Strona główna Odkrywaj Pomoc
Zaloguj się
noah
/
isync
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

add support for (disabling) TLS v1.1 and v1.2

Oswald Buddenhagen 12 lat temu
rodzic
c7ebe2da95
commit
fbba8f1cda
4 zmienionych plików z 25 dodań i 6 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 4 0
      src/drv_imap.c
  2. 2 0
      src/isync.h
  3. 10 0
      src/mbsync.1
  4. 9 6
      src/socket.c

+ 4 - 0
src/drv_imap.c
Wyświetl plik 

@@ -1980,6 +1980,10 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
 
 			server->sconf.use_sslv3 = parse_bool( cfg );
 
 		else if (!strcasecmp( "UseTLSv1", cfg->cmd ))
 
 			server->sconf.use_tlsv1 = parse_bool( cfg );
 
+		else if (!strcasecmp( "UseTLSv1.1", cfg->cmd ))
 
+			server->sconf.use_tlsv11 = parse_bool( cfg );
 
+		else if (!strcasecmp( "UseTLSv1.2", cfg->cmd ))
 
+			server->sconf.use_tlsv12 = parse_bool( cfg );
 
 		else if (!strcasecmp( "RequireCRAM", cfg->cmd ))
 
 			server->require_cram = parse_bool( cfg );
 
 #endif

+ 2 - 0
src/isync.h
Wyświetl plik 

@@ -63,6 +63,8 @@ typedef struct server_conf {
 
 	unsigned use_sslv2:1;
 
 	unsigned use_sslv3:1;
 
 	unsigned use_tlsv1:1;
 
+	unsigned use_tlsv11:1;
 
+	unsigned use_tlsv12:1;
 
 
 	/* these are actually variables and are leaked at the end */
 
 	SSL_CTX *SSLContext;

+ 10 - 0
src/mbsync.1
Wyświetl plik 

@@ -294,6 +294,16 @@ Use TLSv1 for communication with the IMAP server over SSL?
 
 (Default: \fIyes\fR)
 
 ..
 
 .TP
 
+\fBUseTLSv1.1\fR \fIyes\fR|\fIno\fR
 
+Use TLSv1.1 for communication with the IMAP server over SSL?
 
+(Default: \fIno\fR)
 
+..
 
+.TP
 
+\fBUseTLSv1.2\fR \fIyes\fR|\fIno\fR
 
+Use TLSv1.2 for communication with the IMAP server over SSL?
 
+(Default: \fIno\fR)
 
+..
 
+.TP
 
 \fBPipelineDepth\fR \fIdepth\fR
 
 Maximum number of IMAP commands which can be simultaneously in flight.
 
 Setting this to \fI1\fR disables pipelining.

+ 9 - 6
src/socket.c
Wyświetl plik 

@@ -231,14 +231,9 @@ static int
 
 init_ssl_ctx( const server_conf_t *conf )
 
 {
 
 	server_conf_t *mconf = (server_conf_t *)conf;
 
-	const SSL_METHOD *method;
 
 	int options = 0;
 
 
-	if (conf->use_tlsv1 && !conf->use_sslv2 && !conf->use_sslv3)
 
-		method = TLSv1_client_method();
 
-	else
 
-		method = SSLv23_client_method();
 
-	mconf->SSLContext = SSL_CTX_new( method );
 
+	mconf->SSLContext = SSL_CTX_new( SSLv23_client_method() );
 
 
 	if (!conf->use_sslv2)
 
 		options |= SSL_OP_NO_SSLv2;
 
@@ -246,6 +241,14 @@ init_ssl_ctx( const server_conf_t *conf )
 
 		options |= SSL_OP_NO_SSLv3;
 
 	if (!conf->use_tlsv1)
 
 		options |= SSL_OP_NO_TLSv1;
 
+#ifdef SSL_OP_NO_TLSv1_1
 
+	if (!conf->use_tlsv11)
 
+		options |= SSL_OP_NO_TLSv1_1;
 
+#endif
 
+#ifdef SSL_OP_NO_TLSv1_2
 
+	if (!conf->use_tlsv12)
 
+		options |= SSL_OP_NO_TLSv1_2;
 
+#endif
 
 
 	SSL_CTX_set_options( mconf->SSLContext, options );