$Log$
+ Revision 590.47 2002/01/06 22:44:21 error
+ * Enable/disable encryption in client from command line and/or citadel.rc
+
Revision 590.46 2002/01/06 21:25:26 ajc
* sysdep.c: in client_write(), handle redirect_fp and redirect_sock *before*
handling redirect_ssl, because these need to be done the same way regardless
Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
* Initial CVS import
+
char hexstring[MD5_HEXSTRING_SIZE];
int stored_password = 0;
char password[SIZ];
-
+
/* Permissions sanity check - don't run citadel setuid/setgid */
if (getuid() != geteuid()) {
fprintf(stderr, "Please do not run citadel setuid!\n");
signal(SIGTERM, dropcarr); /* Cleanup gracefully if terminated */
signal(SIGCONT, catch_sigcont); /* Catch SIGCONT so we can reset terminal */
+ arg_encrypt = RC_DEFAULT;
+
/*
* Handle command line options as if we were called like /bin/login
* (i.e. from in.telnetd)
telnet_client_host = argv[a+1];
argc = shift(argc, argv, a, 2);
}
+ if (!strcmp(argv[a], "-x")) {
+ arg_encrypt = RC_NO;
+ argc = shift(argc, argv, a, 1);
+ }
+ if (!strcmp(argv[a], "-X")) {
+ arg_encrypt = RC_YES;
+ argc = shift(argc, argv, a, 1);
+ }
if (!strcmp(argv[a], "-p")) {
struct stat st;
# 3. <compiled BBSDIR>/citadel.rc
# 4. <current directory>/citadel.rc
+# Set ENCRYPT to yes to force SSL/TLS encryption when connecting to a
+# Citadel/UX server, even if the server is on the same machine as the
+# client. Set it to no to disable SSL/TLS encryption. The default is to
+# enable encryption for remote systems and to disable encryption for
+# systems on the same machine as the client.
+encrypt=default
+
# Set EDITOR to the name of an external editor to be used for entering
# messages. If you want the external editor to be used by default, be sure
# to reflect this in the command set below.
extern char rc_username[32];
extern char rc_password[32];
extern char rc_floor_mode;
+extern char rc_encrypt; /* from the citadel.rc file */
+extern char arg_encrypt; /* from the command line */
extern char express_msgs;
void logoff(int code);
void formout(char *name);
SSL *ssl;
SSL_CTX *ssl_ctx;
int ssl_is_connected = 0;
+char arg_encrypt;
+char rc_encrypt;
#ifdef THREADED_CLIENT
pthread_mutex_t **Critters; /* Things that need locking */
#endif /* THREADED_CLIENT */
SSL_METHOD *ssl_method;
DH *dh;
- /* TLS is pointless when server is local */
- if (server_is_local) {
+ /* Figure out whether to encrypt the session based on user options */
+ /* User request to disable encryption */
+ if (arg_encrypt == RC_NO || rc_encrypt == RC_NO) {
+ return 0;
+ }
+ /* User expressed no preference */
+ else if (rc_encrypt == RC_DEFAULT && arg_encrypt == RC_DEFAULT &&
+ server_is_local) {
return 0;
}
rc_force_mail_prompts = 0;
rc_ansi_color = 0;
strcpy(rc_url_cmd, "");
+ rc_encrypt = RC_DEFAULT;
/* now try to open the citadel.rc file */
while ((strlen(buf) > 0) ? (isspace(buf[strlen(buf) - 1])) : 0)
buf[strlen(buf) - 1] = 0;
+ if (!strncasecmp(buf, "encrypt=", 8)) {
+ if (!strcasecmp(&buf[8], "yes"))
+ rc_encrypt = RC_YES;
+ else if (!strcasecmp(&buf[8], "no"))
+ rc_encrypt = RC_NO;
+ else if (!strcasecmp(&buf[8], "default"))
+ rc_encrypt = RC_DEFAULT;
+ }
+
if (!strncasecmp(buf, "editor=", 7))
strcpy(editor_path, &buf[7]);