View | Details | Raw Unified
Collapse All | Expand All

(-)gnubiff-2.2.9.orig/src/gnubiff_options.cc (-2 / +2 lines)
 Lines 427-435    Link Here 
427
								   "address_entry"));
427
								   "address_entry"));
428
	// AUTHENTICATION
428
	// AUTHENTICATION
429
	const static guint i4[] = {AUTH_AUTODETECT, AUTH_USER_PASS, AUTH_APOP,
429
	const static guint i4[] = {AUTH_AUTODETECT, AUTH_USER_PASS, AUTH_APOP,
430
							   AUTH_SSL, AUTH_CERTIFICATE, AUTH_NONE, 0};
430
							   AUTH_SSL, AUTH_CERTIFICATE, AUTH_TLS, AUTH_NONE, 0};
431
	const static gchar *s4[] = {"autodetect", "user_pass", "apop", "ssl",
431
	const static gchar *s4[] = {"autodetect", "user_pass", "apop", "ssl",
432
								"certificate", "-", NULL};
432
								"certificate", "tls", "-", NULL};
433
	add_option (new Option_UInt ("authentication", OPTGRP_MAILBOX,
433
	add_option (new Option_UInt ("authentication", OPTGRP_MAILBOX,
434
		"Authentication to be used when connecting to the server via the "
434
		"Authentication to be used when connecting to the server via the "
435
		"internet.\n"
435
		"internet.\n"
(-)gnubiff-2.2.9.orig/src/gnubiff_options.h (+1 lines)
 Lines 63-68    Link Here 
63
const guint	AUTH_APOP			=	2;
63
const guint	AUTH_APOP			=	2;
64
const guint	AUTH_SSL			=	3;
64
const guint	AUTH_SSL			=	3;
65
const guint	AUTH_CERTIFICATE	=	4;
65
const guint	AUTH_CERTIFICATE	=	4;
66
const guint	AUTH_TLS		=	5;
66
const guint	AUTH_NONE			=	(guint)-1;
67
const guint	AUTH_NONE			=	(guint)-1;
67
68
68
const guint	MAILBOX_ERROR		=	0;
69
const guint	MAILBOX_ERROR		=	0;
(-)gnubiff-2.2.9.orig/src/imap4.cc (-1 / +22 lines)
 Lines 263-268    Link Here 
263
263
264
	// CAPABILITY
264
	// CAPABILITY
265
	command_capability (true);
265
	command_capability (true);
266
	
267
#ifdef HAVE_LIBSSL
268
	// Negotiate TLS encryption
269
	if (authentication() == AUTH_TLS) {
270
		if (can_starttls_) {
271
			sendline ("STARTTLS");
272
			readline (line);
273
			if (!socket_->starttls (certificate())) {
274
				throw imap_command_err();
275
			}
276
		} else {
277
			command_logout();
278
			throw imap_nologin_err();
279
		}
280
	}
281
#endif
266
282
267
	// LOGIN
283
	// LOGIN
268
	command_login();
284
	command_login();
 Lines 369-374    Link Here 
369
 * The command "CAPABILITY" is sent to the server to get the supported
385
 * The command "CAPABILITY" is sent to the server to get the supported
370
 * capabilities. Currently gnubiff recognizes the following capabilities:
386
 * capabilities. Currently gnubiff recognizes the following capabilities:
371
 * \begin{itemize}
387
 * \begin{itemize}
388
 *    \item STARTTLS: Server supports TLS encryption.
372
 *    \item IDLE: If the server has the IDLE capability, gnubiff uses the
389
 *    \item IDLE: If the server has the IDLE capability, gnubiff uses the
373
 *          IDLE command instead of polling.
390
 *          IDLE command instead of polling.
374
 *    \item LOGINDISABLED: The server wants us not to login.
391
 *    \item LOGINDISABLED: The server wants us not to login.
 Lines 418-424    Link Here 
418
	// Looking for supported capabilities
435
	// Looking for supported capabilities
419
	idleable_ = use_idle () && (line.find (" IDLE ") != std::string::npos);
436
	idleable_ = use_idle () && (line.find (" IDLE ") != std::string::npos);
420
437
421
	if (line.find (" LOGINDISABLED ") != std::string::npos) {
438
	// Some sites advertise LOGINDISABLED until STARTTLS is used
439
	if (line.find (" LOGINDISABLED ") != std::string::npos && line.find (" STARTTLS ") == std::string::npos) {
422
		command_logout();
440
		command_logout();
423
		throw imap_nologin_err();
441
		throw imap_nologin_err();
424
	}
442
	}
 Lines 428-433    Link Here 
428
	// CAPABILITY command, maybe the server sends additional capabilities
446
	// CAPABILITY command, maybe the server sends additional capabilities
429
	if (((idleable_ == false) && use_idle()) && check_rc && !command_sent)
447
	if (((idleable_ == false) && use_idle()) && check_rc && !command_sent)
430
		command_capability (false);
448
		command_capability (false);
449
450
	// Check for STARTTLS support
451
	can_starttls_ = (line.find (" STARTTLS ") != std::string::npos);
431
}
452
}
432
453
433
/**
454
/**
(-)gnubiff-2.2.9.orig/src/imap4.h (+3 lines)
 Lines 47-52    Link Here 
47
	/// Does the server support the IDLE capability?
47
	/// Does the server support the IDLE capability?
48
	gboolean					idleable_;
48
	gboolean					idleable_;
49
49
50
	/// Does the server support STARTTLS?
51
	gboolean					can_starttls_;
52
50
	/// Is the server currently idled?
53
	/// Is the server currently idled?
51
	gboolean					idled_;
54
	gboolean					idled_;
52
55
(-)gnubiff-2.2.9.orig/src/mailbox.cc (+1 lines)
 Lines 231-236    Link Here 
231
			return 993;
231
			return 993;
232
		return ((protocol == PROTOCOL_POP3) ? 995 : 0);
232
		return ((protocol == PROTOCOL_POP3) ? 995 : 0);
233
	case AUTH_USER_PASS:
233
	case AUTH_USER_PASS:
234
	case AUTH_TLS:
234
		if (protocol == PROTOCOL_IMAP4)
235
		if (protocol == PROTOCOL_IMAP4)
235
			return 143;
236
			return 143;
236
		return ((protocol == PROTOCOL_POP3) ? 110 : 0);
237
		return ((protocol == PROTOCOL_POP3) ? 110 : 0);
(-)gnubiff-2.2.9.orig/src/socket.cc (+66 lines)
 Lines 267-272    Link Here 
267
	return 1;
267
	return 1;
268
}
268
}
269
269
270
gint
271
Socket::starttls (std::string certificate)
272
{
273
#ifdef HAVE_LIBSSL
274
	char *err_buf;
275
	
276
	err_buf = (char*) malloc (120);
277
	
278
	context_ = SSL_CTX_new (TLSv1_client_method());
279
280
		if (certificate_.size() > 0) {
281
			const gchar *capath = mailbox_->biff()->value_gchar ("dir_certificates");
282
			if (*capath == '\0')
283
				capath = NULL;
284
			if (!SSL_CTX_load_verify_locations (context_, certificate_.c_str(),
285
												capath)) {
286
				g_warning(_("[%d] Failed to load certificate (%s) for %s"),
287
						  uin_, certificate_.c_str(), hostname_.c_str());
288
				::close (sd_);
289
				sd_ = SD_CLOSE;
290
				return 0;
291
			}
292
			SSL_CTX_set_verify (context_, SSL_VERIFY_PEER, NULL);
293
		}
294
		else
295
			SSL_CTX_set_verify (context_, SSL_VERIFY_NONE, NULL);
296
297
		ssl_ = SSL_new (context_);
298
		if ((!ssl_) || (SSL_set_fd (ssl_, sd_) == 0)) {
299
			::close (sd_);
300
			sd_ = SD_CLOSE;
301
			g_warning (_("[%d] Unable to set file descriptor: %s"), uin_,
302
					   hostname_.c_str());
303
			return 0;
304
		}
305
306
		if (SSL_connect (ssl_) != 1) {
307
			ERR_error_string(ERR_get_error(), err_buf);
308
			SSL_free (ssl_);
309
			ssl_ = NULL;
310
			::close (sd_);
311
			sd_ = SD_CLOSE;
312
			g_warning (_("[%d] Unable to negotiate TLS connection: %s"), uin_, err_buf);
313
			return 0;
314
		}
315
316
		if ((certificate_.size() > 0) && (SSL_get_verify_result(ssl_) != X509_V_OK)) {
317
			g_static_mutex_lock (&ui_cert_mutex_);
318
			ui_cert_->select (this);
319
			g_static_mutex_unlock (&ui_cert_mutex_);
320
			if (!bypass_certificate_) {
321
				SSL_free (ssl_);
322
				ssl_ = NULL;
323
				::close (sd_);
324
				sd_ = SD_CLOSE;
325
				g_warning (_("[%d] Cannot identify remote host (%s on port %d)"), uin_, hostname_.c_str(), port_);
326
			}
327
		}
328
329
	use_ssl_ = true;
330
	
331
#endif
332
	status_ = SOCKET_STATUS_OK;
333
	return 1;
334
}
335
270
/**
336
/**
271
 *  Close the socket.
337
 *  Close the socket.
272
 */
338
 */
(-)gnubiff-2.2.9.orig/src/socket.h (+1 lines)
 Lines 91-96    Link Here 
91
				guint authentication = AUTH_SSL,
91
				guint authentication = AUTH_SSL,
92
				std::string certificate = "",
92
				std::string certificate = "",
93
				guint timeout = 5);
93
				guint timeout = 5);
94
	gint starttls (std::string certificate = "");
94
	void close (void);
95
	void close (void);
95
	gint write (std::string line, gboolean print = true);
96
	gint write (std::string line, gboolean print = true);
96
	gint read  (std::string &line,
97
	gint read  (std::string &line,
(-)gnubiff-2.2.9.orig/src/ui-properties.cc (+7 lines)
 Lines 156-161    Link Here 
156
		{ "SSL",			GTK_STOCK_DIALOG_AUTHENTICATION, "SSL",
156
		{ "SSL",			GTK_STOCK_DIALOG_AUTHENTICATION, "SSL",
157
		  0, 0, G_CALLBACK(PROPERTIES_on_auth_changed)},
157
		  0, 0, G_CALLBACK(PROPERTIES_on_auth_changed)},
158
		{ "Certificate",	GTK_STOCK_DIALOG_AUTHENTICATION, _("SSL with certificate"),
158
		{ "Certificate",	GTK_STOCK_DIALOG_AUTHENTICATION, _("SSL with certificate"),
159
		  0, 0, G_CALLBACK(PROPERTIES_on_auth_changed)},
160
		{ "TLS",			GTK_STOCK_DIALOG_AUTHENTICATION, "TLS",
159
		  0, 0, G_CALLBACK(PROPERTIES_on_auth_changed)}
161
		  0, 0, G_CALLBACK(PROPERTIES_on_auth_changed)}
160
	};
162
	};
161
	static const char *auth_ui_description =
163
	static const char *auth_ui_description =
 Lines 166-171    Link Here 
166
		"    <menuitem action='Apop'/>"
168
		"    <menuitem action='Apop'/>"
167
		"    <menuitem action='SSL'/>"
169
		"    <menuitem action='SSL'/>"
168
		"    <menuitem action='Certificate'/>"
170
		"    <menuitem action='Certificate'/>"
171
		"    <menuitem action='TLS'/>"
169
		"  </popup>"
172
		"  </popup>"
170
		"</ui>";
173
		"</ui>";
171
	action_group = gtk_action_group_new ("actions");
174
	action_group = gtk_action_group_new ("actions");
 Lines 302-307    Link Here 
302
		selected_auth_ = AUTH_CERTIFICATE;
305
		selected_auth_ = AUTH_CERTIFICATE;
303
		certificate_view (true);
306
		certificate_view (true);
304
	}
307
	}
308
	else if (auth == "TLS") {
309
		selected_auth_ = AUTH_TLS;
310
		certificate_view (false);
311
	}
305
	else {
312
	else {
306
		selected_auth_ = AUTH_AUTODETECT;
313
		selected_auth_ = AUTH_AUTODETECT;
307
		certificate_view (false);
314
		certificate_view (false);