Commit Graph

19 Commits

Author SHA1 Message Date
Oswald Buddenhagen
37a28d8133 improve socket connect() error reporting with poll()
turns out that poll() may (and on linux does) signal POLLERR on
connection failure. this is unlike select(), which is specified to
signal write readiness in every case.
consequently, check whether we are connecting before checking for
POLLERR.
2013-03-29 18:24:32 +01:00
Oswald Buddenhagen
a66034b23a fix crash in ssl connection error path
not a good idea to invoke the callback twice ...
2013-03-17 19:49:53 +01:00
Oswald Buddenhagen
acb1c870b4 rewrite SSL certificate verification. again.
leave all the hard work to OpenSSL. this has several consequences:
- certificate chain validation actually works instead of throwing
  around error 20
- the interactive approval is gone. i don't expect it to be useful
  anyway, as mbsync is mostly a batch tool
- the code is much shorter
2013-03-17 19:49:03 +01:00
Oswald Buddenhagen
8310cf78ac fix CVE-2013-0289: add SSL subject verification
we did not check a valid certificate's subject at all so far.
this is no problem if the certificate file contains only exactly the
wanted host's certificate - before revision 04fdf7d1 (dec 2000, < v0.4),
this was even enforced (more or less - if the peer cert had been
signed directly by a root cert, it would be accepted as well).
however, when the file contains root certificates (like the system-wide
certificate file typically does), any host with a valid certificate
could pretend to be the wanted host.
2013-02-17 18:33:04 +01:00
Oswald Buddenhagen
fbba8f1cda add support for (disabling) TLS v1.1 and v1.2 2013-02-10 09:56:33 +01:00
Oswald Buddenhagen
8dbb3fe7a9 flush stdout more
to make sure it is timely written and not interleaved with stderr even
when when redirected.
2012-09-22 17:48:09 +02:00
Ben Kibbey
47fe4b7998 Fix certificate verification.
The connection state wasn't getting updated.
2012-09-08 14:26:22 +02:00
Oswald Buddenhagen
d4c786823d replace FSF address with something more ... contemporary 2012-09-01 21:15:53 +02:00
Oswald Buddenhagen
7c815538ab fix line wrapping before info messages
unless an info message is explictly marked as a continuation, it must
terminate any pending line (typically the progress information) first.

debug output is not affected, as it is mutually exclusive with info
output, and no debug lines are left unterminated outside clear scopes.
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
d2bed4990d unify error reporting
- introduce sys_error() and use it instead of perror() and
  error(strerror()) in all expected error conditions
- perror() is used only for "something's really wrong with the system"
  kind of errors
- file names, etc. are quoted if they are not validated yet, so e.g. an
  empty string becomes immediately obvious
- improve and unify language
- add missing newlines
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
bd93d689db fully asynchronous IMAP operation
- asynchronous sockets using an event loop
  - connect & starttls have completion callback parameters
  - callbacks for notification about filled input buffer and emptied
    output buffer
- unsent imap command queue
  - used when
    - socket output buffer is non-empty
    - number of commands in flight exceeds limit
    - last sent command requires round-trip
    - command has a dependency on completion of previous command
  - trashnc is tri-state so only a single "scout" trash APPEND/COPY is
    sent at first. a possibly resulting CREATE is injected in front of
    the remaining trash commands, so they can succeed (or be cancel()d
    if it fails).
  - queue's presence necessitates imap_cancel implementation
2012-09-01 16:03:36 +02:00
Oswald Buddenhagen
a55354516b move responsibility for closing sockets on error to user
the only user being imap and the first thing in imap_cancel_store()
being a call to socket_close(), this code was pretty pointless anyway.
2012-09-01 16:03:36 +02:00
Oswald Buddenhagen
802c99edcf make socket read/write error reporting callback-based
the functions still have synchronous return codes as well - this enables
early error returns without having to resort to refcounting.
2012-09-01 16:03:36 +02:00
Oswald Buddenhagen
f1df2f40d1 decouple the filling of the read buffer from consuming it
this prepares the code for being called from a callback.

notably, this makes the imap list parser have a "soft stack", so the
recursion can be suspended at any time.
2012-09-01 16:03:36 +02:00
Oswald Buddenhagen
f8d73ac346 make socket_write() capable of taking ownership of the buffer
that way the user code doesn't have to free it any more.
2012-09-01 16:03:36 +02:00
Oswald Buddenhagen
8a72d204c9 change socket_write() return code semantics
instead of returning a write()-like result, return only a binary status
code - write errors are handled internally anyway, so user code doesn't
have to check the write length.
2012-09-01 16:03:36 +02:00
Oswald Buddenhagen
171f7d6cd3 Socket_t + buffer_t => conn_t
remove the layering, in favor of a "buffered connection" abstraction.
2012-09-01 16:03:36 +02:00
Oswald Buddenhagen
3447694c2b security fix: failure to load the certificate file is *not* OK ... 2012-09-01 16:03:36 +02:00
Oswald Buddenhagen
ef41349035 move socket code to a separate file
this makes the layering more obvious
2012-09-01 16:03:35 +02:00