ホーム エクスプローラ ヘルプ
サインイン
noah
/
isync
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ソースを参照

add support for (disabling) TLS v1.1 and v1.2

Oswald Buddenhagen 12 年 前
c7ebe2da95
コミット
fbba8f1cda
4 ファイル変更25 行追加6 行削除
一括表示 差分情報を表示
  1. 4 0
      src/drv_imap.c
  2. 2 0
      src/isync.h
  3. 10 0
      src/mbsync.1
  4. 9 6
      src/socket.c

+ 4 - 0
src/drv_imap.c
ファイルの表示 

@@ -1980,6 +1980,10 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
 
 			server->sconf.use_sslv3 = parse_bool( cfg );
 
 			server->sconf.use_sslv3 = parse_bool( cfg );
 
 		else if (!strcasecmp( "UseTLSv1", cfg->cmd ))
 
 		else if (!strcasecmp( "UseTLSv1", cfg->cmd ))
 
 			server->sconf.use_tlsv1 = parse_bool( cfg );
 
 			server->sconf.use_tlsv1 = parse_bool( cfg );
 
+		else if (!strcasecmp( "UseTLSv1.1", cfg->cmd ))
 
+			server->sconf.use_tlsv11 = parse_bool( cfg );
 
+		else if (!strcasecmp( "UseTLSv1.2", cfg->cmd ))
 
+			server->sconf.use_tlsv12 = parse_bool( cfg );
 
 		else if (!strcasecmp( "RequireCRAM", cfg->cmd ))
 
 		else if (!strcasecmp( "RequireCRAM", cfg->cmd ))
 
 			server->require_cram = parse_bool( cfg );
 
 			server->require_cram = parse_bool( cfg );
 
 #endif
 
 #endif

+ 2 - 0
src/isync.h
ファイルの表示 

@@ -63,6 +63,8 @@ typedef struct server_conf {
 
 	unsigned use_sslv2:1;
 
 	unsigned use_sslv2:1;
 
 	unsigned use_sslv3:1;
 
 	unsigned use_sslv3:1;
 
 	unsigned use_tlsv1:1;
 
 	unsigned use_tlsv1:1;
 
+	unsigned use_tlsv11:1;
 
+	unsigned use_tlsv12:1;
 
 
 
 	/* these are actually variables and are leaked at the end */
 
 	/* these are actually variables and are leaked at the end */
 
 	SSL_CTX *SSLContext;
 
 	SSL_CTX *SSLContext;

+ 10 - 0
src/mbsync.1
ファイルの表示 

@@ -294,6 +294,16 @@ Use TLSv1 for communication with the IMAP server over SSL?
 
 (Default: \fIyes\fR)
 
 (Default: \fIyes\fR)
 
 ..
 
 ..
 
 .TP
 
 .TP
 
+\fBUseTLSv1.1\fR \fIyes\fR|\fIno\fR
 
+Use TLSv1.1 for communication with the IMAP server over SSL?
 
+(Default: \fIno\fR)
 
+..
 
+.TP
 
+\fBUseTLSv1.2\fR \fIyes\fR|\fIno\fR
 
+Use TLSv1.2 for communication with the IMAP server over SSL?
 
+(Default: \fIno\fR)
 
+..
 
+.TP
 
 \fBPipelineDepth\fR \fIdepth\fR
 
 \fBPipelineDepth\fR \fIdepth\fR
 
 Maximum number of IMAP commands which can be simultaneously in flight.
 
 Maximum number of IMAP commands which can be simultaneously in flight.
 
 Setting this to \fI1\fR disables pipelining.
 
 Setting this to \fI1\fR disables pipelining.

+ 9 - 6
src/socket.c
ファイルの表示 

@@ -231,14 +231,9 @@ static int
 
 init_ssl_ctx( const server_conf_t *conf )
 
 init_ssl_ctx( const server_conf_t *conf )
 
 {
 
 {
 
 	server_conf_t *mconf = (server_conf_t *)conf;
 
 	server_conf_t *mconf = (server_conf_t *)conf;
 
-	const SSL_METHOD *method;
 
 	int options = 0;
 
 	int options = 0;
 
 
 
-	if (conf->use_tlsv1 && !conf->use_sslv2 && !conf->use_sslv3)
 
-		method = TLSv1_client_method();
 
-	else
 
-		method = SSLv23_client_method();
 
-	mconf->SSLContext = SSL_CTX_new( method );
 
+	mconf->SSLContext = SSL_CTX_new( SSLv23_client_method() );
 
 
 
 	if (!conf->use_sslv2)
 
 	if (!conf->use_sslv2)
 
 		options |= SSL_OP_NO_SSLv2;
 
 		options |= SSL_OP_NO_SSLv2;
 
@@ -246,6 +241,14 @@ init_ssl_ctx( const server_conf_t *conf )
 
 		options |= SSL_OP_NO_SSLv3;
 
 		options |= SSL_OP_NO_SSLv3;
 
 	if (!conf->use_tlsv1)
 
 	if (!conf->use_tlsv1)
 
 		options |= SSL_OP_NO_TLSv1;
 
 		options |= SSL_OP_NO_TLSv1;
 
+#ifdef SSL_OP_NO_TLSv1_1
 
+	if (!conf->use_tlsv11)
 
+		options |= SSL_OP_NO_TLSv1_1;
 
+#endif
 
+#ifdef SSL_OP_NO_TLSv1_2
 
+	if (!conf->use_tlsv12)
 
+		options |= SSL_OP_NO_TLSv1_2;
 
+#endif
 
 
 
 	SSL_CTX_set_options( mconf->SSLContext, options );
 
 	SSL_CTX_set_options( mconf->SSLContext, options );