| Age | Commit message (Collapse) | Author |
|---|
|
|
|
It looks like LibreSSL does not perform automatic initialization of
the library and error strings.
Since LibreSSL defines OPENSSL_VERSION_NUMBER as a "version 2",
add a check if LIBRESSL_VERSION_NUMBER is defined and call the
initialization functions for that case.
|
|
(cherry picked from commit 9c9bea5e04e2a562017af0ac7a27b1b0e00e8907)
|
|
|
|
Add spaces after if, else, while, for, switch.
Unify the brace placement style. The vast majority of the code uses
Allman style so convert the relatively few K&R braces over.
|
|
These are mostly automated changes corresponding to the emacs
settings:
(c-set-style "linux")
(setq c-basic-offset 2)
(c-set-offset 'case-label '+)
Most of the code follows the convention:
(add-to-list 'c-cleanup-list 'space-before-funcall)
but this is not enforced by this indentation cleanup.
Also, I personally dislike tabs, so I have:
(setq-default indent-tabs-mode nil)
in my own configuration. However I have no desire to change every line
just for that effect. So this cleanup does nothing about the mix issue.
Some of the secondary files (e.g. regex.c) have been skipped.
I've also skipped crypt-gpgme.c, because I need to think about that
file. Werner Koch and the GnuPG team contributed most it, and it
follows the Gnu indentation settings. It should probably be made
uniform with Mutt, but I don't want to discourage future GnuPG
contribution to the file.
I manually reverted a few unsightly cleanups, and added a few tweeks
when I saw things that could be improved.
|
|
|
|
|
|
Due to the length of the sha-256 fingerprint, split the output into
two lines.
Note that this change now requires OpenSSL 0.9.8+ [2005-07-05], and
GnuTLS 1.7.4+ [2007-02-05].
|
|
|
|
OpenSSL structures need to be freed with dedicated functions.
|
|
|
|
Mutt calls msgfmt with '-c' to verify that translation format strings
match, but it is still safer to indirect strings with no formatting
through %s.
|
|
This removes the need for the OPTNEEDREDRAW option and MAYBE_REDRAW
macro previously used to communicate back the need to refresh after
exiting a menu.
Remove the redraw parameter from ci_bounce_message() and
mix_make_chain() which served the same purpose.
|
|
Change the pager to use a MENU, right now just to hold the refresh
state.
|
|
Note the GnuTLS code compares the certs directly to check if they are
in the certfile.
|
|
The original patch for this is by Phil Pennock at:
https://people.spodhuis.org/phil.pennock/software/mutt-patches/
I have removed the OpenSSL version check and defined(OPENSSL_NO_TLSEXT)
check because:
* SSL_set_tlsext_host_name() was added in 0.9.8f [11 Oct 2007]
* OpenSSL 1.1 no longer has the OPENSSL_NO_TLSEXT compilation option
* https://rt.openssl.org/Ticket/Display.html?id=2788&user=guest&pass=guest
shows that the no-tlsext compilation option has been broken for some time.
* Going forward, I'd like to minimize and start removing cruft required
to support ancient/insecure versions of libraries.
|
|
#3914)
On a hostname mismatch, saving the certificate is pointless because
mutt will ask the user no matter if the certificate is saved or not.
The only invocation allowing "accept always" is guarded by a call to
check_certificate_digest(), which means the check_certificate_file()
check is redundant. Therefore remove that check and add a comment
noting why.
Thanks to Matthias Andree for the original version of this patch.
|
|
OpenSSL sometimes passes a skipped certificate to
ssl_verify_callback() a second time, with preverify_ok=1. From
OpenSSL's viewpoint there is nothing wrong with this, but mutt will
end up showing the certificate in the interactive prompt again.
Cache the last cert and position, and compare with the latest when
skip_mode and preverify_ok are both set.
|
|
#3914)
Check to make sure the certificate is not already in the
$certificate_file before offering the (a)ccept always option.
To allow a cert with a new validity timespan to be added to the file,
check the expiration dates when comparing certificates in the
certficate file.
|
|
Instead of directly checking whether X509_V_FLAG_PARTIAL_CHAIN is
defined everywhere, do it once inside configure. This will allow
better support in the future if the test needs to change.
|
|
The reworked OpenSSL certificate validation took away a "feature" of
the previous implementation: the ability to reject a node in the chain
and yet continue to the next node.
If this new option is set to 'yes', enables OpenSSL's
X509_V_FLAG_PARTIAL_CHAIN flag to reinstate the functionality and permit
to use a non-root certificate as the trust anchor.
This option is only available if OpenSSL offers the
X509_V_FLAG_PARTIAL_CHAIN macro, which should be the case as of 1.0.2b
or later.
Code written by Kevin McCarthy and Matthias Andree.
|
|
|
|
Call ERR_clear_error() just before the call to SSL_connect() to make
sure the error queue doesn't have any old errors in it.
PEM_read_X509() sets an error PEM_R_NO_START_LINE on end-of-file.
Clear that out so it doesn't show up as the SSL_connect() error
message.
|
|
While here, fix a few compiler warnings about sign mismatch in comparison.
|
|
Thanks to Matthias Andree's debugging, it appears the cert is not
freed when PEM_read_X509() encounters EOF. Change the return value
check to not overwrite cert. It is already updated via the second
parameter.
|
|
X509_STORE_add_cert() creates a copy of the certificate we're offering,
so we need to free our copy afterwards. This isn't documented, but from
observed behaviour in OpenSSL 1.0.2 and its master branch source code.
Change PEM_read_X509() call to reuse cert to avoid free/reallocation
overhead.
|
|
OpenSSL has trouble establishing the chain and verifying when
duplicate expired certs are loaded in from $certificate_file. A
warning about this is mentioned in
SSL_CTX_load_verify_locations(3SSL).
Filter out expired certs when loading verify certs. Note that the
full certicates file is still used for verification in
check_certificate_by_digest().
|
|
(closes #3903)
The way Mutt currently verifies SSL certificates using OpenSSL does
not support alternative chains, which may cause confusion when some
popular mail providers (e.g. Gmail) are used with specific sets of
trusted CA certificates.
Replace the "manual" verification done by mutt in
check_certificate_by_signer() with SSL_set_verify() using a callback.
OpenSSL then does the certificate verification, including properly
looking at alternative chains. The callback still provides the
opportunity to override using ~/.mutt_certificates or an interactive
prompt.
|
|
#3899)
While I have reservations about the construct, it does make the
interactive_check_cert() menu->max and part loop less fragile.
|
|
Don't use X509_NAME_oneline() with a fixed size buffer, which could
truncate the string, perhaps leaving off the CN field entirely.
Instead, work directly off the X509_NAME.
Rather than use strstr to tokenize it, call
X509_NAME_get_text_by_NID() with the nid types. Although
X509_NAME_get_text_by_NID() is "legacy", it is the most directly
useful for mutt in this simple interactive prompt.
The function was set up to include the ST and C fields in the prompt,
but the loop limit was too low. I believe this was an oversight, so
increase the loop to include those two fields.
|
|
|
|
X509_NAME_oneline() always NULL-terminates the string, even when it
has to truncate the data to fit in buf.
|
|
|
|
X509->name was a shortcut for the longer
name = X509_NAME_oneline (X509_get_subject_name (cert),
buf, sizeof (buf));
invocation. Change the debugging to print the cert name and chain
names in the ssl_check_certificate() loop instead.
|
|
With these changes, Mutt will no longer compile for versions less than
0.9.6.
|
|
|
|
Changeset 23334e967dd7 created a workaround for a namespace conflict
with Solaris and derivatives. After some discussion, the team decided
it would be best to move away from using the "M_" prefix for macros.
This patch was automatically generated by running:
perl -wpi -e 's/\bM_(\w+)\b/MUTT_$1/g' `find . -name '*.[ch]' -print`
with the exception that sys_socket.h was exempted. (That file will
be backed out subsequent to this commit.)
Thanks to Andras Salamon for supplying the perl script used to make
this change.
|
|
It turns out the output isn't necessarily null-terminated.
|
|
Generate a mutt_error(). Add a debugging function
ssl_dprint_err_stack() to dprint the ssl error stack.
|
|
Thanks to Yuan Kang and the security researchers at Columbia
University and the University of Virginia for reporting the bug.
|
|
Thanks to Moritz Barsnick for reporting these.
|
|
|
|
Currently, the SSL and TLS certficate prompts turn on
OPTUNBUFFEREDINPUT, (to prevent macros and such from running right
through the dialog). Unfortunately, the menu dialog processing in
menu_dialog_dokey() is using mutt_ungetch() to forward non-dialog keys
on to standard menu processing. With OPTUNBUFFEREDINPUT set, those keys
never make it to the menu and are buffered until after the menu dialog.
This patch creates a new event buffer, separate from the standard
"unget" buffer, for use by macros, exec, and push events. These events
can be temporarily ignored by setting OPTIGNOREMACROEVENTS (renamed
from OPTUNBUFFEREDINPUT), while continuing to allow unget events to be
processed.
Since the "push" and "unget" functions now go to different buffers,
function names were slightly renamed, to make it less easy to
unintentionally use the wrong function at the wrong time.
|
|
The menu type is used in several places as a direct index into
Keymaps[], so passing in -1 to mutt_new_menu() was leading to illegal
memory accesses later on.
Add a range check in mutt_new_menu(), defaulting to MENU_GENERIC, to
prevent this problem in the future.
|
|
These were suggested by TAKAHASHI Tamotsu.
|
|
Creates a $ssl_ciphers option that allows direct selection of the
ciphers for OpenSSL (via SSL_CTX_set_cipher_list) and GnuTLS (via
gnutls_priority_set_direct).
Thank you Sergio Gelato for the patch.
|
|
|
|
TLSv1_2_client_method() does not honor the SSL_OP_NO_TLS* flags.
closes #3612
|
|
see #3571
|
