[balsa/gtk3] Make SSL mandatory
- From: Peter Bloomfield <peterb src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [balsa/gtk3] Make SSL mandatory
- Date: Tue, 17 May 2016 01:16:18 +0000 (UTC)
commit 63d1d49c39b9cc14bc4e9054545624919c79ecef
Author: Peter Bloomfield <PeterBloomfield bellsouth net>
Date: Mon May 16 21:15:50 2016 -0400
Make SSL mandatory
* libbalsa/imap/md5-utils.c: remove.
* libbalsa/imap/md5-utils.h: ditto.
ChangeLog | 7 +
configure.ac | 58 +------
libbalsa/imap-server.c | 4 -
libbalsa/imap/Makefile.am | 2 -
libbalsa/imap/auth-cram.c | 29 ++--
libbalsa/imap/imap-handle.c | 22 ---
libbalsa/imap/imap-tls.c | 3 -
libbalsa/imap/imap_private.h | 7 +-
libbalsa/imap/md5-utils.c | 354 ------------------------------------------
libbalsa/imap/md5-utils.h | 60 -------
libbalsa/imap/pop3.c | 24 +--
libbalsa/imap/siobuf.c | 22 +---
libbalsa/imap/siobuf.h | 5 +-
libbalsa/libbalsa.c | 8 +-
libbalsa/libbalsa.h | 4 +-
libbalsa/send.c | 2 -
libbalsa/server.c | 6 -
src/mailbox-conf.c | 15 --
18 files changed, 44 insertions(+), 588 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 6931a22..b77f911 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2016-05-16 Albrecht Dreß
+ Make SSL mandatory
+
+ * libbalsa/imap/md5-utils.c: remove.
+ * libbalsa/imap/md5-utils.h: ditto.
+
+2016-05-16 Albrecht Dreß
+
With this patch, Balsa will pop up the key selection dialogue
containing /all/ keys which may be used for encryption in this
case. The user can either select a key, or cancel the
diff --git a/configure.ac b/configure.ac
index 2002402..9a2f696 100644
--- a/configure.ac
+++ b/configure.ac
@@ -180,11 +180,6 @@ AC_ARG_WITH([sqlite],
[Use SQLite for GPE address books (default=no)]),
[with_sqlite=$withval],[with_sqlite=no])
-AC_ARG_WITH(ssl,
- AC_HELP_STRING([--with-ssl],
- [Enable SSL (default=no)]),
- [ with_ssl=$withval ],[ with_ssl=no ])
-
AC_ARG_WITH(gmime,
AC_HELP_STRING([--with-gmime],
[Version of GMime 2.4, or 2.6 (default=detect)]),
@@ -679,49 +674,15 @@ fi
# OpenSSL configuration.
#
-
-AC_MSG_CHECKING([whether to build SSL support])
-if test "x$with_ssl" != xno ; then
-# openssl >=0.9.7 is pkg-config compatible.
- if pkg-config openssl >/dev/null 2>&1; then
- BALSA_LIBS="$BALSA_LIBS `pkg-config --libs openssl`"
- BALSA_CFLAGS="`pkg-config --cflags-only-I openssl` $BALSA_CFLAGS"
- AC_MSG_RESULT(yes)
- AC_DEFINE(USE_SSL,1,[Defined when SSL support is to be compiled.])
- AC_DEFINE(USE_TLS,USE_SSL,[Defined when TLS is to be enabled.])
- else
- if test -d $with_ssl && test -f "$with_ssl/include/openssl/ssl.h" ; then
- ssldir=$with_ssl
- else
- AC_TRY_COMPILE([#include <openssl/ssl.h>], ,
- ssldir=default,
- ssldir="")
- if test "x$ssldir" = x ; then
- for prefixdir in /usr /usr/local /usr/lib /usr/pkg /var /opt; do
- for dir in $prefixdir $prefixdir/openssl $prefixdir/ssl; do
- if test -f "$dir/include/openssl/ssl.h"; then
- ssldir=$dir
- fi
- done
- done
- fi
- fi
- if test -z "$ssldir"; then
- AC_MSG_ERROR([SSL requested but no SSL headers found.])
- else
- AC_MSG_RESULT(yes)
- BALSA_LIBS="$BALSA_LIBS -lssl -lcrypto"
- if test "x$ssldir" != xdefault ; then
- BALSA_CFLAGS="-I${ssldir}/include $BALSA_CFLAGS"
- fi
- ac_cv_path_openssl=$ssldir
- AC_DEFINE(USE_SSL,1,[Defined when SSL support is to be compiled.])
- AC_DEFINE(USE_TLS,USE_SSL,[Defined when TLS is to be enabled.])
- fi
- fi
-else
- AC_MSG_RESULT(no)
-fi
+PKG_CHECK_MODULES(OPENSSL, [openssl],
+ [BALSA_CFLAGS="$OPENSSL_CFLAGS $BALSA_CFLAGS"
+ BALSA_LIBS="$OPENSSL_LIBS $BALSA_LIBS"],
+ [ AC_CHECK_HEADERS([openssl/ssl.h], [],
+ [AC_MSG_ERROR([OpenSSL headers not found])], [])
+ AC_SEARCH_LIBS(SSL_library_init, ssl,
+ [BALSA_LIBS="$BALSA_LIBS -lssl -lcrypto"],
+ [AC_MSG_ERROR([libssl not found])], [-lcrypto]) ]
+)
# KRB5/GSSAPI configuration.
#
@@ -1036,7 +997,6 @@ echo " Use GPGME: $gpgmecfg"
echo " Use LDAP: $with_ldap"
echo " Use GSS: $with_gss"
echo " Use SQLite: $with_sqlite"
-echo " Use SSL: $with_ssl"
echo " Use GtkSpell: $with_gtkspell"
echo " Use Libnotify: $with_libnotify"
echo " Use GtkSourceView: $with_gtksourceview"
diff --git a/libbalsa/imap-server.c b/libbalsa/imap-server.c
index 01d5b89..2f74567 100644
--- a/libbalsa/imap-server.c
+++ b/libbalsa/imap-server.c
@@ -47,11 +47,7 @@
#include "imap-commands.h"
#include <glib/gi18n.h>
-#ifdef USE_TLS
#define REQ_SSL(s) (LIBBALSA_SERVER(s)->use_ssl)
-#else
-#define REQ_SSL(s) (0)
-#endif
/** wait 60 seconds for packets */
#define IMAP_CMD_TIMEOUT (60*1000)
diff --git a/libbalsa/imap/Makefile.am b/libbalsa/imap/Makefile.am
index abf56bf..7e94e95 100644
--- a/libbalsa/imap/Makefile.am
+++ b/libbalsa/imap/Makefile.am
@@ -32,8 +32,6 @@ libimap_a_SOURCES = \
libimap-marshal.c \
libimap-marshal.h \
libimap.h \
- md5-utils.c \
- md5-utils.h \
pop3.c \
pop3.h \
siobuf.c \
diff --git a/libbalsa/imap/auth-cram.c b/libbalsa/imap/auth-cram.c
index e51d63c..41c0543 100644
--- a/libbalsa/imap/auth-cram.c
+++ b/libbalsa/imap/auth-cram.c
@@ -26,9 +26,9 @@
#include <stdlib.h>
#include <string.h>
#include <glib.h>
+#include <openssl/evp.h>
#include "imap-auth.h"
-#include "md5-utils.h"
#include "util.h"
#include "imap_private.h"
@@ -132,10 +132,9 @@ static void
hmac_md5 (const char* password, char* challenge,
unsigned char* response)
{
- MD5Context ctx;
+ EVP_MD_CTX ctx;
unsigned char ipad[MD5_BLOCK_LEN], opad[MD5_BLOCK_LEN];
unsigned char secret[MD5_BLOCK_LEN+1];
- unsigned char hash_passwd[MD5_DIGEST_LEN];
unsigned int secret_len, chal_len;
int i;
@@ -145,11 +144,9 @@ hmac_md5 (const char* password, char* challenge,
/* passwords longer than MD5_BLOCK_LEN bytes are substituted with their MD5
* digests */
if (secret_len > MD5_BLOCK_LEN) {
- md5_init (&ctx);
- md5_update (&ctx, (unsigned char*) password, secret_len);
- md5_final (&ctx, hash_passwd);
- strncpy ((char*) secret, (char*) hash_passwd, MD5_DIGEST_LEN);
- secret_len = MD5_DIGEST_LEN;
+ EVP_DigestInit(&ctx, EVP_md5());
+ EVP_DigestUpdate(&ctx, (const unsigned char*) password, secret_len);
+ EVP_DigestFinal(&ctx, secret, &secret_len);
}
else
strncpy ((char *) secret, password, sizeof (secret));
@@ -165,14 +162,14 @@ hmac_md5 (const char* password, char* challenge,
}
/* inner hash: challenge and ipadded secret */
- md5_init (&ctx);
- md5_update (&ctx, ipad, MD5_BLOCK_LEN);
- md5_update (&ctx, (unsigned char*) challenge, chal_len);
- md5_final (&ctx, response);
+ EVP_DigestInit(&ctx, EVP_md5());
+ EVP_DigestUpdate(&ctx, ipad, MD5_BLOCK_LEN);
+ EVP_DigestUpdate(&ctx, (unsigned char*) challenge, chal_len);
+ EVP_DigestFinal(&ctx, response, NULL);
/* outer hash: inner hash and opadded secret */
- md5_init (&ctx);
- md5_update (&ctx, opad, MD5_BLOCK_LEN);
- md5_update (&ctx, response, MD5_DIGEST_LEN);
- md5_final (&ctx, response);
+ EVP_DigestInit(&ctx, EVP_md5());
+ EVP_DigestUpdate(&ctx, opad, MD5_BLOCK_LEN);
+ EVP_DigestUpdate(&ctx, response, chal_len);
+ EVP_DigestFinal(&ctx, response, NULL);
}
diff --git a/libbalsa/imap/imap-handle.c b/libbalsa/imap/imap-handle.c
index a932381..b38c86c 100644
--- a/libbalsa/imap/imap-handle.c
+++ b/libbalsa/imap/imap-handle.c
@@ -42,10 +42,8 @@
#include <resolv.h>
#endif /* defined(HAVE_RES_INIT) */
-#if defined(USE_TLS)
#include <openssl/ssl.h>
#include <openssl/err.h>
-#endif
#include "libimap-marshal.h"
#include "imap-auth.h"
@@ -149,9 +147,7 @@ imap_mbox_handle_init(ImapMboxHandle *handle)
handle->msg_cache = NULL;
handle->flag_cache= g_array_new(FALSE, TRUE, sizeof(ImapFlagCache));
handle->doing_logout = FALSE;
-#ifdef USE_TLS
handle->using_tls = 0;
-#endif
handle->tls_mode = IMAP_TLS_ENABLED;
handle->idle_state = IDLE_INACTIVE;
handle->cmd_info = NULL;
@@ -592,15 +588,7 @@ imap_mbox_handle_connect(ImapMboxHandle* ret, const char *host, int over_ssl)
g_return_val_if_fail(imap_mbox_is_disconnected(ret), IMAP_CONNECT_FAILED);
HANDLE_LOCK(ret);
-#if !defined(USE_TLS)
- if(over_ssl) {
- imap_mbox_handle_set_msg(ret,"SSL requested but SSL support not compiled");
- HANDLE_UNLOCK(ret);
- return IMAP_UNSECURE;
- }
-#else
ret->over_ssl = over_ssl;
-#endif
g_free(ret->host); ret->host = g_strdup(host);
@@ -790,10 +778,8 @@ imap_mbox_connect(ImapMboxHandle* handle)
imap_compress_release(&handle->compress);
}
-#ifdef USE_TLS
handle->using_tls = 0;
if(handle->over_ssl) service = "imaps";
-#endif
handle->sd = imap_socket_open(handle->host, service);
if(handle->sd<0)
@@ -810,7 +796,6 @@ imap_mbox_connect(ImapMboxHandle* handle)
sio_set_timeout(handle->sio, handle->timeout);
sio_set_timeoutcb(handle->sio, imap_timeout_cb, handle);
}
-#ifdef USE_TLS
if(handle->over_ssl) {
SSL *ssl = imap_create_ssl();
if(!ssl) {
@@ -826,7 +811,6 @@ imap_mbox_connect(ImapMboxHandle* handle)
return IMAP_UNSECURE;
}
}
-#endif
if(handle->monitor_cb)
sio_set_monitorcb(handle->sio, handle->monitor_cb, handle->monitor_arg);
@@ -839,7 +823,6 @@ imap_mbox_connect(ImapMboxHandle* handle)
}
handle->can_fetch_body =
(strncmp(handle->last_msg, "Microsoft Exchange", 18) != 0);
-#if defined(USE_TLS)
if(handle->over_ssl)
resp = IMR_OK; /* secured already with SSL */
else if(handle->tls_mode != IMAP_TLS_DISABLED &&
@@ -851,9 +834,6 @@ imap_mbox_connect(ImapMboxHandle* handle)
resp = IMR_OK; /* secured with TLS */
} else
resp = IMR_NO; /* not over SSL and TLS unavailable */
-#else
- resp = IMR_NO;
-#endif
if(handle->tls_mode == IMAP_TLS_REQUIRED && resp != IMR_OK) {
imap_mbox_handle_set_msg(handle,"TLS required but not available");
return IMAP_UNSECURE;
@@ -2010,7 +1990,6 @@ imap_cmd_step(ImapMboxHandle* handle, unsigned lastcmd)
g_return_val_if_fail(handle, IMR_BAD);
g_return_val_if_fail(handle->state != IMHS_DISCONNECTED, IMR_BAD);
-#ifdef USE_TLS
if(ERR_peek_error()) {
fprintf(stderr, "OpenSSL error in %s():\n", __FUNCTION__);
ERR_print_errors_fp(stderr);
@@ -2018,7 +1997,6 @@ imap_cmd_step(ImapMboxHandle* handle, unsigned lastcmd)
imap_handle_disconnect(handle);
return IMR_SEVERED;
}
-#endif
ci = cmdi_find_by_no(handle->cmd_info, lastcmd);
if(ci && ci->completed) {
/* The response to this command has been encountered earlier,
diff --git a/libbalsa/imap/imap-tls.c b/libbalsa/imap/imap-tls.c
index 67ce894..ca994ae 100644
--- a/libbalsa/imap/imap-tls.c
+++ b/libbalsa/imap/imap-tls.c
@@ -44,8 +44,6 @@
#include "config.h"
-#ifdef USE_TLS
-
#include <string.h>
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
@@ -400,4 +398,3 @@ imap_handle_starttls(ImapMboxHandle *handle)
return IMR_NO;
}
}
-#endif /* USE_TLS */
diff --git a/libbalsa/imap/imap_private.h b/libbalsa/imap/imap_private.h
index 64adf7b..018845c 100644
--- a/libbalsa/imap/imap_private.h
+++ b/libbalsa/imap/imap_private.h
@@ -20,6 +20,7 @@
*/
#include <glib-object.h>
+#include <openssl/ssl.h>
#include "config.h"
@@ -152,12 +153,9 @@ struct _ImapMboxHandle {
gulong quota_used_k; /**< used quota in kByte */
gchar *quota_root;
- /* conditional stuff at the end for the safety. */
-#ifdef USE_TLS
unsigned over_ssl:1; /* transmission is to be made over SSL-protected
* connection, usually to imaps port. */
unsigned using_tls:1;
-#endif
};
#define IMAP_MBOX_IS_DISCONNECTED(h) ((h)->state == IMHS_DISCONNECTED)
@@ -215,12 +213,9 @@ ImapResponse imap_search_exec_unlocked(ImapMboxHandle *h, gboolean uid,
ImapResponse imap_assure_needed_flags(ImapMboxHandle *h,
ImapMsgFlag needed_flags);
-#ifdef USE_TLS
-#include <openssl/ssl.h>
SSL* imap_create_ssl(void);
int imap_setup_ssl(struct siobuf *sio, const char* host, SSL *ssl,
ImapUserCb user_cb, void *user_arg);
-#endif
void imap_handle_disconnect(ImapMboxHandle *h);
ImapConnectionState imap_mbox_handle_get_state(ImapMboxHandle *h);
diff --git a/libbalsa/imap/pop3.c b/libbalsa/imap/pop3.c
index acb4495..fb74863 100644
--- a/libbalsa/imap/pop3.c
+++ b/libbalsa/imap/pop3.c
@@ -29,15 +29,13 @@
#include <string.h>
#include <unistd.h>
-#if defined(USE_TLS)
#include <openssl/ssl.h>
+#include <openssl/evp.h>
#include <openssl/err.h>
-#endif
#include "pop3.h"
#include "siobuf.h"
#include "imap_private.h"
-#include "md5-utils.h"
#define ELEMENTS(x) (sizeof (x) / sizeof(x[0]))
@@ -194,7 +192,7 @@ pop_check_status(PopHandle *pop, GError **err)
"POP3 connection severed");
return FALSE;
}
-
+
if(strncmp(buf, "+OK", 3) == 0)
res = TRUE;
/*
@@ -311,16 +309,16 @@ get_apop_stamp(const char *greeting, char *stamp)
static void
compute_auth_hash(char *stamp, char *hash, const char *passwd)
{
- MD5Context mdContext;
+ EVP_MD_CTX ctx;
register unsigned char *dp;
register char *cp;
unsigned char *ep;
unsigned char digest[16];
- md5_init(&mdContext);
- md5_update(&mdContext, (unsigned char *)stamp, strlen(stamp));
- md5_update(&mdContext, (unsigned char *)passwd, strlen(passwd));
- md5_final(&mdContext, digest);
+ EVP_DigestInit(&ctx, EVP_md5());
+ EVP_DigestUpdate(&ctx, stamp, strlen(stamp));
+ EVP_DigestUpdate(&ctx, passwd, strlen(passwd));
+ EVP_DigestFinal(&ctx, digest, NULL);
cp = hash;
dp = digest;
@@ -431,7 +429,6 @@ pop_authenticate(PopHandle *pop, const char *greeting, GError **err)
===================================================================
*/
-#ifdef USE_TLS
static gboolean
pop_stls(PopHandle *pop, GError **err)
{
@@ -457,7 +454,6 @@ pop_stls(PopHandle *pop, GError **err)
return FALSE;
}
}
-#endif
static gboolean
parse_list_response(PopHandle *pop, char *line, ssize_t sz, GError **err)
@@ -504,9 +500,7 @@ pop_connect(PopHandle *pop, const char *host, GError **err)
const char *service = "pop3";
char line[POP_LINE_LEN];
-#ifdef USE_TLS
if(pop->over_ssl) service = "pop3s";
-#endif
g_free(pop->host);
pop->host = g_strdup(host);
@@ -527,7 +521,6 @@ pop_connect(PopHandle *pop, const char *host, GError **err)
}
if(pop->timeout>0)
sio_set_timeout(pop->sio, pop->timeout);
-#ifdef USE_TLS
if(pop->over_ssl) {
SSL *ssl = imap_create_ssl();
if(!ssl || !imap_setup_ssl(pop->sio, pop->host, ssl,
@@ -539,7 +532,6 @@ pop_connect(PopHandle *pop, const char *host, GError **err)
return IMAP_UNSECURE;
}
}
-#endif
if(pop->monitor_cb)
sio_set_monitorcb(pop->sio, pop->monitor_cb, pop->monitor_arg);
@@ -554,12 +546,10 @@ pop_connect(PopHandle *pop, const char *host, GError **err)
else return FALSE;
}
-#ifdef USE_TLS
if(pop->tls_mode != IMAP_TLS_DISABLED && pop_can_do(pop, POP_CAP_STLS)) {
if(!pop_stls(pop, err)) /* TLS negotiation attempted.. */
return FALSE; /* .. but failed. */
}
-#endif
if(pop->tls_mode == IMAP_TLS_REQUIRED &&
!(pop->tls_enabled || pop->over_ssl) ) {
sio_detach(pop->sio); pop->sio = NULL; close(pop->sd);
diff --git a/libbalsa/imap/siobuf.c b/libbalsa/imap/siobuf.c
index f5f9bd1..fa21c03 100644
--- a/libbalsa/imap/siobuf.c
+++ b/libbalsa/imap/siobuf.c
@@ -40,15 +40,11 @@
#include <unistd.h>
#include <glib.h>
-#ifdef USE_TLS
-# include <openssl/ssl.h>
-#endif
+#include <openssl/ssl.h>
#include "siobuf.h"
-#ifdef USE_TLS
static int sio_sslpoll (struct siobuf *sio, int ret);
-#endif
/* Socket I/O buffering */
struct siobuf
@@ -78,9 +74,7 @@ struct siobuf
void *secarg;
timeoutcb_t timeout_cb; /* timeout (retry/abort) action callback */
void *timeout_arg; /* argument of timeout callback */
-#ifdef USE_TLS
SSL *ssl; /* The SSL connection */
-#endif
void *user_data;
};
@@ -142,7 +136,6 @@ sio_detach (struct siobuf *sio)
destroyed anyway. */
sio->timeout_cb = NULL;
sio->timeout_arg = NULL;
-#ifdef USE_TLS
if (sio->ssl != NULL)
{
int ret;
@@ -155,7 +148,6 @@ sio_detach (struct siobuf *sio)
SSL_free (sio->ssl);
sio->ssl = NULL;
}
-#endif
free (sio->read_buffer);
free (sio->write_buffer);
free (sio);
@@ -186,7 +178,6 @@ sio_set_timeout (struct siobuf *sio, int milliseconds)
assert (sio != NULL);
sio->milliseconds = milliseconds;
-#ifdef USE_TLS
if (sio->ssl != NULL)
{
long ssl_timeout;
@@ -197,10 +188,8 @@ sio_set_timeout (struct siobuf *sio, int milliseconds)
ssl_timeout = ((long) milliseconds + 999L) / 1000L;
SSL_SESSION_set_timeout (SSL_get_session (sio->ssl), ssl_timeout);
}
-#endif
}
-#ifdef USE_TLS
int
sio_set_tlsclient_ssl (struct siobuf *sio, SSL *ssl)
{
@@ -248,7 +237,6 @@ sio_set_tlsserver_ssl (struct siobuf *sio, SSL *ssl)
}
return sio->ssl != NULL;
}
-#endif
void
sio_set_securitycb (struct siobuf *sio,
@@ -275,7 +263,6 @@ sio_poll (struct siobuf *sio, int want_read, int want_write, int fast)
if (want_read && sio->read_unread > 0)
return SIO_READ;
-#ifdef USE_TLS
/* SSL_read() returns data a record at a time, however it is possible
that more than one record was read from the socket. If this happens
poll() will not report data waiting to be read but SSL_read() will
@@ -283,7 +270,6 @@ sio_poll (struct siobuf *sio, int want_read, int want_write, int fast)
*/
if (want_read && sio->ssl != NULL && SSL_pending (sio->ssl))
return SIO_READ;
-#endif
npoll = 0;
if (want_read)
@@ -328,7 +314,6 @@ sio_poll (struct siobuf *sio, int want_read, int want_write, int fast)
return (rval > 0) ? rval : -1;
}
-#ifdef USE_TLS
static int
sio_sslpoll (struct siobuf *sio, int ret)
{
@@ -355,7 +340,6 @@ sio_sslpoll (struct siobuf *sio, int ret)
}
return sio_poll (sio, want_read, want_write, 0);
}
-#endif
void
sio_write (struct siobuf *sio, const void *bufp, int buflen)
@@ -401,7 +385,6 @@ raw_write (struct siobuf *sio, const char *buf, int len)
assert (sio != NULL && buf != NULL);
for (total = 0; total < len; total += n)
-#ifdef USE_TLS
if (sio->ssl != NULL)
{
/* SSL_write() writes a record a time. The outer loop calls
@@ -413,7 +396,6 @@ raw_write (struct siobuf *sio, const char *buf, int len)
return n;
}
else
-#endif
{
/* Its conceiveable that write() actually writes less than
requested. The outer loop calls this until all of the write
@@ -545,7 +527,6 @@ raw_read (struct siobuf *sio, char *buf, int len)
assert (sio != NULL && buf != NULL && len > 0);
-#ifdef USE_TLS
if (sio->ssl != NULL)
{
/* SSL_read() reads complete records from the network and returns
@@ -559,7 +540,6 @@ raw_read (struct siobuf *sio, char *buf, int len)
break;
}
else
-#endif
{
pollfd.fd = sio->sdr;
pollfd.events = POLLIN;
diff --git a/libbalsa/imap/siobuf.h b/libbalsa/imap/siobuf.h
index 656d251..f5f1386 100644
--- a/libbalsa/imap/siobuf.h
+++ b/libbalsa/imap/siobuf.h
@@ -22,6 +22,8 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+#include <openssl/ssl.h>
+
typedef struct siobuf *siobuf_t;
#define SIO_BUFSIZE 2048 /* arbitrary, not too short, not too long */
@@ -81,9 +83,6 @@ int sio_printf(struct siobuf *sio, const char *format, ...)
void *sio_set_userdata (struct siobuf *sio, void *user_data);
void *sio_get_userdata (struct siobuf *io);
-
-#ifdef USE_TLS
int sio_set_tlsclient_ssl (struct siobuf *sio, SSL *ssl);
int sio_set_tlsserver_ssl (struct siobuf *sio, SSL *ssl);
#endif
-#endif
diff --git a/libbalsa/libbalsa.c b/libbalsa/libbalsa.c
index 3f7cfb2..73d19d5 100644
--- a/libbalsa/libbalsa.c
+++ b/libbalsa/libbalsa.c
@@ -33,6 +33,9 @@
#include <sys/stat.h>
#include <stdarg.h>
#include <unistd.h>
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
#ifdef HAVE_NOTIFY
#include <libnotify/notify.h>
@@ -364,10 +367,6 @@ libbalsa_ask(gboolean (*cb)(void *arg), void *arg)
#endif /* BALSA_USE_THREADS */
-#if defined(USE_SSL)
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
static int libbalsa_ask_for_cert_acceptance(X509 *cert,
const char *explanation);
static char*
@@ -622,7 +621,6 @@ libbalsa_ask_for_cert_acceptance(X509 *cert, const char *explanation)
acd.explanation = explanation;
return libbalsa_ask(ask_cert_real, &acd);
}
-#endif /* WITH_SSL */
static int
diff --git a/libbalsa/libbalsa.h b/libbalsa/libbalsa.h
index 7f29b65..1de129b 100644
--- a/libbalsa/libbalsa.h
+++ b/libbalsa/libbalsa.h
@@ -42,6 +42,7 @@ typedef struct _LibBalsaSmtpServer LibBalsaSmtpServer;
typedef struct _LibbalsaVfs LibbalsaVfs;
+#include <openssl/ssl.h>
#include "message.h"
#include "body.h"
#include "files.h"
@@ -132,11 +133,8 @@ gchar *libbalsa_guess_imap_inbox(void);
gchar* libbalsa_date_to_utf8(const time_t *date, const gchar *date_string);
LibBalsaMessageStatus libbalsa_get_icon_from_flags(LibBalsaMessageFlag flags);
-#ifdef USE_TLS
-#include <openssl/ssl.h>
gboolean libbalsa_is_cert_known(X509* cert, long vfy_result);
void libbalsa_certs_destroy(void);
-#endif
gboolean libbalsa_abort_on_timeout(const char *host);
diff --git a/libbalsa/send.c b/libbalsa/send.c
index ec54c8b..2122035 100644
--- a/libbalsa/send.c
+++ b/libbalsa/send.c
@@ -1168,7 +1168,6 @@ libbalsa_smtp_event_cb (smtp_session_t session, int event_no, void *arg, ...)
NULL, NULL, 0);
break;
-#ifdef USE_TLS
/* SMTP_TLS related things. Observe that we need to have SSL
* enabled in balsa to properly interpret libesmtp
* messages. */
@@ -1198,7 +1197,6 @@ libbalsa_smtp_event_cb (smtp_session_t session, int event_no, void *arg, ...)
*ok = 1;
break;
}
-#endif /* USE_TLS */
}
va_end (ap);
}
diff --git a/libbalsa/server.c b/libbalsa/server.c
index 4e82e7d..3ea7e37 100644
--- a/libbalsa/server.c
+++ b/libbalsa/server.c
@@ -34,9 +34,7 @@
#include <gnome-keyring.h>
#endif /* defined(HAVE_LIBSECRET) */
-#ifdef USE_TLS
#include <openssl/err.h>
-#endif
#include "libbalsa.h"
#include "libbalsa_private.h"
@@ -510,7 +508,6 @@ libbalsa_server_user_cb(ImapUserEventType ue, void *arg, ...)
break;
}
case IME_TLS_VERIFY_ERROR: {
-#ifdef USE_TLS
long vfy_result;
SSL *ssl;
X509 *cert;
@@ -527,9 +524,6 @@ libbalsa_server_user_cb(ImapUserEventType ue, void *arg, ...)
*ok = libbalsa_is_cert_known(cert, vfy_result);
X509_free(cert);
}
-#else
- g_warning("TLS error with TLS disabled!?");
-#endif
break;
}
case IME_TLS_NO_PEER_CERT: {
diff --git a/src/mailbox-conf.c b/src/mailbox-conf.c
index 7a1c985..96481c2 100644
--- a/src/mailbox-conf.c
+++ b/src/mailbox-conf.c
@@ -212,14 +212,6 @@ balsa_server_conf_get_advanced_widget(BalsaServerConf *bsc, LibBalsaServer *s,
box = gtk_box_new(GTK_ORIENTATION_VERTICAL, 0);
-#if !defined(USE_SSL)
- gtk_box_pack_start(GTK_BOX(box),
- gtk_label_new
- (_("Balsa was built without SSL support.\n"
- "Neither SSL nor TLS can be used.")),
- FALSE, FALSE, 0);
-#endif /* !defined(USE_SSL) */
-
bsc->grid = GTK_GRID(libbalsa_create_grid());
gtk_container_set_border_width(GTK_CONTAINER(bsc->grid), 12);
gtk_box_pack_start(GTK_BOX(box), GTK_WIDGET(bsc->grid),
@@ -230,9 +222,6 @@ balsa_server_conf_get_advanced_widget(BalsaServerConf *bsc, LibBalsaServer *s,
bsc->use_ssl = balsa_server_conf_add_checkbox(bsc, _("Use _SSL"));
if(use_ssl)
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(bsc->use_ssl), TRUE);
-#if !defined(USE_SSL)
- gtk_widget_set_sensitive(bsc->use_ssl, FALSE);
-#endif /* !defined(USE_SSL) */
label =
libbalsa_create_grid_label(_("Use _TLS:"), GTK_WIDGET(bsc->grid), 1);
@@ -251,10 +240,6 @@ balsa_server_conf_get_advanced_widget(BalsaServerConf *bsc, LibBalsaServer *s,
gtk_widget_show_all(GTK_WIDGET(bsc->grid));
bsc->used_rows = 2;
gtk_widget_set_sensitive(bsc->tls_option, !use_ssl);
-#if !defined(USE_TLS)
- gtk_widget_set_sensitive(label, FALSE);
- gtk_widget_set_sensitive(bsc->tls_option, FALSE);
-#endif /* !defined(USE_TLS) */
return box;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
