It should now be possible to implement SSL/TLS for any protocol.
+ Revision 614.33 2004/02/16 18:14:00 error
+ * Fixed IMAP STARTTLS; trouble was in client_read_ssl the whole time.
+ It should now be possible to implement SSL/TLS for any protocol.
+
Revision 614.32 2004/02/16 18:13:10 error
* Log session IDs in syslog as well as stderr
Revision 614.32 2004/02/16 18:13:10 error
* Log session IDs in syslog as well as stderr
Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
* Initial CVS import
Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
* Initial CVS import
SSL_MODE_AUTO_RETRY);
#endif
#endif
SSL_MODE_AUTO_RETRY);
#endif
#endif
+ SSL_CTX_set_mode(ssl_ctx, SSL_CTX_get_mode(ssl_ctx) |
+ SSL_MODE_AUTO_RETRY);
+
CRYPTO_set_locking_callback(ssl_lock);
CRYPTO_set_id_callback(id_callback);
CRYPTO_set_locking_callback(ssl_lock);
CRYPTO_set_id_callback(id_callback);
/* Get our certificates in order */
if (set_cert_stuff(ssl_ctx,
/* Get our certificates in order */
if (set_cert_stuff(ssl_ctx,
- "/etc/ssh/mail01.jemcaterers.net.cer",
- "/etc/ssh/ssh_host_rsa_key") != 1) {
+ BBSDIR "/keys/citadel.cer",
+ BBSDIR "/keys/citadel.key") != 1) {
lprintf(3, "SSL ERROR: cert is bad!\n");
lprintf(3, "SSL ERROR: cert is bad!\n");
- lprintf(9, "SSL_write got error %ld\n", errval);
+ lprintf(9, "SSL_write got error %ld, ret %d\n", errval, retval);
+ if (retval == -1)
+ lprintf(9, "errno is %d\n", errno);
endtls();
client_write(&buf[nbytes - nremain], nremain);
return;
endtls();
client_write(&buf[nbytes - nremain], nremain);
return;
*/
int client_read_ssl(char *buf, int bytes, int timeout)
{
*/
int client_read_ssl(char *buf, int bytes, int timeout)
{
fd_set rfds;
struct timeval tv;
int retval;
int s;
fd_set rfds;
struct timeval tv;
int retval;
int s;
char junk[1];
len = 0;
while (len < bytes) {
char junk[1];
len = 0;
while (len < bytes) {
+#if 0
+ /*
+ * This code is disabled because we don't need it when
+ * using blocking reads (which we are). -IO
+ */
FD_ZERO(&rfds);
s = BIO_get_fd(CC->ssl->rbio, NULL);
FD_SET(s, &rfds);
FD_ZERO(&rfds);
s = BIO_get_fd(CC->ssl->rbio, NULL);
FD_SET(s, &rfds);
if (SSL_want_read(CC->ssl)) {
if ((SSL_write(CC->ssl, junk, 0)) < 1) {
lprintf(9, "SSL_write in client_read:\n");
if (SSL_want_read(CC->ssl)) {
if ((SSL_write(CC->ssl, junk, 0)) < 1) {
lprintf(9, "SSL_write in client_read:\n");
{
cprintf("* CAPABILITY IMAP4 IMAP4REV1 AUTH=LOGIN");
{
cprintf("* CAPABILITY IMAP4 IMAP4REV1 AUTH=LOGIN");
cprintf(" STARTTLS");
#endif
cprintf(" STARTTLS");
#endif
/*
* implements the STARTTLS command (lifted-from-Cyrus version)
*/
/*
* implements the STARTTLS command (lifted-from-Cyrus version)
*/
void imap_starttls(int num_parms, char *parms[])
{
int sts;
void imap_starttls(int num_parms, char *parms[])
{
int sts;