }
+ SSL_load_error_strings();
+ tls_ctx = SSL_CTX_new( TLSv1_client_method() );
+ if ( tls_ctx == NULL )
+ {
+ syslog(LOG_ERR, "%s: Failed to create new SSL_CTX. Exiting.", fn);
+ exit( 1 );
+ }
- /* Work around all known bugs */
- SSL_CTX_set_options( tls_ctx, SSL_OP_ALL );
+ /* Work around all known bugs */
+ SSL_CTX_set_options( tls_ctx, SSL_OP_ALL );
- if ( ! SSL_CTX_load_verify_locations( tls_ctx,
- PC_Struct.tls_ca_file,
- PC_Struct.tls_ca_path ) ||
- ! SSL_CTX_set_default_verify_paths( tls_ctx ) )
- {
- syslog(LOG_ERR, "%s: Failed to load CA data. Exiting.", fn);
- exit( 1 );
- }
+ if ( PC_Struct.tls_ca_file != NULL || PC_Struct.tls_ca_path != NULL )
+ {
+ rc = SSL_CTX_load_verify_locations( tls_ctx,
+ PC_Struct.tls_ca_file,
+ PC_Struct.tls_ca_path );
+ }
+ else
+ {
+ rc = SSL_CTX_set_default_verify_paths( tls_ctx );
+ }
+ if ( rc == 0 )
+ {
+ syslog(LOG_ERR, "%s: Failed to load CA data. Exiting.", fn);
+ exit( 1 );
+ }
- if ( ! set_cert_stuff( tls_ctx,
- PC_Struct.tls_cert_file,
- PC_Struct.tls_key_file ) )
- {
- syslog(LOG_ERR, "%s: Failed to load cert/key data. Exiting.", fn);
- exit( 1 );
- }
+ if ( ! set_cert_stuff( tls_ctx,
+ PC_Struct.tls_cert_file,
+ PC_Struct.tls_key_file ) )
+ {
+ syslog(LOG_ERR, "%s: Failed to load cert/key data. Exiting.", fn);
+ exit( 1 );
+ }
- SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_NONE, verify_callback);
- }
+ SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_NONE, verify_callback);
#endif /* HAVE_LIBSSL */
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic