File: tlsvar.c

package info (click to toggle)
mailutils 1%3A3.20-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 38,912 kB
  • sloc: ansic: 187,772; sh: 111,430; yacc: 7,463; cpp: 3,834; makefile: 3,166; lex: 1,972; python: 1,617; exp: 1,563; awk: 152; lisp: 132; sed: 31
file content (100 lines) | stat: -rw-r--r-- 2,525 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
/* GNU Mailutils -- a suite of utilities for electronic mail
   Copyright (C) 2003-2025 Free Software Foundation, Inc.

   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 3 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General
   Public License along with this library.  If not, see
   <http://www.gnu.org/licenses/>. */

#if HAVE_CONFIG_H
# include <config.h>
#endif

#include <mailutils/tls.h>
#include <mailutils/errno.h>

int mu_tls_enable = 0;
int mu_tls_cert_file_checks = MU_TLS_CERT_FILE_CHECKS;
int mu_tls_key_file_checks  = MU_TLS_KEY_FILE_CHECKS;
int mu_tls_ca_file_checks   = MU_TLS_CA_FILE_CHECKS;

static int
check_err(int rc)
{
  switch (rc)
    {
    case MU_ERR_PERM_OWNER_MISMATCH:
    case MU_ERR_PERM_GROUP_WRITABLE:
    case MU_ERR_PERM_WORLD_WRITABLE:
    case MU_ERR_PERM_GROUP_READABLE:
    case MU_ERR_PERM_WORLD_READABLE:
    case MU_ERR_PERM_LINKED_WRDIR:
    case MU_ERR_PERM_DIR_IWGRP:
    case MU_ERR_PERM_DIR_IWOTH:
      return MU_TLS_CONFIG_UNSAFE;
    default:
      return MU_TLS_CONFIG_FAIL;
    }
}

int
mu_tls_config_check (struct mu_tls_config const *conf, int verbose)
{
  int rc;
  int res = MU_TLS_CONFIG_NULL;
  
  if (conf->cert_file)
    {
      rc = mu_file_safety_check (conf->cert_file, mu_tls_cert_file_checks,
				 -1, NULL);
      if (rc)
	{
	  if (verbose)
	    mu_error ("%s: %s", conf->cert_file, mu_strerror (rc));
	  return check_err (rc);
	}
      res = MU_TLS_CONFIG_OK;
    }

  if (conf->key_file)
    {
      rc = mu_file_safety_check (conf->key_file, mu_tls_key_file_checks,
				 -1, NULL);
      if (rc)
	{
	  if (verbose)
	    mu_error ("%s: %s", conf->key_file, mu_strerror (rc));
	  return check_err (rc);
	}
      res = MU_TLS_CONFIG_OK;
    }

  if (conf->ca_file)
    {
      rc = mu_file_safety_check (conf->ca_file, mu_tls_ca_file_checks,
				 -1, NULL);
      if (rc)
	{
	  if (verbose)
	    mu_error ("%s: %s", conf->ca_file, mu_strerror (rc));
	  return check_err (rc);
	}
      res = MU_TLS_CONFIG_OK;
    }

  if (conf->priorities)
    res = MU_TLS_CONFIG_OK;
  
  return res;

}