From d4a34b84ef4def7a1c851eaefde9edd6ab2f200d Mon Sep 17 00:00:00 2001 From: Michael Hampton Date: Mon, 16 Feb 2004 18:14:01 +0000 Subject: [PATCH] * Fixed IMAP STARTTLS; trouble was in client_read_ssl the whole time. It should now be possible to implement SSL/TLS for any protocol. --- citadel/ChangeLog | 5 ++++- citadel/serv_crypto.c | 21 +++++++++++++++++---- citadel/serv_imap.c | 4 ++-- 3 files changed, 23 insertions(+), 7 deletions(-) diff --git a/citadel/ChangeLog b/citadel/ChangeLog index 8bbf4e783..ebcf21491 100644 --- a/citadel/ChangeLog +++ b/citadel/ChangeLog @@ -1,4 +1,8 @@ $Log$ + Revision 614.33 2004/02/16 18:14:00 error + * Fixed IMAP STARTTLS; trouble was in client_read_ssl the whole time. + It should now be possible to implement SSL/TLS for any protocol. + Revision 614.32 2004/02/16 18:13:10 error * Log session IDs in syslog as well as stderr @@ -5337,4 +5341,3 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant Fri Jul 10 1998 Art Cancro * Initial CVS import - diff --git a/citadel/serv_crypto.c b/citadel/serv_crypto.c index 3d614e1c2..778985e37 100644 --- a/citadel/serv_crypto.c +++ b/citadel/serv_crypto.c @@ -141,6 +141,9 @@ void init_ssl(void) SSL_MODE_AUTO_RETRY); #endif #endif + SSL_CTX_set_mode(ssl_ctx, SSL_CTX_get_mode(ssl_ctx) | + SSL_MODE_AUTO_RETRY); + CRYPTO_set_locking_callback(ssl_lock); CRYPTO_set_id_callback(id_callback); @@ -173,8 +176,8 @@ void init_ssl(void) /* Get our certificates in order */ if (set_cert_stuff(ssl_ctx, - "/etc/ssh/mail01.jemcaterers.net.cer", - "/etc/ssh/ssh_host_rsa_key") != 1) { + BBSDIR "/keys/citadel.cer", + BBSDIR "/keys/citadel.key") != 1) { lprintf(3, "SSL ERROR: cert is bad!\n"); @@ -217,7 +220,9 @@ void client_write_ssl(char *buf, int nbytes) sleep(1); continue; } - lprintf(9, "SSL_write got error %ld\n", errval); + lprintf(9, "SSL_write got error %ld, ret %d\n", errval, retval); + if (retval == -1) + lprintf(9, "errno is %d\n", errno); endtls(); client_write(&buf[nbytes - nremain], nremain); return; @@ -232,15 +237,22 @@ void client_write_ssl(char *buf, int nbytes) */ int client_read_ssl(char *buf, int bytes, int timeout) { - int len, rlen; +#if 0 fd_set rfds; struct timeval tv; int retval; int s; +#endif + int len, rlen; char junk[1]; len = 0; while (len < bytes) { +#if 0 + /* + * This code is disabled because we don't need it when + * using blocking reads (which we are). -IO + */ FD_ZERO(&rfds); s = BIO_get_fd(CC->ssl->rbio, NULL); FD_SET(s, &rfds); @@ -253,6 +265,7 @@ int client_read_ssl(char *buf, int bytes, int timeout) return (0); } +#endif if (SSL_want_read(CC->ssl)) { if ((SSL_write(CC->ssl, junk, 0)) < 1) { lprintf(9, "SSL_write in client_read:\n"); diff --git a/citadel/serv_imap.c b/citadel/serv_imap.c index 8a757b5fa..0f21c0150 100644 --- a/citadel/serv_imap.c +++ b/citadel/serv_imap.c @@ -418,7 +418,7 @@ void imap_capability(int num_parms, char *parms[]) { cprintf("* CAPABILITY IMAP4 IMAP4REV1 AUTH=LOGIN"); -#ifdef HAVE_OPENSSL_XXX +#ifdef HAVE_OPENSSL cprintf(" STARTTLS"); #endif @@ -430,7 +430,7 @@ void imap_capability(int num_parms, char *parms[]) /* * implements the STARTTLS command (lifted-from-Cyrus version) */ -#ifdef HAVE_OPENSSL_XXX +#ifdef HAVE_OPENSSX void imap_starttls(int num_parms, char *parms[]) { int sts; -- 2.39.2