Merge branch '1.3'
This commit is contained in:
commit
5fee222f84
|
@ -1586,14 +1586,6 @@ get_cmd_result_p2( imap_store_t *ctx, imap_cmd_t *cmd, int response )
|
||||||
|
|
||||||
/******************* imap_cancel_store *******************/
|
/******************* imap_cancel_store *******************/
|
||||||
|
|
||||||
|
|
||||||
static void
|
|
||||||
imap_cleanup_store( imap_store_t *ctx )
|
|
||||||
{
|
|
||||||
free_generic_messages( ctx->msgs );
|
|
||||||
free_string_list( ctx->boxes );
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
imap_cancel_store( store_t *gctx )
|
imap_cancel_store( store_t *gctx )
|
||||||
{
|
{
|
||||||
|
@ -1609,7 +1601,8 @@ imap_cancel_store( store_t *gctx )
|
||||||
free_list( ctx->ns_other );
|
free_list( ctx->ns_other );
|
||||||
free_list( ctx->ns_shared );
|
free_list( ctx->ns_shared );
|
||||||
free_string_list( ctx->auth_mechs );
|
free_string_list( ctx->auth_mechs );
|
||||||
imap_cleanup_store( ctx );
|
free_generic_messages( ctx->msgs );
|
||||||
|
free_string_list( ctx->boxes );
|
||||||
imap_deref( ctx );
|
imap_deref( ctx );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1746,7 +1739,9 @@ imap_alloc_store( store_conf_t *conf, const char *label )
|
||||||
for (ctxp = &unowned; (ctx = (imap_store_t *)*ctxp); ctxp = &ctx->gen.next)
|
for (ctxp = &unowned; (ctx = (imap_store_t *)*ctxp); ctxp = &ctx->gen.next)
|
||||||
if (ctx->state != SST_BAD && ((imap_store_conf_t *)ctx->gen.conf)->server == srvc) {
|
if (ctx->state != SST_BAD && ((imap_store_conf_t *)ctx->gen.conf)->server == srvc) {
|
||||||
*ctxp = ctx->gen.next;
|
*ctxp = ctx->gen.next;
|
||||||
imap_cleanup_store( ctx );
|
free_string_list( ctx->boxes );
|
||||||
|
ctx->boxes = NULL;
|
||||||
|
ctx->listed = 0;
|
||||||
/* One could ping the server here, but given that the idle timeout
|
/* One could ping the server here, but given that the idle timeout
|
||||||
* is at least 30 minutes, this sounds pretty pointless. */
|
* is at least 30 minutes, this sounds pretty pointless. */
|
||||||
ctx->state = SST_HALF;
|
ctx->state = SST_HALF;
|
||||||
|
@ -1921,7 +1916,7 @@ ensure_password( imap_server_conf_t *srvc )
|
||||||
if (cmd) {
|
if (cmd) {
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
int ret;
|
int ret;
|
||||||
char buffer[2048]; // Hopefully more than enough room for XOAUTH2, etc. tokens
|
char buffer[8192]; // Hopefully more than enough room for XOAUTH2, etc. tokens
|
||||||
|
|
||||||
if (*cmd == '+') {
|
if (*cmd == '+') {
|
||||||
flushn();
|
flushn();
|
||||||
|
|
|
@ -309,9 +309,11 @@ proxy_set_bad_callback( store_t *gctx, void (*cb)( void *aux ), void *aux )
|
||||||
static void
|
static void
|
||||||
proxy_invoke_bad_callback( proxy_store_t *ctx )
|
proxy_invoke_bad_callback( proxy_store_t *ctx )
|
||||||
{
|
{
|
||||||
|
ctx->ref_count++;
|
||||||
debug( "%sCallback enter bad store\n", ctx->label );
|
debug( "%sCallback enter bad store\n", ctx->label );
|
||||||
ctx->bad_callback( ctx->bad_callback_aux );
|
ctx->bad_callback( ctx->bad_callback_aux );
|
||||||
debug( "%sCallback leave bad store\n", ctx->label ); \
|
debug( "%sCallback leave bad store\n", ctx->label );
|
||||||
|
proxy_store_deref( ctx );
|
||||||
}
|
}
|
||||||
|
|
||||||
//# EXCLUDE alloc_store
|
//# EXCLUDE alloc_store
|
||||||
|
|
30
src/mbsync.1
30
src/mbsync.1
|
@ -379,17 +379,27 @@ if you want to trust only hand-picked certificates.
|
||||||
\fBCertificateFile\fR \fIpath\fR
|
\fBCertificateFile\fR \fIpath\fR
|
||||||
File containing additional X.509 certificates used to verify server
|
File containing additional X.509 certificates used to verify server
|
||||||
identities.
|
identities.
|
||||||
These certificates are always trusted, regardless of validity.
|
It may contain two types of certificates:
|
||||||
|
.RS
|
||||||
|
.IP Host
|
||||||
|
These certificates are matched only against the received server certificate
|
||||||
|
itself.
|
||||||
|
They are always trusted, regardless of validity.
|
||||||
|
A typical use case would be forcing acceptance of an expired certificate.
|
||||||
.br
|
.br
|
||||||
The certificates from this file are matched only against the received
|
These certificates may be obtained using the \fBmbsync-get-cert\fR tool;
|
||||||
server certificate itself; CA certificates are \fBnot\fR supported here.
|
make sure to verify their fingerprints before trusting them, or transfer
|
||||||
Do \fBnot\fR specify the system's CA certificate store here; see
|
them securely from the server's network (if it can be trusted beyond the
|
||||||
\fBSystemCertificates\fR instead.
|
server itself).
|
||||||
.br
|
.IP CA
|
||||||
The contents for this file may be obtained using the
|
These certificates are used as trust anchors when building the certificate
|
||||||
\fBmbsync-get-cert\fR tool; make sure to verify the fingerprints of the
|
chain for the received server certificate.
|
||||||
certificates before trusting them, or transfer them securely from the
|
They are used to supplant or supersede the system's trust store, depending
|
||||||
server's network (if it is trusted).
|
on the \fBSystemCertificates\fR setting;
|
||||||
|
it is not necessary and not recommended to specify the system's trust store
|
||||||
|
itself here.
|
||||||
|
The trust chains are fully validated.
|
||||||
|
.RE
|
||||||
.
|
.
|
||||||
.TP
|
.TP
|
||||||
\fBClientCertificate\fR \fIpath\fR
|
\fBClientCertificate\fR \fIpath\fR
|
||||||
|
|
54
src/socket.c
54
src/socket.c
|
@ -41,7 +41,7 @@
|
||||||
# include <openssl/err.h>
|
# include <openssl/err.h>
|
||||||
# include <openssl/x509v3.h>
|
# include <openssl/x509v3.h>
|
||||||
# if OPENSSL_VERSION_NUMBER < 0x10100000L \
|
# if OPENSSL_VERSION_NUMBER < 0x10100000L \
|
||||||
|| (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070100fL)
|
|| (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070100fL)
|
||||||
# define X509_OBJECT_get0_X509(o) ((o)->data.x509)
|
# define X509_OBJECT_get0_X509(o) ((o)->data.x509)
|
||||||
# define X509_STORE_get0_objects(o) ((o)->objs)
|
# define X509_STORE_get0_objects(o) ((o)->objs)
|
||||||
# endif
|
# endif
|
||||||
|
@ -430,6 +430,32 @@ socket_close_internal( conn_t *sock )
|
||||||
sock->fd = -1;
|
sock->fd = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef HAVE_IPV6
|
||||||
|
struct addr_info {
|
||||||
|
struct addr_info *ai_next;
|
||||||
|
struct sockaddr_in ai_addr[1];
|
||||||
|
};
|
||||||
|
|
||||||
|
#define freeaddrinfo(ai) free( ai )
|
||||||
|
|
||||||
|
static struct addr_info *
|
||||||
|
init_addrinfo( struct hostent *he )
|
||||||
|
{
|
||||||
|
uint naddr = 0;
|
||||||
|
for (char **addr = he->h_addr_list; *addr; addr++)
|
||||||
|
naddr++;
|
||||||
|
struct addr_info *caddr = nfcalloc( naddr * sizeof(struct addrinfo) );
|
||||||
|
struct addr_info *ret, **caddrp = &ret;
|
||||||
|
for (char **addr = he->h_addr_list; *addr; addr++, caddr++) {
|
||||||
|
caddr->ai_addr->sin_family = AF_INET;
|
||||||
|
memcpy( &caddr->ai_addr->sin_addr.s_addr, *addr, sizeof(struct in_addr) );
|
||||||
|
*caddrp = caddr;
|
||||||
|
caddrp = &caddr->ai_next;
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
void
|
void
|
||||||
socket_connect( conn_t *sock, void (*cb)( int ok, void *aux ) )
|
socket_connect( conn_t *sock, void (*cb)( int ok, void *aux ) )
|
||||||
{
|
{
|
||||||
|
@ -479,8 +505,6 @@ socket_connect( conn_t *sock, void (*cb)( int ok, void *aux ) )
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
info( "\vok\n" );
|
info( "\vok\n" );
|
||||||
|
|
||||||
sock->curr_addr = sock->addrs;
|
|
||||||
#else
|
#else
|
||||||
struct hostent *he;
|
struct hostent *he;
|
||||||
|
|
||||||
|
@ -493,8 +517,9 @@ socket_connect( conn_t *sock, void (*cb)( int ok, void *aux ) )
|
||||||
}
|
}
|
||||||
info( "\vok\n" );
|
info( "\vok\n" );
|
||||||
|
|
||||||
sock->curr_addr = he->h_addr_list;
|
sock->addrs = init_addrinfo( he );
|
||||||
#endif
|
#endif
|
||||||
|
sock->curr_addr = sock->addrs;
|
||||||
socket_connect_one( sock );
|
socket_connect_one( sock );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -506,16 +531,10 @@ socket_connect_one( conn_t *sock )
|
||||||
#ifdef HAVE_IPV6
|
#ifdef HAVE_IPV6
|
||||||
struct addrinfo *ai;
|
struct addrinfo *ai;
|
||||||
#else
|
#else
|
||||||
struct {
|
struct addr_info *ai;
|
||||||
struct sockaddr_in ai_addr[1];
|
|
||||||
} ai[1];
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_IPV6
|
|
||||||
if (!(ai = sock->curr_addr)) {
|
if (!(ai = sock->curr_addr)) {
|
||||||
#else
|
|
||||||
if (!*sock->curr_addr) {
|
|
||||||
#endif
|
|
||||||
error( "No working address found for %s\n", sock->conf->host );
|
error( "No working address found for %s\n", sock->conf->host );
|
||||||
socket_connect_bail( sock );
|
socket_connect_bail( sock );
|
||||||
return;
|
return;
|
||||||
|
@ -532,11 +551,6 @@ socket_connect_one( conn_t *sock )
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
struct sockaddr_in *in = ((struct sockaddr_in *)ai->ai_addr);
|
struct sockaddr_in *in = ((struct sockaddr_in *)ai->ai_addr);
|
||||||
#ifndef HAVE_IPV6
|
|
||||||
memset( in, 0, sizeof(*in) );
|
|
||||||
in->sin_family = AF_INET;
|
|
||||||
in->sin_addr.s_addr = *((int *)*sock->curr_addr);
|
|
||||||
#endif
|
|
||||||
in->sin_port = htons( sock->conf->port );
|
in->sin_port = htons( sock->conf->port );
|
||||||
nfasprintf( &sock->name, "%s (%s:%hu)",
|
nfasprintf( &sock->name, "%s (%s:%hu)",
|
||||||
sock->conf->host, inet_ntoa( in->sin_addr ), sock->conf->port );
|
sock->conf->host, inet_ntoa( in->sin_addr ), sock->conf->port );
|
||||||
|
@ -579,11 +593,7 @@ socket_connect_next( conn_t *conn )
|
||||||
sys_error( "Cannot connect to %s", conn->name );
|
sys_error( "Cannot connect to %s", conn->name );
|
||||||
free( conn->name );
|
free( conn->name );
|
||||||
conn->name = 0;
|
conn->name = 0;
|
||||||
#ifdef HAVE_IPV6
|
|
||||||
conn->curr_addr = conn->curr_addr->ai_next;
|
conn->curr_addr = conn->curr_addr->ai_next;
|
||||||
#else
|
|
||||||
conn->curr_addr++;
|
|
||||||
#endif
|
|
||||||
socket_connect_one( conn );
|
socket_connect_one( conn );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -597,12 +607,10 @@ socket_connect_failed( conn_t *conn )
|
||||||
static void
|
static void
|
||||||
socket_connected( conn_t *conn )
|
socket_connected( conn_t *conn )
|
||||||
{
|
{
|
||||||
#ifdef HAVE_IPV6
|
|
||||||
if (conn->addrs) {
|
if (conn->addrs) {
|
||||||
freeaddrinfo( conn->addrs );
|
freeaddrinfo( conn->addrs );
|
||||||
conn->addrs = 0;
|
conn->addrs = 0;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
conf_notifier( &conn->notify, 0, POLLIN );
|
conf_notifier( &conn->notify, 0, POLLIN );
|
||||||
socket_expect_read( conn, 0 );
|
socket_expect_read( conn, 0 );
|
||||||
conn->state = SCK_READY;
|
conn->state = SCK_READY;
|
||||||
|
@ -612,12 +620,10 @@ socket_connected( conn_t *conn )
|
||||||
static void
|
static void
|
||||||
socket_cleanup_names( conn_t *conn )
|
socket_cleanup_names( conn_t *conn )
|
||||||
{
|
{
|
||||||
#ifdef HAVE_IPV6
|
|
||||||
if (conn->addrs) {
|
if (conn->addrs) {
|
||||||
freeaddrinfo( conn->addrs );
|
freeaddrinfo( conn->addrs );
|
||||||
conn->addrs = 0;
|
conn->addrs = 0;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
free( conn->name );
|
free( conn->name );
|
||||||
conn->name = 0;
|
conn->name = 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -73,7 +73,7 @@ typedef struct {
|
||||||
#ifdef HAVE_IPV6
|
#ifdef HAVE_IPV6
|
||||||
struct addrinfo *addrs, *curr_addr; /* needed during connect */
|
struct addrinfo *addrs, *curr_addr; /* needed during connect */
|
||||||
#else
|
#else
|
||||||
char **curr_addr; /* needed during connect */
|
struct addr_info *addrs, *curr_addr; /* needed during connect */
|
||||||
#endif
|
#endif
|
||||||
char *name;
|
char *name;
|
||||||
#ifdef HAVE_LIBSSL
|
#ifdef HAVE_LIBSSL
|
||||||
|
|
Loading…
Reference in New Issue
Block a user