$Log$
+ Revision 590.99 2002/02/03 15:21:48 error
+ * Remove the ETLS command, it is no longer needed
+
Revision 590.98 2002/02/02 21:44:04 ajc
* If a user has at least one valid Internet directory address, stamp it onto
any outgoing messages.
Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
* Initial CVS import
-
/* Finally let the server know we're here */
CtdlRegisterProtoHook(cmd_stls, "STLS", "Start SSL/TLS session");
CtdlRegisterProtoHook(cmd_gtls, "GTLS", "Get SSL/TLS session status");
- CtdlRegisterProtoHook(cmd_etls, "ETLS", "End SSL/TLS session");
- CtdlRegisterSessionHook(endtls_atlogout, EVT_STOP);
+ CtdlRegisterSessionHook(endtls, EVT_STOP);
}
}
-/* Logout function hook */
-void endtls_atlogout(void)
-{
- endtls(1);
-}
-
-
-/* Command function hook */
-void cmd_etls(char *params)
-{
- endtls(0);
-}
-
-
/*
* endtls() shuts down the TLS connection
- * Parameter is NULL for client request, CitContext * for server request
*
* WARNING: This may make your session vulnerable to a known plaintext
* attack in the current implmentation.
*/
-void endtls(int who)
+void endtls(void)
{
- lprintf(7, "Ending SSL/TLS%s\n",
- (who) ? "" : " at client request");
+ lprintf(7, "Ending SSL/TLS%s\n");
- if (!who) {
- if (!CC->ssl) {
- cprintf("%d Connection is not encrypted.\n", ERROR);
- return;
- }
- cprintf("%d Now stop encryption.\n", OK);
- } else if (!CC->ssl) {
+ if (!CC->ssl) {
+ CC->redirect_ssl = 0;
return;
}
int client_read_ssl (char *buf, int bytes, int timeout);
void cmd_stls(char *params);
void cmd_gtls(char *params);
-void cmd_etls(char *params);
-void endtls_atlogout(void);
-void endtls(int who);
+void endtls(void);
void ssl_lock(int mode, int n, const char *file, int line);
#endif
3 - Cipher strength bits actually in use, e.g. 128
- ETLS (End Transport Layer Security)
-
- This command shuts down TLS and resumes an unencrypted communications
-channel. This command returns OK and then negotiates TLS shutdown. The
-client should read the response before negotiating TLS shutdown (e.g. with
-SSL_shutdown() in OpenSSL). The connection is then unencrypted. The
-server may return ERROR if it does not support SSL or if the connection was
-not encrypted to begin with. If either end is unable to resume the connection
-unencrypted, the connection should be closed.
-
- This command is primarily for debugging. Clients may end TLS at any time
-without calling this command. If a client needs to end TLS and resume
-unencrypted communications, it should do so through the SSL/TLS layer (e.g.
-with SSL_shutdown() in OpenSSL) rather than using this command. This command
-may be removed from future versions of Citadel/UX.
-
-
IGAB (Initialize Global Address Book)
This command creates, or re-creates, a database of Internet e-mail addresses