Re: [evolution-patches] ssl/tls patch (bug #65714)
- From: Not Zed <notzed ximian com>
- To: Jeffrey Stedfast <fejj ximian com>
- Cc: evolution-patches ximian com
- Subject: Re: [evolution-patches] ssl/tls patch (bug #65714)
- Date: Thu, 23 Sep 2004 10:43:10 +0800
On Wed, 2004-09-22 at 14:10 -0400, Jeffrey Stedfast wrote:
the camel-tls.patch patch replaces the previous ipv6 patch for the
providers
This patch should really be after the ipv6 one is applied and not
contain the same diffs in some cases. Its a bit hard to follow otherwise.
> --- ChangeLog 16 Sep 2004 14:45:54 -0000 1.481.2.1
> +++ ChangeLog 22 Sep 2004 18:00:14 -0000
> @@ -1,3 +1,7 @@
> +2004-09-22 Jeffrey Stedfast <
fejj novell com>
> +
> + * e-account.c: s/use_ssl/ssl_mode/
> +
> 2004-08-27 Not Zed <
NotZed Ximian com>
>
> * e-passwords.c (e_passwords_ask_password): return cancelled if
> Index: e-account.c
> ===================================================================
> RCS file: /cvs/gnome/evolution/e-util/e-account.c,v
> retrieving revision 1.10
> diff -u -r1.10 e-account.c
> --- e-account.c 9 Apr 2004 19:47:06 -0000 1.10
> +++ e-account.c 22 Sep 2004 18:00:14 -0000
> @@ -694,7 +694,7 @@
> { "imap_filter", 1<<EAP_FILTER_INBOX },
> { "imap_filter_junk", 1<<EAP_FILTER_JUNK },
> { "imap_filter_junk_inbox", 1<<EAP_FILTER_JUNK },
> - { "*_use_ssl", 1<<EAP_FORCE_SSL },
> + { "*_ssl_mode", 1<<EAP_FORCE_SSL },
I don't think we should change this at all if we can avoid it. This
impacts on the account configuration, and requires an incompatible
account data version change.
We can just use the old values and the old name, without any impact on
the actual function. The only side effect is that if you look at the
value inside gconf, which users shouldn't be anyway, it isn't as
self-describing.
> { "*_auth", 1<<EAP_LOCK_AUTH },
> };
>
>
>
> text/plain attachment (mail-tls.patch)
>
> ? camel-gpg.0.verify.data
> ? camel-gpg.0.verify.signature
> ? camel-gpg.1.verify.data
> ? camel-gpg.1.verify.signature
> ? evolution-mail-2.0.schemas
> ? mail-tls.patch
> Index: ChangeLog
> ===================================================================
> RCS file: /cvs/gnome/evolution/mail/ChangeLog,v
> retrieving revision 1.3444.2.9
> diff -u -r1.3444.2.9 ChangeLog
> --- ChangeLog 22 Sep 2004 01:31:16 -0000 1.3444.2.9
> +++ ChangeLog 22 Sep 2004 17:59:52 -0000
> @@ -1,3 +1,11 @@
> +2004-09-22 Jeffrey Stedfast <
fejj novell com>
> +
> + * mail-config.glade: Changed the names of the SSL mode option menus.
> +
> + * mail-account-gui.c (setup_service): Updated to use "ssl_mode" as
> + the uri param rather than "use_ssl" which isn't very accurate
> + anymore. Also provide backward compat with old scheme.
> +
> 2004-09-03 Not Zed <
NotZed Ximian com>
>
> ** See bug #65058.
> Index: mail-account-gui.c
> ===================================================================
> RCS file: /cvs/gnome/evolution/mail/mail-account-gui.c,v
> retrieving revision 1.171.14.2
> diff -u -r1.171.14.2 mail-account-gui.c
> --- mail-account-gui.c 16 Sep 2004 14:45:56 -0000 1.171.14.2
> +++ mail-account-gui.c 22 Sep 2004 17:59:52 -0000
> @@ -82,9 +82,9 @@
> char *label;
> char *value;
> } ssl_options[] = {
> - { N_("Always"), "always" },
> - { N_("Whenever Possible"), "when-possible" },
> - { N_("Never"), "never" }
> + { N_("SSL encryption"), "ssl" },
> + { N_("TLS encryption"), "tls" },
> + { N_("No encryption"), "clear" }
Again this is a version change for the account info.
> };
>
> static int num_ssl_options = sizeof (ssl_options) / sizeof (ssl_options[0]);
> @@ -670,8 +670,8 @@
> gtk_widget_set_sensitive ((GtkWidget *) gui->source.authtype, writeable);
> gtk_widget_set_sensitive ((GtkWidget *) gui->source.check_supported, writeable);
>
> - writeable = e_account_writable_option (gui->account, gui->source.provider->protocol, "use_ssl");
> - gtk_widget_set_sensitive ((GtkWidget *) gui->source.use_ssl, writeable);
> + writeable = e_account_writable_option (gui->account, gui->source.provider->protocol, "ssl_mode");
> + gtk_widget_set_sensitive ((GtkWidget *) gui->source.ssl_mode, writeable);
>
> writeable = e_account_writable (gui->account, E_ACCOUNT_SOURCE_SAVE_PASSWD);
> gtk_widget_set_sensitive ((GtkWidget *) gui->source.remember, writeable);
> @@ -799,8 +799,8 @@
> gtk_widget_set_sensitive ((GtkWidget *) gui->transport.authtype, writeable);
> gtk_widget_set_sensitive ((GtkWidget *) gui->transport.check_supported, writeable);
>
> - writeable = e_account_writable_option (gui->account, gui->transport.provider->protocol, "use_ssl");
> - gtk_widget_set_sensitive ((GtkWidget *) gui->transport.use_ssl, writeable);
> + writeable = e_account_writable_option (gui->account, gui->transport.provider->protocol, "ssl_mode");
> + gtk_widget_set_sensitive ((GtkWidget *) gui->transport.ssl_mode, writeable);
>
> writeable = e_account_writable (gui->account, E_ACCOUNT_TRANSPORT_SAVE_PASSWD);
> gtk_widget_set_sensitive ((GtkWidget *) gui->transport.remember, writeable);
> @@ -1382,19 +1382,28 @@
>
> if (gsvc->provider->flags & CAMEL_PROVIDER_SUPPORTS_SSL) {
> GList *children, *item;
> - const char *use_ssl;
> + const char *ssl_mode;
> int i;
>
> - use_ssl = camel_url_get_param (url, "use_ssl");
> - if (!use_ssl)
> - use_ssl = "never";
> - else if (!*use_ssl) /* old config code just used an empty string as the value */
> - use_ssl = "always";
> + if (!(ssl_mode = camel_url_get_param (url, "ssl_mode")))
> + ssl_mode = camel_url_get_param (url, "use_ssl");
>
> - children = gtk_container_get_children(GTK_CONTAINER (gtk_option_menu_get_menu (gsvc->use_ssl)));
> + /* backward compat */
> + if (!ssl_mode)
> + ssl_mode = "clear";
> + else if (!*ssl_mode) /* old config code just used an empty string as the value */
> + ssl_mode = "ssl";
> + else if (!strcmp (ssl_mode, "always"))
> + ssl_mode = "ssl";
> + else if (!strcmp (ssl_mode, "when-possible"))
> + ssl_mode = "tls";
> + else
> + ssl_mode = "clear";
> +
> + children = gtk_container_get_children(GTK_CONTAINER (gtk_option_menu_get_menu (gsvc->ssl_mode)));
> for (item = children, i = 0; item; item = item->next, i++) {
> - if (!strcmp (use_ssl, ssl_options[i].value)) {
> - gtk_option_menu_set_history (gsvc->use_ssl, i);
> + if (!strcmp (ssl_mode, ssl_options[i].value)) {
> + gtk_option_menu_set_history (gsvc->ssl_mode, i);
> g_signal_emit_by_name (item->data, "activate", gsvc);
> break;
> }
> @@ -1426,7 +1435,7 @@
> gtk_toggle_button_set_active (gsvc->remember, service->save_passwd);
>
> gtk_widget_set_sensitive((GtkWidget *)gsvc->authtype, e_account_writable_option(gui->account, gsvc->provider->protocol, "auth"));
> - gtk_widget_set_sensitive((GtkWidget *)gsvc->use_ssl, e_account_writable_option(gui->account, gsvc->provider->protocol, "use_ssl"));
> + gtk_widget_set_sensitive((GtkWidget *)gsvc->ssl_mode, e_account_writable_option(gui->account, gsvc->provider->protocol, "ssl_mode"));
>
> return has_auth;
> }
> @@ -1464,16 +1473,16 @@
>
> for (i = 0; i < num_ssl_options; i++) {
> item = gtk_menu_item_new_with_label (_(ssl_options[i].label));
> - g_object_set_data ((GObject *) item, "use_ssl", ssl_options[i].value);
> + g_object_set_data ((GObject *) item, "ssl_mode", ssl_options[i].value);
> g_signal_connect (item, "activate", G_CALLBACK (ssl_option_activate), service);
> gtk_widget_show (item);
> gtk_menu_shell_append(GTK_MENU_SHELL(menu), item);
> }
>
> - gtk_option_menu_remove_menu (service->use_ssl);
> - gtk_option_menu_set_menu (service->use_ssl, menu);
> + gtk_option_menu_remove_menu (service->ssl_mode);
> + gtk_option_menu_set_menu (service->ssl_mode, menu);
>
> - gtk_option_menu_set_history (service->use_ssl, i - 1);
> + gtk_option_menu_set_history (service->ssl_mode, i - 1);
> g_signal_emit_by_name (item, "activate", service);
> }
>
> @@ -1862,7 +1871,7 @@
> gui->source.ssl_frame = glade_xml_get_widget (gui->xml, "source_security_frame");
> gtk_widget_hide (gui->source.ssl_frame);
> gui->source.ssl_hbox = glade_xml_get_widget (gui->xml, "source_ssl_hbox");
> - gui->source.use_ssl = GTK_OPTION_MENU (glade_xml_get_widget (gui->xml, "source_use_ssl"));
> + gui->source.ssl_mode = GTK_OPTION_MENU (glade_xml_get_widget (gui->xml, "source_ssl_mode"));
> construct_ssl_menu (&gui->source);
> gui->source.no_ssl = glade_xml_get_widget (gui->xml, "source_ssl_disabled");
> gui->source.authtype = GTK_OPTION_MENU (glade_xml_get_widget (gui->xml, "source_auth_omenu"));
> @@ -1887,7 +1896,7 @@
> gui->transport.ssl_frame = glade_xml_get_widget (gui->xml, "transport_security_frame");
> gtk_widget_hide (gui->transport.ssl_frame);
> gui->transport.ssl_hbox = glade_xml_get_widget (gui->xml, "transport_ssl_hbox");
> - gui->transport.use_ssl = GTK_OPTION_MENU (glade_xml_get_widget (gui->xml, "transport_use_ssl"));
> + gui->transport.ssl_mode = GTK_OPTION_MENU (glade_xml_get_widget (gui->xml, "transport_ssl_mode"));
> construct_ssl_menu (&gui->transport);
> gui->transport.no_ssl = glade_xml_get_widget (gui->xml, "transport_ssl_disabled");
> gui->transport_needs_auth = GTK_TOGGLE_BUTTON (glade_xml_get_widget (gui->xml, "transport_needs_auth"));
> @@ -2187,8 +2196,8 @@
> gtk_widget_set_sensitive ((GtkWidget *) gui->source.authtype, writeable);
> gtk_widget_set_sensitive ((GtkWidget *) gui->source.check_supported, writeable);
>
> - writeable = e_account_writable_option (gui->account, gui->source.provider->protocol, "use_ssl");
> - gtk_widget_set_sensitive ((GtkWidget *) gui->source.use_ssl, writeable);
> + writeable = e_account_writable_option (gui->account, gui->source.provider->protocol, "ssl_mode");
> + gtk_widget_set_sensitive ((GtkWidget *) gui->source.ssl_mode, writeable);
>
> writeable = e_account_writable (gui->account, E_ACCOUNT_SOURCE_SAVE_PASSWD);
> gtk_widget_set_sensitive ((GtkWidget *) gui->source.remember, writeable);
> @@ -2205,8 +2214,8 @@
> gtk_widget_set_sensitive ((GtkWidget *) gui->transport.authtype, writeable);
> gtk_widget_set_sensitive ((GtkWidget *) gui->transport.check_supported, writeable);
>
> - writeable = e_account_writable_option (gui->account, gui->transport.provider->protocol, "use_ssl");
> - gtk_widget_set_sensitive ((GtkWidget *) gui->transport.use_ssl, writeable);
> + writeable = e_account_writable_option (gui->account, gui->transport.provider->protocol, "ssl_mode");
> + gtk_widget_set_sensitive ((GtkWidget *) gui->transport.ssl_mode, writeable);
>
> writeable = e_account_writable (gui->account, E_ACCOUNT_TRANSPORT_SAVE_PASSWD);
> gtk_widget_set_sensitive ((GtkWidget *) gui->transport.remember, writeable);
> @@ -2279,14 +2288,14 @@
> }
>
> if (gsvc->provider->flags & CAMEL_PROVIDER_SUPPORTS_SSL) {
> - const char *use_ssl;
> + const char *ssl_mode;
>
> - use_ssl = g_object_get_data(G_OBJECT(gsvc->ssl_selected), "use_ssl");
> + ssl_mode = g_object_get_data(G_OBJECT(gsvc->ssl_selected), "ssl_mode");
>
> - /* set the value to either "always" or "when-possible"
> - but don't bother setting it for "never" */
> - if (strcmp (use_ssl, "never"))
> - camel_url_set_param (url, "use_ssl", use_ssl);
> + /* set the value to either "ssl" or "tls"
> + but don't bother setting it for "clear" */
> + if (strcmp (ssl_mode, "clear") != 0)
> + camel_url_set_param (url, "ssl_mode", ssl_mode);
> }
>
> if (extra_config)
> Index: mail-account-gui.h
> ===================================================================
> RCS file: /cvs/gnome/evolution/mail/mail-account-gui.h,v
> retrieving revision 1.31
> diff -u -r1.31 mail-account-gui.h
> --- mail-account-gui.h 1 Apr 2004 19:47:06 -0000 1.31
> +++ mail-account-gui.h 22 Sep 2004 17:59:52 -0000
> @@ -44,7 +44,7 @@
> struct _GtkEntry *username;
> struct _GtkEntry *path;
> struct _GtkWidget *ssl_frame;
> - struct _GtkOptionMenu *use_ssl;
> + struct _GtkOptionMenu *ssl_mode;
> struct _GtkWidget *ssl_selected;
> struct _GtkWidget *ssl_hbox;
> struct _GtkWidget *no_ssl;
> Index: mail-config.glade
> ===================================================================
> RCS file: /cvs/gnome/evolution/mail/mail-config.glade,v
> retrieving revision 1.148.4.2
> diff -u -r1.148.4.2 mail-config.glade
> --- mail-config.glade 7 Sep 2004 21:06:39 -0000 1.148.4.2
> +++ mail-config.glade 22 Sep 2004 17:59:54 -0000
> @@ -1351,7 +1351,7 @@
> <property name="spacing">12</property>
>
> <child>
> - <widget class="GtkLabel" id="lblSourceUseSSL">
> + <widget class="GtkLabel" id="lblSourceSSLMode">
> <property name="visible">True</property>
> <property name="label" translatable="yes">_Use Secure Connection (SSL):</property>
> <property name="use_underline">True</property>
> @@ -1363,7 +1363,7 @@
> <property name="yalign">0.5</property>
> <property name="xpad">0</property>
> <property name="ypad">0</property>
> - <property name="mnemonic_widget">source_use_ssl</property>
> + <property name="mnemonic_widget">source_ssl_mode</property>
> </widget>
> <packing>
> <property name="padding">0</property>
> @@ -1373,7 +1373,7 @@
> </child>
>
> <child>
> - <widget class="GtkOptionMenu" id="source_use_ssl">
> + <widget class="GtkOptionMenu" id="source_ssl_mode">
> <property name="visible">True</property>
> <property name="can_focus">True</property>
> <property name="history">0</property>
> @@ -2313,7 +2313,7 @@
> <property name="spacing">12</property>
>
> <child>
> - <widget class="GtkLabel" id="lblTransportUseSSL">
> + <widget class="GtkLabel" id="lblTransportSSLMode">
> <property name="visible">True</property>
> <property name="label" translatable="yes">_Use Secure Connection (SSL):</property>
> <property name="use_underline">True</property>
> @@ -2325,7 +2325,7 @@
> <property name="yalign">0.5</property>
> <property name="xpad">0</property>
> <property name="ypad">0</property>
> - <property name="mnemonic_widget">transport_use_ssl</property>
> + <property name="mnemonic_widget">transport_ssl_mode</property>
> </widget>
> <packing>
> <property name="padding">0</property>
> @@ -2335,7 +2335,7 @@
> </child>
>
> <child>
> - <widget class="GtkOptionMenu" id="transport_use_ssl">
> + <widget class="GtkOptionMenu" id="transport_ssl_mode">
> <property name="visible">True</property>
> <property name="can_focus">True</property>
> <property name="history">0</property>
>
You're going to need another patch for HEAD since this has all
changed. It is a gtkcombobox now.
> text/plain attachment (camel-tls.patch)
>
> Index: providers/imap/camel-imap-store.c
> ===================================================================
> RCS file: /cvs/gnome/evolution/camel/providers/imap/camel-imap-store.c,v
> retrieving revision 1.300
> diff -u -r1.300 camel-imap-store.c
> --- providers/imap/camel-imap-store.c 24 Aug 2004 14:02:22 -0000 1.300
> +++ providers/imap/camel-imap-store.c 22 Sep 2004 18:02:38 -0000
> @@ -505,50 +505,36 @@
> }
>
> enum {
> - USE_SSL_NEVER,
> - USE_SSL_ALWAYS,
> - USE_SSL_WHEN_POSSIBLE
> + MODE_CLEAR,
> + MODE_SSL,
> + MODE_TLS,
> };
>
> #define SSL_PORT_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
> #define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
>
> static gboolean
> -connect_to_server (CamelService *service, int ssl_mode, int try_starttls, CamelException *ex)
> +connect_to_server (CamelService *service, struct addrinfo *ai, int ssl_mode, CamelException *ex)
> {
> CamelImapStore *store = (CamelImapStore *) service;
> CamelImapResponse *response;
> CamelStream *tcp_stream;
> CamelSockOptData sockopt;
> gboolean force_imap4 = FALSE;
> - struct hostent *h;
> - int clean_quit;
> - int port, ret;
> + int clean_quit, ret;
> char *buf;
>
> - if (!(h = camel_service_gethost (service, ex)))
> - return FALSE;
> -
> - port = service->url->port ? service->url->port : 143;
> -
> - if (ssl_mode != USE_SSL_NEVER) {
> + if (ssl_mode != MODE_CLEAR) {
> #ifdef HAVE_SSL
> - if (try_starttls) {
> - tcp_stream = camel_tcp_stream_ssl_new_raw (service->session, service->url->host, STARTTLS_FLAGS);
> + if (ssl_mode == MODE_TLS) {
> + tcp_stream = camel_tcp_stream_ssl_new (service->session, service->url->host, STARTTLS_FLAGS);
> } else {
> - port = service->url->port ? service->url->port : 993;
> tcp_stream = camel_tcp_stream_ssl_new (service->session, service->url->host, SSL_PORT_FLAGS);
> }
> #else
> - if (!try_starttls)
> - port = service->url->port ? service->url->port : 993;
> -
> camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
> - _("Could not connect to %s (port %d): %s"),
> - service->url->host, port,
> - _("SSL unavailable"));
> -
> - camel_free_host (h);
> + _("Could not connect to %s: %s"),
> + service->url->host, _("SSL unavailable"));
>
> return FALSE;
> #endif /* HAVE_SSL */
> @@ -556,16 +542,15 @@
> tcp_stream = camel_tcp_stream_raw_new ();
> }
>
> - ret = camel_tcp_stream_connect (CAMEL_TCP_STREAM (tcp_stream), h, port);
> - camel_free_host (h);
> - if (ret == -1) {
> + if ((ret = camel_tcp_stream_connect ((CamelTcpStream *) tcp_stream, ai)) == -1) {
> if (errno == EINTR)
> camel_exception_set (ex, CAMEL_EXCEPTION_USER_CANCEL,
> _("Connection cancelled"));
> else
> camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
> - _("Could not connect to %s (port %d): %s"),
> - service->url->host, port, g_strerror (errno));
> + _("Could not connect to %s: %s"),
> + service->url->host,
> + g_strerror (errno));
>
> camel_object_unref (tcp_stream);
>
> @@ -660,32 +645,18 @@
> store->server_level = IMAP_LEVEL_IMAP4;
> }
>
> -#ifdef HAVE_SSL
> - if (ssl_mode == USE_SSL_WHEN_POSSIBLE) {
> - if (store->capabilities & IMAP_CAPABILITY_STARTTLS)
> - goto starttls;
> - } else if (ssl_mode == USE_SSL_ALWAYS) {
> - if (try_starttls) {
> - if (store->capabilities & IMAP_CAPABILITY_STARTTLS) {
> - /* attempt to toggle STARTTLS mode */
> - goto starttls;
> - } else {
> - /* server doesn't support STARTTLS, abort */
> - camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
> - _("Failed to connect to IMAP server %s in secure mode: %s"),
> - service->url->host, _("SSL/TLS extension not supported."));
> - /* we have the possibility of quitting cleanly here */
> - clean_quit = TRUE;
> - goto exception;
> - }
> - }
> + if (ssl_mode != MODE_TLS) {
> + /* we're done */
> + return TRUE;
> }
> -#endif /* HAVE_SSL */
> -
> - return TRUE;
>
> -#ifdef HAVE_SSL
> - starttls:
> + if (!(store->capabilities & IMAP_CAPABILITY_STARTTLS)) {
> + camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
> + _("Failed to connect to IMAP server %s in secure mode: STARTTLS not supported"),
> + service->url->host);
> +
> + goto exception;
> + }
>
> /* as soon as we send a STARTTLS command, all hope is lost of a clean QUIT if problems arise */
> clean_quit = FALSE;
> @@ -750,7 +721,6 @@
> store->connected = FALSE;
>
> return FALSE;
> -#endif /* HAVE_SSL */
> }
>
> static gboolean
> @@ -898,60 +868,60 @@
>
> static struct {
> char *value;
> + char *serv;
> int mode;
> } ssl_options[] = {
> - { "", USE_SSL_ALWAYS },
> - { "always", USE_SSL_ALWAYS },
> - { "when-possible", USE_SSL_WHEN_POSSIBLE },
> - { "never", USE_SSL_NEVER },
> - { NULL, USE_SSL_NEVER },
> + { "", "993", MODE_SSL }, /* really old (1.x) */
> + { "ssl", "993", MODE_SSL },
> + { "always", "993", MODE_SSL }, /* old option (1.x) */
> + { "tls", "143", MODE_TLS },
> + { "when-possible", "143", MODE_TLS }, /* old option (1.x) */
> + { "clear", "143", MODE_CLEAR },
> + { "never", "143", MODE_CLEAR }, /* old option (1.x) */
> + { NULL, "143", MODE_CLEAR },
Don't use port numbers here. Thats the whole point of having the
service name. The port numbers could potentially be altered by the
local system administrator, they should not be hardcoded.
i.e. use imap and imaps as the service names like the ipv6 patch does.
> };
>
> static gboolean
> connect_to_server_wrapper (CamelService *service, CamelException *ex)
> {
> - const char *command;
> -#ifdef HAVE_SSL
> - const char *use_ssl;
> - int i, ssl_mode;
> -#endif
> - command = camel_url_get_param (service->url, "command");
> - if (command)
> + const char *command, *ssl_mode;
> + struct addrinfo hints, *ai;
> + char *serv = NULL;
> + int mode, ret, i;
> +
> + if ((command = camel_url_get_param (service->url, "command")))
> return connect_to_server_process (service, command, ex);
> -
> -#ifdef HAVE_SSL
> - use_ssl = camel_url_get_param (service->url, "use_ssl");
> - if (use_ssl) {
> +
> + if (service->url->port) {
> + serv = g_alloca (16);
> + sprintf (serv, "%d", service->url->port);
> + }
> +
> + if ((ssl_mode = camel_url_get_param (service->url, "ssl_mode"))
> + || (ssl_mode = camel_url_get_param (service->url,
"use_ssl"))) {
> for (i = 0; ssl_options[i].value; i++)
> - if (!strcmp (ssl_options[i].value, use_ssl))
> + if (!strcmp (ssl_options[i].value, ssl_mode))
> break;
> - ssl_mode = ssl_options[i].mode;
> - } else
> - ssl_mode = USE_SSL_NEVER;
> -
> - if (ssl_mode == USE_SSL_ALWAYS) {
> - /* First try the ssl port */
> - if (!connect_to_server (service, ssl_mode, FALSE, ex)) {
> - if (camel_exception_get_id (ex) == CAMEL_EXCEPTION_SERVICE_UNAVAILABLE) {
> - /* The ssl port seems to be unavailable, lets try STARTTLS */
> - camel_exception_clear (ex);
> - return connect_to_server (service, ssl_mode, TRUE, ex);
> - } else {
> - return FALSE;
> - }
> - }
> -
> - return TRUE;
> - } else if (ssl_mode == USE_SSL_WHEN_POSSIBLE) {
> - /* If the server supports STARTTLS, use it */
> - return connect_to_server (service, ssl_mode, TRUE, ex);
> + mode = ssl_options[i].mode;
> + if (!serv)
> + serv = ssl_options[i].serv;
> } else {
> - /* User doesn't care about SSL */
> - return connect_to_server (service, ssl_mode, FALSE, ex);
> + mode = MODE_CLEAR;
> + if (!serv)
> + serv = "143";
> }
This logic could be a little cleaner I think.
if (ssl_mode = camel_url_get_param("use_ssl")) {
for (i=...)
if ()
break;
} else {
i = last;
}
mode=table[i].mode
serv=table[i].serv
if (port)
then set serv<-port
> -#else
> - return connect_to_server (service, USE_SSL_NEVER, FALSE, ex);
> -#endif
> +
> + memset (&hints, 0, sizeof (hints));
> + hints.ai_socktype = SOCK_STREAM;
> + hints.ai_family = PF_UNSPEC;
> + if (!(ai = camel_getaddrinfo (service->url->host, serv, &hints, ex)))
> + return FALSE;
> + ret = connect_to_server (service, ai, mode, ex);
> +
> + camel_freeaddrinfo (ai);
> +
> + return ret;
> }
>
> extern CamelServiceAuthType camel_imap_password_authtype;
> Index: providers/imap4/camel-imap4-store.c
> ===================================================================
> RCS file: /cvs/gnome/evolution/camel/providers/imap4/camel-imap4-store.c,v
> retrieving revision 1.22
> diff -u -r1.22 camel-imap4-store.c
> --- providers/imap4/camel-imap4-store.c 3 Aug 2004 16:31:47 -0000 1.22
> +++ providers/imap4/camel-imap4-store.c 22 Sep 2004 18:02:38 -0000
> @@ -181,33 +181,34 @@
> }
>
> enum {
> - USE_SSL_NEVER,
> - USE_SSL_ALWAYS,
> - USE_SSL_WHEN_POSSIBLE
> + MODE_CLEAR,
> + MODE_SSL,
> + MODE_TLS,
> };
>
> #define SSL_PORT_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
> #define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
>
> static gboolean
> -connect_to_server (CamelIMAP4Engine *engine, struct hostent *host, int ssl_mode, int try_starttls, CamelException *ex)
> +connect_to_server (CamelIMAP4Engine *engine, struct addrinfo *ai, int ssl_mode, CamelException *ex)
> {
> CamelService *service = engine->service;
> CamelStream *tcp_stream;
> - int port, ret;
> + CamelIMAP4Command *ic;
> + int port, id, ret;
>
> port = service->url->port ? service->url->port : 143;
>
> - if (ssl_mode) {
> + if (ssl_mode != MODE_CLEAR) {
> #ifdef HAVE_SSL
> - if (try_starttls) {
> + if (ssl_mode == MODE_TLS) {
> tcp_stream = camel_tcp_stream_ssl_new (service->session, service->url->host, STARTTLS_FLAGS);
> } else {
> port = service->url->port ? service->url->port : 993;
> tcp_stream = camel_tcp_stream_ssl_new (service->session, service->url->host, SSL_PORT_FLAGS);
> }
> #else
> - if (!try_starttls)
> + if (ssl_mode == MODE_SSL)
> port = service->url->port ? service->url->port : 993;
>
> camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
> @@ -221,7 +222,7 @@
> tcp_stream = camel_tcp_stream_raw_new ();
> }
>
> - if ((ret = camel_tcp_stream_connect ((CamelTcpStream *) tcp_stream, host, port)) == -1) {
> + if ((ret = camel_tcp_stream_connect ((CamelTcpStream *) tcp_stream, ai)) == -1) {
> if (errno == EINTR)
> camel_exception_set (ex, CAMEL_EXCEPTION_USER_CANCEL,
> _("Connection cancelled"));
> @@ -242,111 +243,94 @@
> if (camel_imap4_engine_capability (engine, ex) == -1)
> return FALSE;
>
> -#ifdef HAVE_SSL
> - if (ssl_mode == USE_SSL_WHEN_POSSIBLE) {
> - /* try_starttls is always TRUE here */
> - if (engine->capa & CAMEL_IMAP4_CAPABILITY_STARTTLS)
> - goto starttls;
> - } else if (ssl_mode == USE_SSL_ALWAYS) {
> - if (try_starttls) {
> - if (engine->capa & CAMEL_IMAP4_CAPABILITY_STARTTLS) {
> - goto starttls;
> - } else {
> - /* server doesn't support STARTTLS, abort */
> - camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
> - _("Failed to connect to IMAP server %s in secure mode: "
> - "Server does not support STARTTLS"),
> - service->url->host);
> - return FALSE;
> - }
> - }
> + if (ssl_mode != MODE_TLS) {
> + /* we're done */
> + return TRUE;
> }
> -#endif /* HAVE_SSL */
>
> - return TRUE;
> -
> -#ifdef HAVE_SSL
> - starttls:
> + if (!(engine->capa & CAMEL_IMAP4_CAPABILITY_STARTTLS)) {
> + camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
> + _("Failed to connect to IMAP server %s in secure mode: %s"),
> + service->url->host, _("SSL negotiations failed"));
> +
> + return FALSE;
> + }
>
> - if (1) {
> - CamelIMAP4Command *ic;
> - int id;
> -
> - ic = camel_imap4_engine_prequeue (engine, NULL, "STARTTLS\r\n");
> - while ((id = camel_imap4_engine_iterate (engine)) < ic->id && id != -1)
> - ;
> -
> - if (id == -1 || ic->result != CAMEL_IMAP4_RESULT_OK) {
> - if (ic->result != CAMEL_IMAP4_RESULT_OK) {
> - camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
> - _("Failed to connect to IMAP server %s in secure mode: %s"),
> - service->url->host, _("Unknown error"));
> - } else {
> - camel_exception_xfer (ex, &ic->ex);
> - }
> -
> - camel_imap4_command_unref (ic);
> -
> - return FALSE;
> + ic = camel_imap4_engine_prequeue (engine, NULL, "STARTTLS\r\n");
> + while ((id = camel_imap4_engine_iterate (engine)) < ic->id && id != -1)
> + ;
> +
> + if (id == -1 || ic->result != CAMEL_IMAP4_RESULT_OK) {
> + if (ic->result != CAMEL_IMAP4_RESULT_OK) {
> + camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
> + _("Failed to connect to IMAP server %s in secure mode: %s"),
> + service->url->host, _("Unknown error"));
> + } else {
> + camel_exception_xfer (ex, &ic->ex);
> }
>
> camel_imap4_command_unref (ic);
> +
> + return FALSE;
> }
>
> + camel_imap4_command_unref (ic);
> +
> return TRUE;
> -#endif /* HAVE_SSL */
> }
>
> static struct {
> char *value;
> + char *serv;
> int mode;
> } ssl_options[] = {
> - { "", USE_SSL_ALWAYS },
> - { "always", USE_SSL_ALWAYS },
> - { "when-possible", USE_SSL_WHEN_POSSIBLE },
> - { "never", USE_SSL_NEVER },
> - { NULL, USE_SSL_NEVER },
> + { "", "993", MODE_SSL }, /* really old (1.x) */
> + { "ssl", "993", MODE_SSL },
> + { "always", "993", MODE_SSL }, /* old option (1.x) */
> + { "tls", "143", MODE_TLS },
> + { "when-possible", "143", MODE_TLS }, /* old option (1.x) */
> + { "clear", "143", MODE_CLEAR },
> + { "never", "143", MODE_CLEAR }, /* old option (1.x) */
> + { NULL, "143", MODE_CLEAR },
> };
Same.
> static gboolean
> connect_to_server_wrapper (CamelIMAP4Engine *engine, CamelException *ex)
> {
> CamelService *service = engine->service;
> - const char *use_ssl;
> - struct hostent *h;
> - int ssl_mode;
> - int ret, i;
> -
> - if (!(h = camel_service_gethost (service, ex)))
> - return FALSE;
> + struct addrinfo *ai, hints;
> + const char *ssl_mode;
> + char *serv = NULL;
> + int mode, ret, i;
> +
> + if (service->url->port) {
> + serv = g_alloca (16);
> + sprintf (serv, "%d", service->url->port);
> + }
>
> - if ((use_ssl = camel_url_get_param (service->url, "use_ssl"))) {
> + if ((ssl_mode = camel_url_get_param (service->url, "ssl_mode"))
> + || (ssl_mode = camel_url_get_param (service->url, "use_ssl"))) {
> for (i = 0; ssl_options[i].value; i++)
> - if (!strcmp (ssl_options[i].value, use_ssl))
> + if (!strcmp (ssl_options[i].value, ssl_mode))
> break;
> - ssl_mode = ssl_options[i].mode;
> + mode = ssl_options[i].mode;
> + if (!serv)
> + serv = ssl_options[i].serv;
> } else {
> - ssl_mode = USE_SSL_NEVER;
> + mode = MODE_CLEAR;
> + if (!serv)
> + serv = "143";
> }
>
> - if (ssl_mode == USE_SSL_ALWAYS) {
> - /* First try the ssl port */
> - if (!(ret = connect_to_server (engine, h, ssl_mode, FALSE, ex))) {
> - if (camel_exception_get_id (ex) == CAMEL_EXCEPTION_SERVICE_UNAVAILABLE) {
> - /* The ssl port seems to be unavailable, lets try STARTTLS */
> - camel_exception_clear (ex);
> - ret = connect_to_server (engine, h, ssl_mode, TRUE, ex);
> - }
> - }
> - } else if (ssl_mode == USE_SSL_WHEN_POSSIBLE) {
> - /* If the server supports STARTTLS, use it */
> - ret = connect_to_server (engine, h, ssl_mode, TRUE, ex);
> - } else {
> - /* User doesn't care about SSL */
> - ret = connect_to_server (engine, h, USE_SSL_NEVER, FALSE, ex);
> - }
> + memset (&hints, 0, sizeof (hints));
> + hints.ai_socktype = SOCK_STREAM;
> + hints.ai_family = PF_UNSPEC;
> + if (!(ai = camel_getaddrinfo (service->url->host, serv, &hints, ex)))
> + return FALSE;
> +
> + ret = connect_to_server (engine, ai, mode, ex);
>
> - camel_free_host (h);
> + camel_freeaddrinfo (ai);
>
> return ret;
> }
> Index: providers/nntp/camel-nntp-store.c
> ===================================================================
> RCS file: /cvs/gnome/evolution/camel/providers/nntp/camel-nntp-store.c,v
> retrieving revision 1.65.14.1
> diff -u -r1.65.14.1 camel-nntp-store.c
> --- providers/nntp/camel-nntp-store.c 16 Sep 2004 14:45:54 -0000 1.65.14.1
> +++ providers/nntp/camel-nntp-store.c 22 Sep 2004 18:02:38 -0000
> @@ -81,12 +81,6 @@
> return TRUE;
> }
>
> -enum {
> - USE_SSL_NEVER,
> - USE_SSL_ALWAYS,
> - USE_SSL_WHEN_POSSIBLE
> -};
> -
> static struct {
> const char *name;
> int type;
> @@ -153,8 +147,17 @@
> return ret;
> }
>
> +enum {
> + MODE_CLEAR,
> + MODE_SSL,
> + MODE_TLS,
> +};
> +
> +#define SSL_PORT_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
> +#define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
> +
> static gboolean
> -connect_to_server (CamelService *service, int ssl_mode, CamelException *ex)
> +connect_to_server (CamelService *service, struct addrinfo *ai, int ssl_mode, CamelException *ex)
> {
> CamelNNTPStore *store = (CamelNNTPStore *) service;
> CamelDiscoStore *disco_store = (CamelDiscoStore*) service;
> @@ -162,8 +165,7 @@
> gboolean retval = FALSE;
> unsigned char *buf;
> unsigned int len;
> - struct hostent *h;
> - int port, ret;
> + int ret;
> char *path;
>
> CAMEL_NNTP_STORE_LOCK(store, command_lock);
> @@ -182,32 +184,33 @@
> camel_data_cache_set_expire_access (store->cache, 60*60*24*5);
> }
>
> - if (!(h = camel_service_gethost (service, ex)))
> - goto fail;
> -
> - port = service->url->port ? service->url->port : NNTP_PORT;
> -
> + if (ssl_mode != MODE_CLEAR) {
> #ifdef HAVE_SSL
> - if (ssl_mode != USE_SSL_NEVER) {
> - port = service->url->port ? service->url->port : NNTPS_PORT;
> - tcp_stream = camel_tcp_stream_ssl_new (service->session, service->url->host, CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3);
> + if (ssl_mode == MODE_TLS) {
> + tcp_stream = camel_tcp_stream_ssl_new (service->session, service->url->host, STARTTLS_FLAGS);
> + } else {
> + tcp_stream = camel_tcp_stream_ssl_new (service->session, service->url->host, SSL_PORT_FLAGS);
> + }
> +#else
> + camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
> + _("Could not connect to %s: %s"),
> + service->url->host, _("SSL unavailable"));
> +
> + goto fail;
> +#endif /* HAVE_SSL */
> } else {
> tcp_stream = camel_tcp_stream_raw_new ();
> }
> -#else
> - tcp_stream = camel_tcp_stream_raw_new ();
> -#endif /* HAVE_SSL */
>
> - ret = camel_tcp_stream_connect (CAMEL_TCP_STREAM (tcp_stream), h, port);
> - camel_free_host (h);
> - if (ret == -1) {
> + if ((ret = camel_tcp_stream_connect ((CamelTcpStream *) tcp_stream, ai)) == -1) {
> if (errno == EINTR)
> camel_exception_set (ex, CAMEL_EXCEPTION_USER_CANCEL,
> _("Connection cancelled"));
> else
> camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
> - _("Could not connect to %s (port %d): %s"),
> - service->url->host, port, g_strerror (errno));
> + _("Could not connect to %s: %s"),
> + service->url->host,
> + g_strerror (errno));
>
> camel_object_unref (tcp_stream);
>
> @@ -269,54 +272,57 @@
>
> static struct {
> char *value;
> + char *serv;
> int mode;
> } ssl_options[] = {
> - { "", USE_SSL_ALWAYS },
> - { "always", USE_SSL_ALWAYS },
> - { "when-possible", USE_SSL_WHEN_POSSIBLE },
> - { "never", USE_SSL_NEVER },
> - { NULL, USE_SSL_NEVER },
> + { "", "563", MODE_SSL }, /* really old (1.x) */
> + { "ssl", "563", MODE_SSL },
> + { "always", "563", MODE_SSL }, /* old option (1.x) */
> + { "tls", "119", MODE_TLS },
> + { "when-possible", "119", MODE_TLS }, /* old option (1.x) */
> + { "clear", "119", MODE_CLEAR },
> + { "never", "119", MODE_CLEAR }, /* old option (1.x) */
> + { NULL, "119", MODE_CLEAR },
> };
nntp and nntps
> static gboolean
> nntp_connect_online (CamelService *service, CamelException *ex)
> {
> -#ifdef HAVE_SSL
> - const char *use_ssl;
> - int i, ssl_mode;
> + struct addrinfo hints, *ai;
> + const char *ssl_mode;
> + char *serv = NULL;
> + int mode, ret, i;
> +
> + if (service->url->port) {
> + serv = g_alloca (16);
> + sprintf (serv, "%d", service->url->port);
> + }
>
> - use_ssl = camel_url_get_param (service->url, "use_ssl");
> - if (use_ssl) {
> + if ((ssl_mode = camel_url_get_param (service->url, "ssl_mode"))
> + || (ssl_mode = camel_url_get_param (service->url, "use_ssl"))) {
> for (i = 0; ssl_options[i].value; i++)
> - if (!strcmp (ssl_options[i].value, use_ssl))
> + if (!strcmp (ssl_options[i].value, ssl_mode))
> break;
> - ssl_mode = ssl_options[i].mode;
> - } else
> - ssl_mode = USE_SSL_NEVER;
> -
> - if (ssl_mode == USE_SSL_ALWAYS) {
> - /* Connect via SSL */
> - return connect_to_server (service, ssl_mode, ex);
> - } else if (ssl_mode == USE_SSL_WHEN_POSSIBLE) {
> - /* If the server supports SSL, use it */
> - if (!connect_to_server (service, ssl_mode, ex)) {
> - if (camel_exception_get_id (ex) == CAMEL_EXCEPTION_SERVICE_UNAVAILABLE) {
> - /* The ssl port seems to be unavailable, fall back to plain NNTP */
> - camel_exception_clear (ex);
> - return connect_to_server (service, USE_SSL_NEVER, ex);
> - } else {
> - return FALSE;
> - }
> - }
> -
> - return TRUE;
> + mode = ssl_options[i].mode;
> + if (!serv)
> + serv = ssl_options[i].serv;
> } else {
> - /* User doesn't care about SSL */
> - return connect_to_server (service, ssl_mode, ex);
> + mode = MODE_CLEAR;
> + if (!serv)
> + serv = "119";
> }
> -#else
> - return connect_to_server (service, USE_SSL_NEVER, ex);
> -#endif
> +
> + memset (&hints, 0, sizeof (hints));
> + hints.ai_socktype = SOCK_STREAM;
> + hints.ai_family = PF_UNSPEC;
> + if (!(ai = camel_getaddrinfo (service->url->host, serv, &hints, ex)))
> + return FALSE;
> +
> + ret = connect_to_server (service, ai, mode, ex);
> +
> + camel_freeaddrinfo (ai);
> +
> + return ret;
> }
>
> static gboolean
> Index: providers/pop3/camel-pop3-store.c
> ===================================================================
> RCS file: /cvs/gnome/evolution/camel/providers/pop3/camel-pop3-store.c,v
> retrieving revision 1.106
> diff -u -r1.106 camel-pop3-store.c
> --- providers/pop3/camel-pop3-store.c 24 Jun 2004 21:49:41 -0000 1.106
> +++ providers/pop3/camel-pop3-store.c 22 Sep 2004 18:02:38 -0000
> @@ -134,49 +134,35 @@
> }
>
> enum {
> - USE_SSL_NEVER,
> - USE_SSL_ALWAYS,
> - USE_SSL_WHEN_POSSIBLE
> + MODE_CLEAR,
> + MODE_SSL,
> + MODE_TLS,
> };
>
> #define SSL_PORT_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
> #define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
>
> static gboolean
> -connect_to_server (CamelService *service, int ssl_mode, int try_starttls, CamelException *ex)
> +connect_to_server (CamelService *service, struct addrinfo *ai, int ssl_mode, CamelException *ex)
> {
> CamelPOP3Store *store = CAMEL_POP3_STORE (service);
> CamelStream *tcp_stream;
> CamelPOP3Command *pc;
> - struct hostent *h;
> guint32 flags = 0;
> int clean_quit;
> - int ret, port;
> + int ret;
>
> - h = camel_service_gethost (service, ex);
> - if (!h)
> - return FALSE;
> -
> - port = service->url->port ? service->url->port : 110;
> -
> - if (ssl_mode != USE_SSL_NEVER) {
> + if (ssl_mode != MODE_CLEAR) {
> #ifdef HAVE_SSL
> - if (try_starttls) {
> - tcp_stream = camel_tcp_stream_ssl_new_raw (service->session, service->url->host, STARTTLS_FLAGS);
> + if (ssl_mode == MODE_TLS) {
> + tcp_stream = camel_tcp_stream_ssl_new (service->session, service->url->host, STARTTLS_FLAGS);
> } else {
> - port = service->url->port ? service->url->port : 995;
> tcp_stream = camel_tcp_stream_ssl_new (service->session, service->url->host, SSL_PORT_FLAGS);
> }
> #else
> - if (!try_starttls)
> - port = service->url->port ? service->url->port : 995;
> -
> camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
> - _("Could not connect to %s (port %d): %s"),
> - service->url->host, port,
> - _("SSL unavailable"));
> -
> - camel_free_host (h);
> + _("Could not connect to %s: %s"),
> + service->url->host, _("SSL unavailable"));
>
> return FALSE;
> #endif /* HAVE_SSL */
> @@ -184,16 +170,15 @@
> tcp_stream = camel_tcp_stream_raw_new ();
> }
>
> - ret = camel_tcp_stream_connect (CAMEL_TCP_STREAM (tcp_stream), h, port);
> - camel_free_host (h);
> - if (ret == -1) {
> + if ((ret = camel_tcp_stream_connect ((CamelTcpStream *) tcp_stream, ai)) == -1) {
> if (errno == EINTR)
> camel_exception_set (ex, CAMEL_EXCEPTION_USER_CANCEL,
> _("Connection cancelled"));
> else
> camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
> - _("Could not connect to POP server %s (port %d): %s"),
> - service->url->host, port, g_strerror (errno));
> + _("Could not connect to %s: %s"),
> + service->url->host,
> + g_strerror (errno));
>
> camel_object_unref (tcp_stream);
>
> @@ -211,41 +196,23 @@
>
> if (!(store->engine = camel_pop3_engine_new (tcp_stream, flags))) {
> camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
> - _("Failed to read a valid greeting from POP server %s (port %d)"),
> - service->url->host, port);
> + _("Failed to read a valid greeting from POP server %s"),
> + service->url->host);
> return FALSE;
> }
>
> -#ifdef HAVE_SSL
> - if (store->engine) {
> - if (ssl_mode == USE_SSL_WHEN_POSSIBLE) {
> - if (store->engine->capa & CAMEL_POP3_CAP_STLS)
> - goto starttls;
> - } else if (ssl_mode == USE_SSL_ALWAYS) {
> - if (try_starttls) {
> - if (store->engine->capa & CAMEL_POP3_CAP_STLS) {
> - /* attempt to toggle STARTTLS mode */
> - goto starttls;
> - } else {
> - /* server doesn't support STARTTLS, abort */
> - camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
> - _("Failed to connect to POP server %s in secure mode: %s"),
> - service->url->host, _("SSL/TLS extension not supported."));
> - /* we have the possibility of quitting cleanly here */
> - clean_quit = TRUE;
> - goto stls_exception;
> - }
> - }
> - }
> + if (ssl_mode != MODE_TLS) {
> + camel_object_unref (tcp_stream);
> + return TRUE;
> }
> -#endif /* HAVE_SSL */
>
> - camel_object_unref (tcp_stream);
> -
> - return store->engine != NULL;
> + if (!(store->engine->capa & CAMEL_POP3_CAP_STLS)) {
> + camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
> + _("Failed to connect to POP server %s in secure mode: STLS not supported"),
> + service->url->host);
> + goto stls_exception;
> + }
>
> -#ifdef HAVE_SSL
> - starttls:
> /* as soon as we send a STLS command, all hope is lost of a clean QUIT if problems arise */
> clean_quit = FALSE;
>
> @@ -295,59 +262,61 @@
> store->engine = NULL;
>
> return FALSE;
> -#endif /* HAVE_SSL */
> }
>
> static struct {
> char *value;
> + char *serv;
> int mode;
> } ssl_options[] = {
> - { "", USE_SSL_ALWAYS },
> - { "always", USE_SSL_ALWAYS },
> - { "when-possible", USE_SSL_WHEN_POSSIBLE },
> - { "never", USE_SSL_NEVER },
> - { NULL, USE_SSL_NEVER },
> + { "", "995", MODE_SSL }, /* really old (1.x) */
> + { "ssl", "995", MODE_SSL },
> + { "always", "995", MODE_SSL }, /* old option (1.x) */
> + { "tls", "110", MODE_TLS },
> + { "when-possible", "110", MODE_TLS }, /* old option (1.x) */
> + { "clear", "110", MODE_CLEAR },
> + { "never", "110", MODE_CLEAR }, /* old option (1.x) */
> + { NULL, "110", MODE_CLEAR },
> };
pop/pops
> static gboolean
> connect_to_server_wrapper (CamelService *service, CamelException *ex)
> {
> -#ifdef HAVE_SSL
> - const char *use_ssl;
> - int i, ssl_mode;
> + struct addrinfo hints, *ai;
> + const char *ssl_mode;
> + char *serv = NULL;
> + int mode, ret, i;
> +
> + if (service->url->port) {
> + serv = g_alloca (16);
> + sprintf (serv, "%d", service->url->port);
> + }
>
> - use_ssl = camel_url_get_param (service->url, "use_ssl");
> - if (use_ssl) {
> + if ((ssl_mode = camel_url_get_param (service->url, "ssl_mode"))
> + || (ssl_mode = camel_url_get_param (service->url, "use_ssl"))) {
> for (i = 0; ssl_options[i].value; i++)
> - if (!strcmp (ssl_options[i].value, use_ssl))
> + if (!strcmp (ssl_options[i].value, ssl_mode))
> break;
> - ssl_mode = ssl_options[i].mode;
> - } else
> - ssl_mode = USE_SSL_NEVER;
> -
> - if (ssl_mode == USE_SSL_ALWAYS) {
> - /* First try the ssl port */
> - if (!connect_to_server (service, ssl_mode, FALSE, ex)) {
> - if (camel_exception_get_id (ex) == CAMEL_EXCEPTION_SERVICE_UNAVAILABLE) {
> - /* The ssl port seems to be unavailable, lets try STARTTLS */
> - camel_exception_clear (ex);
> - return connect_to_server (service, ssl_mode, TRUE, ex);
> - } else {
> - return FALSE;
> - }
> - }
> -
> - return TRUE;
> - } else if (ssl_mode == USE_SSL_WHEN_POSSIBLE) {
> - /* If the server supports STARTTLS, use it */
> - return connect_to_server (service, ssl_mode, TRUE, ex);
> + mode = ssl_options[i].mode;
> + if (!serv)
> + serv = ssl_options[i].serv;
> } else {
> - /* User doesn't care about SSL */
> - return connect_to_server (service, ssl_mode, FALSE, ex);
> + mode = MODE_CLEAR;
> + if (!serv)
> + serv = "110";
> }
> -#else
> - return connect_to_server (service, USE_SSL_NEVER, FALSE, ex);
> -#endif
> +
> + memset (&hints, 0, sizeof (hints));
> + hints.ai_socktype = SOCK_STREAM;
> + hints.ai_family = PF_UNSPEC;
> + if (!(ai = camel_getaddrinfo (service->url->host, serv, &hints, ex)))
> + return FALSE;
> +
> + ret = connect_to_server (service, ai, mode, ex);
> +
> + camel_freeaddrinfo (ai);
> +
> + return ret;
> }
>
> extern CamelServiceAuthType camel_pop3_password_authtype;
> Index: providers/smtp/camel-smtp-transport.c
> ===================================================================
> RCS file: /cvs/gnome/evolution/camel/providers/smtp/camel-smtp-transport.c,v
> retrieving revision 1.157
> diff -u -r1.157 camel-smtp-transport.c
> --- providers/smtp/camel-smtp-transport.c 14 Jun 2004 02:46:03 -0000 1.157
> +++ providers/smtp/camel-smtp-transport.c 22 Sep 2004 18:02:38 -0000
> @@ -145,18 +145,7 @@
> CamelProvider *provider, CamelURL *url,
> CamelException *ex)
> {
> - CamelSmtpTransport *smtp_transport = CAMEL_SMTP_TRANSPORT (service);
> - const char *use_ssl;
> -
> CAMEL_SERVICE_CLASS (parent_class)->construct (service, session, provider, url, ex);
> -
> - if ((use_ssl = camel_url_get_param (url, "use_ssl"))) {
> - /* Note: previous versions would use "" to toggle use_ssl to 'on' */
> - if (!*use_ssl || !strcmp (use_ssl, "always"))
> - smtp_transport->flags |= CAMEL_SMTP_TRANSPORT_USE_SSL_ALWAYS;
> - else if (!strcmp (use_ssl, "when-possible"))
> - smtp_transport->flags |= CAMEL_SMTP_TRANSPORT_USE_SSL_WHEN_POSSIBLE;
> - }
> }
>
> static const char *
> @@ -228,49 +217,41 @@
> }
> }
>
> +enum {
> + MODE_CLEAR,
> + MODE_SSL,
> + MODE_TLS,
> +};
> +
> #define SSL_PORT_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 | CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
> #define STARTTLS_FLAGS (CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
>
> static gboolean
> -connect_to_server (CamelService *service, int try_starttls, CamelException *ex)
> +connect_to_server (CamelService *service, struct addrinfo *ai, int ssl_mode, CamelException *ex)
> {
> CamelSmtpTransport *transport = CAMEL_SMTP_TRANSPORT (service);
> CamelStream *tcp_stream;
> char *respbuf = NULL;
> - struct hostent *h;
> - int port, ret;
> + int ret;
>
> if (!CAMEL_SERVICE_CLASS (parent_class)->connect (service, ex))
> return FALSE;
>
> - h = camel_service_gethost (service, ex);
> - if (!h)
> - return FALSE;
> -
> /* set some smtp transport defaults */
> - transport->flags &= CAMEL_SMTP_TRANSPORT_USE_SSL; /* reset all but ssl flags */
> + transport->flags = 0;
> transport->authtypes = NULL;
>
> - port = service->url->port ? service->url->port : SMTP_PORT;
> -
> - if (transport->flags & CAMEL_SMTP_TRANSPORT_USE_SSL) {
> + if (ssl_mode != MODE_CLEAR) {
> #ifdef HAVE_SSL
> - if (try_starttls) {
> - tcp_stream = camel_tcp_stream_ssl_new_raw (service->session, service->url->host, STARTTLS_FLAGS);
> + if (ssl_mode == MODE_TLS) {
> + tcp_stream = camel_tcp_stream_ssl_new (service->session, service->url->host, STARTTLS_FLAGS);
> } else {
> - port = service->url->port ? service->url->port : 465;
> tcp_stream = camel_tcp_stream_ssl_new (service->session, service->url->host, SSL_PORT_FLAGS);
> }
> #else
> - if (!try_starttls)
> - port = service->url->port ? service->url->port : 465;
> -
> camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
> - _("Could not connect to %s (port %d): %s"),
> - service->url->host, port,
> - _("SSL unavailable"));
> -
> - camel_free_host (h);
> + _("Could not connect to %s: %s"),
> + service->url->host, _("SSL unavailable"));
>
> return FALSE;
> #endif /* HAVE_SSL */
> @@ -278,13 +259,14 @@
> tcp_stream = camel_tcp_stream_raw_new ();
> }
>
> - ret = camel_tcp_stream_connect (CAMEL_TCP_STREAM (tcp_stream), h, port);
> - camel_free_host (h);
> - if (ret == -1) {
> - camel_exception_setv (ex, errno == EINTR ? CAMEL_EXCEPTION_USER_CANCEL : CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
> - _("Could not connect to %s (port %d): %s"),
> - service->url->host, port,
> - g_strerror (errno));
> + if ((ret = camel_tcp_stream_connect ((CamelTcpStream *) tcp_stream, ai)) == -1) {
> + if (errno == EINTR)
> + camel_exception_set (ex, CAMEL_EXCEPTION_USER_CANCEL,
> + _("Connection cancelled"));
> + else
> + camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_UNAVAILABLE,
> + _("Could not connect to %s: %s"),
> + service->url->host, g_strerror (errno));
>
> camel_object_unref (tcp_stream);
>
> @@ -294,7 +276,7 @@
> transport->connected = TRUE;
>
> /* get the localaddr - needed later by smtp_helo */
> - transport->localaddr = camel_tcp_stream_get_local_address (CAMEL_TCP_STREAM (tcp_stream));
> + transport->localaddr = camel_tcp_stream_get_local_address (CAMEL_TCP_STREAM (tcp_stream), &transport->localaddrlen);
>
> transport->ostream = tcp_stream;
> transport->istream = camel_stream_buffer_new (tcp_stream, CAMEL_STREAM_BUFFER_READ);
> @@ -328,30 +310,19 @@
> /* clear any EHLO/HELO exception and assume that any SMTP errors encountered were non-fatal */
> camel_exception_clear (ex);
>
> -#ifdef HAVE_SSL
> - if (transport->flags & CAMEL_SMTP_TRANSPORT_USE_SSL_WHEN_POSSIBLE) {
> - /* try_starttls is always TRUE here */
> - if (transport->flags & CAMEL_SMTP_TRANSPORT_STARTTLS)
> - goto starttls;
> - } else if (transport->flags & CAMEL_SMTP_TRANSPORT_USE_SSL_ALWAYS) {
> - if (try_starttls) {
> - if (transport->flags & CAMEL_SMTP_TRANSPORT_STARTTLS) {
> - goto starttls;
> - } else {
> - /* server doesn't support STARTTLS, abort */
> - camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
> - _("Failed to connect to SMTP server %s in secure mode: %s"),
> - service->url->host, _("server does not appear to support SSL"));
> - goto exception_cleanup;
> - }
> - }
> + if (ssl_mode != MODE_TLS) {
> + /* we're done */
> + return TRUE;
> }
> -#endif /* HAVE_SSL */
>
> - return TRUE;
> + if (!(transport->flags & CAMEL_SMTP_TRANSPORT_STARTTLS)) {
> + camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
> + _("Failed to connect to SMTP server %s in secure mode: STARTTLS not supported"),
> + service->url->host);
> +
> + goto exception_cleanup;
> + }
>
> -#ifdef HAVE_SSL
> - starttls:
> d(fprintf (stderr, "sending : STARTTLS\r\n"));
> if (camel_stream_write (tcp_stream, "STARTTLS\r\n", 10) == -1) {
> camel_exception_setv (ex, errno == EINTR ? CAMEL_EXCEPTION_USER_CANCEL : CAMEL_EXCEPTION_SYSTEM,
> @@ -401,38 +372,61 @@
> transport->connected = FALSE;
>
> return FALSE;
> -#endif /* HAVE_SSL */
> }
>
> +static struct {
> + char *value;
> + char *serv;
> + int mode;
> +} ssl_options[] = {
> + { "", "465", MODE_SSL }, /* really old (1.x) */
> + { "ssl", "465", MODE_SSL },
> + { "always", "465", MODE_SSL }, /* old option (1.x) */
> + { "tls", "25", MODE_TLS },
> + { "when-possible", "25", MODE_TLS }, /* old option (1.x) */
> + { "clear", "25", MODE_CLEAR },
> + { "never", "25", MODE_CLEAR }, /* old option (1.x) */
> + { NULL, "25", MODE_CLEAR },
> +};
smtp/smtps
> static gboolean
> connect_to_server_wrapper (CamelService *service, CamelException *ex)
> {
> -#ifdef HAVE_SSL
> - CamelSmtpTransport *transport = (CamelSmtpTransport *) service;
> -
> - if (transport->flags & CAMEL_SMTP_TRANSPORT_USE_SSL_ALWAYS) {
> - /* First try connecting to the SSL port */
> - if (!connect_to_server (service, FALSE, ex)) {
> - if (camel_exception_get_id (ex) == CAMEL_EXCEPTION_SERVICE_UNAVAILABLE) {
> - /* Seems the SSL port is unavailable, lets try STARTTLS */
> - camel_exception_clear (ex);
> - return connect_to_server (service, TRUE, ex);
> - } else {
> - return FALSE;
> - }
> - }
> -
> - return TRUE;
> - } else if (transport->flags & CAMEL_SMTP_TRANSPORT_USE_SSL_WHEN_POSSIBLE) {
> - /* If the server supports STARTTLS, use it */
> - return connect_to_server (service, TRUE, ex);
> + struct addrinfo hints, *ai;
> + const char *ssl_mode;
> + int mode, ret, i;
> + char *serv = NULL;
> +
> + if (service->url->port) {
> + serv = g_alloca (16);
> + sprintf (serv, "%d", service->url->port);
> + }
> +
> + if ((ssl_mode = camel_url_get_param (service->url, "ssl_mode"))
> + || (ssl_mode = camel_url_get_param (service->url, "use_ssl"))) {
> + for (i = 0; ssl_options[i].value; i++)
> + if (!strcmp (ssl_options[i].value, ssl_mode))
> + break;
> + mode = ssl_options[i].mode;
> + if (!serv)
> + serv = ssl_options[i].serv;
> } else {
> - /* User doesn't care about SSL */
> - return connect_to_server (service, FALSE, ex);
> + mode = MODE_CLEAR;
> + if (!serv)
> + serv = "25";
> }
> -#else
> - return connect_to_server (service, FALSE, ex);
> -#endif
> +
> + memset (&hints, 0, sizeof (hints));
> + hints.ai_socktype = SOCK_STREAM;
> + hints.ai_family = PF_UNSPEC;
> + if (!(ai = camel_getaddrinfo (service->url->host, serv, &hints, ex)))
> + return FALSE;
> +
> + ret = connect_to_server (service, ai, mode, ex);
> +
> + camel_freeaddrinfo (ai);
> +
> + return ret;
> }
>
> static gboolean
> @@ -580,7 +574,7 @@
> transport->ostream = NULL;
> }
>
> - camel_tcp_address_free (transport->localaddr);
> + g_free(transport->localaddr);
> transport->localaddr = NULL;
>
> transport->connected = FALSE;
> @@ -865,10 +859,7 @@
> {
> /* say hello to the server */
> char *name = NULL, *cmdbuf = NULL, *respbuf = NULL;
> - struct hostent *host;
> - CamelException err;
> const char *token;
> - int af;
>
> /* these are flags that we set, so unset them in case we
> are being called a second time (ie, after a STARTTLS) */
> @@ -883,42 +874,10 @@
> }
>
> camel_operation_start_transient (NULL, _("SMTP Greeting"));
> -
> - /* get the local host name */
> - camel_exception_init (&err);
> -#ifdef ENABLE_IPv6
> - af = transport->localaddr->family == CAMEL_TCP_ADDRESS_IPv6 ? AF_INET6 : AF_INET;
> -#else
> - af = AF_INET;
> -#endif
> - host = camel_gethostbyaddr ((char *) &transport->localaddr->address,
> - transport->localaddr->length, af, &err);
> -
> - camel_exception_clear (&err);
> -
> - if (host && host->h_name && *host->h_name) {
> - name = g_strdup (host->h_name);
> - } else {
> -#ifdef ENABLE_IPv6
> - char ip[MAXHOSTNAMELEN + 1];
> - const char *proto;
> -
> - proto = transport->localaddr->family == CAMEL_TCP_ADDRESS_IPv6 ? "IPv6:" : "";
> - name = g_strdup_printf ("[%s%s]", proto, inet_ntop (af, transport->localaddr->address, ip, MAXHOSTNAMELEN));
> -#else
> - /* We *could* use inet_ntoa() here, but it's probably
> - not worth it since we would have to worry about
> - some systems not having inet_ntoa() */
> - name = g_strdup_printf ("[%d.%d.%d.%d]",
> - transport->localaddr->address[0],
> - transport->localaddr->address[1],
> - transport->localaddr->address[2],
> - transport->localaddr->address[3]);
> -#endif
> - }
> -
> - if (host)
> - camel_free_host (host);
> +
> + /* this can't really fail with the flags we're using, it should fallback to numerical */
> + if (camel_getnameinfo(transport->localaddr, transport->localaddrlen, &name, NULL, 0, NULL) != 0)
> + name = g_strdup("localhost.localdomain");
>
> /* hiya server! how are you today? */
> if (transport->flags & CAMEL_SMTP_TRANSPORT_IS_ESMTP)
> Index: providers/smtp/camel-smtp-transport.h
> ===================================================================
> RCS file: /cvs/gnome/evolution/camel/providers/smtp/camel-smtp-transport.h,v
> retrieving revision 1.17
> diff -u -r1.17 camel-smtp-transport.h
> --- providers/smtp/camel-smtp-transport.h 7 Oct 2002 18:13:53 -0000 1.17
> +++ providers/smtp/camel-smtp-transport.h 22 Sep 2004 18:02:38 -0000
> @@ -22,17 +22,14 @@
> * USA
> */
>
> -
> #ifndef CAMEL_SMTP_TRANSPORT_H
> #define CAMEL_SMTP_TRANSPORT_H 1
>
> -
> #ifdef __cplusplus
> extern "C" {
> #pragma }
> #endif /* __cplusplus */
>
> -
> #include "camel-transport.h"
> #include "camel-tcp-stream.h"
>
> @@ -41,19 +38,12 @@
> #define CAMEL_SMTP_TRANSPORT_CLASS(k) (CAMEL_CHECK_CLASS_CAST ((k), CAMEL_SMTP_TRANSPORT_TYPE, CamelSmtpTransportClass))
> #define CAMEL_IS_SMTP_TRANSPORT(o) (CAMEL_CHECK_TYPE((o), CAMEL_SMTP_TRANSPORT_TYPE))
>
> -
> #define CAMEL_SMTP_TRANSPORT_IS_ESMTP (1 << 0)
> #define CAMEL_SMTP_TRANSPORT_8BITMIME (1 << 1)
> #define CAMEL_SMTP_TRANSPORT_ENHANCEDSTATUSCODES (1 << 2)
> #define CAMEL_SMTP_TRANSPORT_STARTTLS (1 << 3)
>
> -#define CAMEL_SMTP_TRANSPORT_USE_SSL_ALWAYS (1 << 4)
> -#define CAMEL_SMTP_TRANSPORT_USE_SSL_WHEN_POSSIBLE (1 << 5)
> -
> -#define CAMEL_SMTP_TRANSPORT_USE_SSL (CAMEL_SMTP_TRANSPORT_USE_SSL_ALWAYS | \
> - CAMEL_SMTP_TRANSPORT_USE_SSL_WHEN_POSSIBLE)
> -
> -#define CAMEL_SMTP_TRANSPORT_AUTH_EQUAL (1 << 6) /* set if we are using authtypes from a broken AUTH= */
> +#define CAMEL_SMTP_TRANSPORT_AUTH_EQUAL (1 << 4) /* set if we are using authtypes from a broken AUTH= */
>
> typedef struct {
> CamelTransport parent_object;
> @@ -63,20 +53,17 @@
> guint32 flags;
>
> gboolean connected;
> - CamelTcpAddress *localaddr;
> + struct sockaddr *localaddr;
> + socklen_t localaddrlen;
>
> GHashTable *authtypes;
> -
> } CamelSmtpTransport;
>
> -
> -
> typedef struct {
> CamelTransportClass parent_class;
>
> } CamelSmtpTransportClass;
>
> -
> /* Standard Camel function */
> CamelType camel_smtp_transport_get_type (void);
>
> @@ -85,5 +72,3 @@
> #endif /* __cplusplus */
>
> #endif /* CAMEL_SMTP_TRANSPORT_H */
> -
> -
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
