int mailstream_close(mailstream * s)
{
if (s->idle != NULL) {
mailstream_cancel_free(s->idle);
}
mailstream_low_close(s->low);
mailstream_low_free(s->low);
free(s->read_buffer);
free(s->write_buffer);
free(s);
return 0;
}
void mailstream_unsetup_idle(mailstream * s)
{
if (!s->idling) {
return;
}
if (s->low->driver == mailstream_cfstream_driver) {
mailstream_cfstream_unsetup_idle(s);
}
else {
mailstream_cancel_free(s->idle);
s->idle = NULL;
}
s->idling = 0;
}
void mailstream_unsetup_idle(mailstream * s)
{
int r;
if (!s->idling) {
return;
}
r = mailstream_low_unsetup_idle(s->low);
if (r < 0) {
mailstream_cancel_free(s->idle);
s->idle = NULL;
}
s->idling = 0;
}
static void ssl_data_free(struct mailstream_ssl_data * ssl_data)
{
mailstream_cancel_free(ssl_data->cancel);
free(ssl_data);
}
static struct mailstream_ssl_data * ssl_data_new(int fd, time_t timeout,
void (* callback)(struct mailstream_ssl_context * ssl_context, void * cb_data), void * cb_data)
{
struct mailstream_ssl_data * ssl_data;
gnutls_session session;
struct mailstream_cancel * cancel;
gnutls_certificate_credentials_t xcred;
int r;
struct mailstream_ssl_context * ssl_context = NULL;
mailstream_ssl_init();
if (gnutls_certificate_allocate_credentials (&xcred) != 0)
return NULL;
r = gnutls_init(&session, GNUTLS_CLIENT);
if (session == NULL || r != 0)
return NULL;
if (callback != NULL) {
ssl_context = mailstream_ssl_context_new(session, fd);
callback(ssl_context, cb_data);
}
gnutls_session_set_ptr(session, ssl_context);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_certificate_client_set_retrieve_function(xcred, mailstream_gnutls_client_cert_cb);
gnutls_set_default_priority(session);
gnutls_priority_set_direct(session, "NORMAL", NULL);
gnutls_record_disable_padding(session);
gnutls_dh_set_prime_bits(session, 512);
gnutls_transport_set_ptr(session, (gnutls_transport_ptr) fd);
/* lower limits on server key length restriction */
gnutls_dh_set_prime_bits(session, 512);
if (timeout == 0) {
timeout_value = mailstream_network_delay.tv_sec * 1000 + timeout.tv_usec / 1000;
}
else {
timeout_value = timeout;
}
gnutls_handshake_set_timeout(session, timeout_value);
do {
r = gnutls_handshake(session);
} while (r == GNUTLS_E_AGAIN || r == GNUTLS_E_INTERRUPTED);
if (r < 0) {
gnutls_perror(r);
goto free_ssl_conn;
}
cancel = mailstream_cancel_new();
if (cancel == NULL)
goto free_ssl_conn;
r = mailstream_prepare_fd(fd);
if (r < 0)
goto free_cancel;
ssl_data = malloc(sizeof(* ssl_data));
if (ssl_data == NULL)
goto err;
ssl_data->fd = fd;
ssl_data->session = session;
ssl_data->xcred = xcred;
ssl_data->cancel = cancel;
mailstream_ssl_context_free(ssl_context);
return ssl_data;
free_cancel:
mailstream_cancel_free(cancel);
free_ssl_conn:
gnutls_certificate_free_credentials(xcred);
mailstream_ssl_context_free(ssl_context);
gnutls_deinit(session);
err:
return NULL;
}
static struct mailstream_ssl_data * ssl_data_new_full(int fd, time_t timeout,
SSL_METHOD * method, void (* callback)(struct mailstream_ssl_context * ssl_context, void * cb_data),
void * cb_data)
{
struct mailstream_ssl_data * ssl_data;
SSL * ssl_conn;
int r;
SSL_CTX * tmp_ctx;
struct mailstream_cancel * cancel;
struct mailstream_ssl_context * ssl_context = NULL;
mailstream_ssl_init();
tmp_ctx = SSL_CTX_new(method);
if (tmp_ctx == NULL)
goto err;
if (callback != NULL) {
ssl_context = mailstream_ssl_context_new(tmp_ctx, fd);
callback(ssl_context, cb_data);
}
SSL_CTX_set_app_data(tmp_ctx, ssl_context);
SSL_CTX_set_client_cert_cb(tmp_ctx, mailstream_openssl_client_cert_cb);
ssl_conn = (SSL *) SSL_new(tmp_ctx);
if (ssl_conn == NULL)
goto free_ctx;
if (SSL_set_fd(ssl_conn, fd) == 0)
goto free_ssl_conn;
again:
r = SSL_connect(ssl_conn);
switch(SSL_get_error(ssl_conn, r)) {
case SSL_ERROR_WANT_READ:
r = wait_SSL_connect(fd, 1, timeout);
if (r < 0)
goto free_ssl_conn;
else
goto again;
break;
case SSL_ERROR_WANT_WRITE:
r = wait_SSL_connect(fd, 0, timeout);
if (r < 0)
goto free_ssl_conn;
else
goto again;
break;
}
if (r <= 0)
goto free_ssl_conn;
cancel = mailstream_cancel_new();
if (cancel == NULL)
goto free_ssl_conn;
r = mailstream_prepare_fd(fd);
if (r < 0)
goto free_cancel;
ssl_data = malloc(sizeof(* ssl_data));
if (ssl_data == NULL)
goto free_cancel;
ssl_data->fd = fd;
ssl_data->ssl_conn = ssl_conn;
ssl_data->ssl_ctx = tmp_ctx;
ssl_data->cancel = cancel;
mailstream_ssl_context_free(ssl_context);
return ssl_data;
free_cancel:
mailstream_cancel_free(cancel);
free_ssl_conn:
SSL_free(ssl_conn);
free_ctx:
SSL_CTX_free(tmp_ctx);
mailstream_ssl_context_free(ssl_context);
err:
return NULL;
}
static struct mailstream_ssl_data * ssl_data_new_full(int fd, time_t timeout,
const SSL_METHOD * method, void (* callback)(struct mailstream_ssl_context * ssl_context, void * cb_data),
void * cb_data)
{
struct mailstream_ssl_data * ssl_data;
SSL * ssl_conn;
int r;
SSL_CTX * tmp_ctx;
struct mailstream_cancel * cancel;
struct mailstream_ssl_context * ssl_context = NULL;
#if SSL_MODE_RELEASE_BUFFERS
long mode = 0;
#endif
mailstream_ssl_init();
tmp_ctx = SSL_CTX_new(method);
if (tmp_ctx == NULL)
goto err;
if (callback != NULL) {
ssl_context = mailstream_ssl_context_new(tmp_ctx, fd);
callback(ssl_context, cb_data);
}
SSL_CTX_set_app_data(tmp_ctx, ssl_context);
SSL_CTX_set_client_cert_cb(tmp_ctx, mailstream_openssl_client_cert_cb);
ssl_conn = (SSL *) SSL_new(tmp_ctx);
#if SSL_MODE_RELEASE_BUFFERS
mode = SSL_get_mode(ssl_conn);
SSL_set_mode(ssl_conn, mode | SSL_MODE_RELEASE_BUFFERS);
#endif
if (ssl_conn == NULL)
goto free_ctx;
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
if (ssl_context != NULL && ssl_context->server_name != NULL) {
SSL_set_tlsext_host_name(ssl_conn, ssl_context->server_name);
free(ssl_context->server_name);
ssl_context->server_name = NULL;
}
#endif /* (OPENSSL_VERSION_NUMBER >= 0x10000000L) */
if (SSL_set_fd(ssl_conn, fd) == 0)
goto free_ssl_conn;
again:
r = SSL_connect(ssl_conn);
switch(SSL_get_error(ssl_conn, r)) {
case SSL_ERROR_WANT_READ:
r = wait_SSL_connect(fd, 1, timeout);
if (r < 0)
goto free_ssl_conn;
else
goto again;
break;
case SSL_ERROR_WANT_WRITE:
r = wait_SSL_connect(fd, 0, timeout);
if (r < 0)
goto free_ssl_conn;
else
goto again;
break;
}
if (r <= 0)
goto free_ssl_conn;
cancel = mailstream_cancel_new();
if (cancel == NULL)
goto free_ssl_conn;
r = mailstream_prepare_fd(fd);
if (r < 0)
goto free_cancel;
ssl_data = malloc(sizeof(* ssl_data));
if (ssl_data == NULL)
goto free_cancel;
ssl_data->fd = fd;
ssl_data->ssl_conn = ssl_conn;
ssl_data->ssl_ctx = tmp_ctx;
ssl_data->cancel = cancel;
mailstream_ssl_context_free(ssl_context);
return ssl_data;
free_cancel:
mailstream_cancel_free(cancel);
free_ssl_conn:
SSL_free(ssl_conn);
free_ctx:
SSL_CTX_free(tmp_ctx);
mailstream_ssl_context_free(ssl_context);
err:
return NULL;
}
static struct mailstream_ssl_data * ssl_data_new(int fd, void (* callback)(struct mailstream_ssl_context * ssl_context, void * cb_data), void * cb_data)
{
struct mailstream_ssl_data * ssl_data;
gnutls_session session;
struct mailstream_cancel * cancel;
const int cipher_prio[] = { GNUTLS_CIPHER_AES_128_CBC,
GNUTLS_CIPHER_3DES_CBC,
GNUTLS_CIPHER_AES_256_CBC,
GNUTLS_CIPHER_ARCFOUR_128, 0 };
const int kx_prio[] = { GNUTLS_KX_DHE_RSA,
GNUTLS_KX_RSA,
GNUTLS_KX_DHE_DSS, 0 };
const int mac_prio[] = { GNUTLS_MAC_SHA1,
GNUTLS_MAC_MD5, 0 };
const int proto_prio[] = { GNUTLS_TLS1,
GNUTLS_SSL3, 0 };
gnutls_certificate_credentials_t xcred;
int r;
struct mailstream_ssl_context * ssl_context = NULL;
mailstream_ssl_init();
if (gnutls_certificate_allocate_credentials (&xcred) != 0)
return NULL;
r = gnutls_init(&session, GNUTLS_CLIENT);
if (session == NULL || r != 0)
return NULL;
if (callback != NULL) {
ssl_context = mailstream_ssl_context_new(session, fd);
callback(ssl_context, cb_data);
}
gnutls_session_set_ptr(session, ssl_context);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_certificate_client_set_retrieve_function(xcred, mailstream_gnutls_client_cert_cb);
gnutls_set_default_priority(session);
gnutls_protocol_set_priority (session, proto_prio);
gnutls_cipher_set_priority (session, cipher_prio);
gnutls_kx_set_priority (session, kx_prio);
gnutls_mac_set_priority (session, mac_prio);
gnutls_record_disable_padding(session);
gnutls_dh_set_prime_bits(session, 512);
gnutls_transport_set_ptr(session, (gnutls_transport_ptr) fd);
/* lower limits on server key length restriction */
gnutls_dh_set_prime_bits(session, 512);
do {
r = gnutls_handshake(session);
} while (r == GNUTLS_E_AGAIN || r == GNUTLS_E_INTERRUPTED);
if (r < 0) {
gnutls_perror(r);
goto free_ssl_conn;
}
cancel = mailstream_cancel_new();
if (cancel == NULL)
goto free_ssl_conn;
r = mailstream_prepare_fd(fd);
if (r < 0)
goto free_cancel;
ssl_data = malloc(sizeof(* ssl_data));
if (ssl_data == NULL)
goto err;
ssl_data->fd = fd;
ssl_data->session = session;
ssl_data->xcred = xcred;
ssl_data->cancel = cancel;
mailstream_ssl_context_free(ssl_context);
return ssl_data;
free_cancel:
mailstream_cancel_free(cancel);
free_ssl_conn:
gnutls_certificate_free_credentials(xcred);
mailstream_ssl_context_free(ssl_context);
gnutls_deinit(session);
err:
return NULL;
}
static void socket_data_free(struct mailstream_socket_data * socket_data)
{
mailstream_cancel_free(socket_data->cancel);
free(socket_data);
}
