* Fixed IMAP STARTTLS; trouble was in client_read_ssl the whole time.

  It should now be possible to implement SSL/TLS for any protocol.

diff --git a/citadel/ChangeLog b/citadel/ChangeLog
index 8bbf4e78318ad255cfd840cbfe3c2b78bb30d783..ebcf2149168442d25e0c7adb60ecc09d77eb5126 100644 (file)
--- a/citadel/ChangeLog
+++ b/citadel/ChangeLog
@@ -1,4 +1,8 @@
  $Log$
+ Revision 614.33  2004/02/16 18:14:00  error
+ * Fixed IMAP STARTTLS; trouble was in client_read_ssl the whole time.
+   It should now be possible to implement SSL/TLS for any protocol.
+
  Revision 614.32  2004/02/16 18:13:10  error
  * Log session IDs in syslog as well as stderr
 
@@ -5337,4 +5341,3 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant <bryant@cs.usm.maine.edu>
 
 Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
        * Initial CVS import
-

diff --git a/citadel/serv_crypto.c b/citadel/serv_crypto.c
index 3d614e1c28071f3b1bb9be42f77b9b6139802616..778985e37418b899a123a0855f08f1192fd38c0b 100644 (file)
--- a/citadel/serv_crypto.c
+++ b/citadel/serv_crypto.c
@@ -141,6 +141,9 @@ void init_ssl(void)
                         SSL_MODE_AUTO_RETRY);
 #endif
 #endif
+       SSL_CTX_set_mode(ssl_ctx, SSL_CTX_get_mode(ssl_ctx) |
+                       SSL_MODE_AUTO_RETRY);
+
        CRYPTO_set_locking_callback(ssl_lock);
        CRYPTO_set_id_callback(id_callback);
 
@@ -173,8 +176,8 @@ void init_ssl(void)
 
        /* Get our certificates in order */
        if (set_cert_stuff(ssl_ctx,
-                          "/etc/ssh/mail01.jemcaterers.net.cer",
-                          "/etc/ssh/ssh_host_rsa_key") != 1) {
+                          BBSDIR "/keys/citadel.cer",
+                          BBSDIR "/keys/citadel.key") != 1) {
 
                lprintf(3, "SSL ERROR: cert is bad!\n");
 
@@ -217,7 +220,9 @@ void client_write_ssl(char *buf, int nbytes)
                                sleep(1);
                                continue;
                        }
-                       lprintf(9, "SSL_write got error %ld\n", errval);
+                       lprintf(9, "SSL_write got error %ld, ret %d\n", errval, retval);
+                       if (retval == -1)
+                               lprintf(9, "errno is %d\n", errno);
                        endtls();
                        client_write(&buf[nbytes - nremain], nremain);
                        return;
@@ -232,15 +237,22 @@ void client_write_ssl(char *buf, int nbytes)
  */
 int client_read_ssl(char *buf, int bytes, int timeout)
 {
-       int len, rlen;
+#if 0
        fd_set rfds;
        struct timeval tv;
        int retval;
        int s;
+#endif
+       int len, rlen;
        char junk[1];
 
        len = 0;
        while (len < bytes) {
+#if 0
+               /*
+                * This code is disabled because we don't need it when
+                * using blocking reads (which we are). -IO
+                */
                FD_ZERO(&rfds);
                s = BIO_get_fd(CC->ssl->rbio, NULL);
                FD_SET(s, &rfds);
@@ -253,6 +265,7 @@ int client_read_ssl(char *buf, int bytes, int timeout)
                        return (0);
                }
 
+#endif
                if (SSL_want_read(CC->ssl)) {
                        if ((SSL_write(CC->ssl, junk, 0)) < 1) {
                                lprintf(9, "SSL_write in client_read:\n");

diff --git a/citadel/serv_imap.c b/citadel/serv_imap.c
index 8a757b5fafa45b163267db22e36a77ae01d4d1d0..0f21c01504f8d2f82c2a4d909151a4ed0d3bf1cf 100644 (file)
--- a/citadel/serv_imap.c
+++ b/citadel/serv_imap.c
@@ -418,7 +418,7 @@ void imap_capability(int num_parms, char *parms[])
 {
        cprintf("* CAPABILITY IMAP4 IMAP4REV1 AUTH=LOGIN");
 
-#ifdef HAVE_OPENSSL_XXX
+#ifdef HAVE_OPENSSL
        cprintf(" STARTTLS");
 #endif
 
@@ -430,7 +430,7 @@ void imap_capability(int num_parms, char *parms[])
 /*
  * implements the STARTTLS command (lifted-from-Cyrus version)
  */
-#ifdef HAVE_OPENSSL_XXX
+#ifdef HAVE_OPENSSX
 void imap_starttls(int num_parms, char *parms[])
 {
        int sts;