Commit Graph

86 Commits

Author SHA1 Message Date
Oswald Buddenhagen
d09f988c70 add support for (disabling) TLS v1.3
this is actually potentially counterproductive, as people who have set
SSLVersions and fail to adjust it will _lose_ tls 1.3 support. however,
without the option being there, people (incorrectly) believe that tls
1.3 is not supported.
2020-08-04 14:49:58 +02:00
Jaroslav Suchanek
07cb422cbb Add support for specifying cipher string used for ssl connection
Some distributions (e.g. Fedora) added support for system wide crypto
policies. This is supported in most common crypto libraries including
OpenSSL. Applications can override this policy using their own cipher
string. This commit adds support for specifying the cipher string in
the mbsync configuration.

For example, to exclude Diffie-Hellman, the user can specify
  CipherString "DEFAULT:!DH"
in the IMAP Account's configuration.
2020-08-04 14:49:58 +02:00
Oswald Buddenhagen
e7bc402d09 rename socket_expect_read() => socket_expect_activity()
... to better reflect its (mostly new) function.
2020-08-04 14:49:58 +02:00
Oswald Buddenhagen
8a03651dd8 re-nest conditions in socket_fd_cb()
conn->state == SCK_STARTTLS implies conn->ssl != NULL.
2020-08-04 14:49:57 +02:00
Oswald Buddenhagen
2117945838 move state assignment to a more natural place
... so it's right next to the related callback assignment.
2020-08-04 14:49:57 +02:00
Oswald Buddenhagen
30261fe6f1 fix version comparison in LibreSSL conditional
the operator was exactly inverted. that means that it actually wouldn't
compile with both older versions (that needed the aliases) and
potentially new versions (that will hide the data members - still not
the case as of 3.2).

amends 8a40554f0.
2020-08-04 14:42:42 +02:00
Oswald Buddenhagen
813ad67c56 fix simultaneously connecting to multiple hosts in non-IPv6 builds
we need to deep-copy the struct hostent data, as otherwise the
concurrent connects will overwrite each other's lookup results.

this is a rather hypothetical fix, as the bug currently affects only
channels connecting two IMAP accounts, and only if the first host's
first address asynchronously fails to connect.
2020-08-04 14:39:34 +02:00
Oswald Buddenhagen
dfa8c16f27 don't timeout while uploading big messages
we did already set up the timeout when starting to send commands, but so
far we did not reset it when succeeding to send out data. rectify that.

REFFAIL: 87sgy92we3.fsf@jnanam.net
2020-07-08 11:12:59 +02:00
Oswald Buddenhagen
d0a8551703 fix error handling of SSL_set_tlsext_host_name()
it is not one of the functions to be checked with SSL_get_error().

amends 17babc169.
2019-09-10 13:26:42 +02:00
Oswald Buddenhagen
6a874b5877 error-check more openssl function calls 2019-09-10 13:26:42 +02:00
Oswald Buddenhagen
5f908b7672 attempt to improve ssl error handling (again)
the error queue may contain multiple errors, so make sure to drain it
completely. also, don't try to fall back to errno in case of
SSL_ERROR_SSL.
2019-09-10 13:26:42 +02:00
Oswald Buddenhagen
91abf2b830 modernize ssl context init
with openssl 1.1+, use TLS_client_method() instead of the deprecated
SSLv23_client_method().
2019-09-10 13:26:42 +02:00
Oswald Buddenhagen
f63e4338e8 fix leak of openssl X509 objects
SSL_get_peer_certificate() increments the refcount of the object.
2019-09-10 13:26:42 +02:00
Caspar Schutijser
7607e53d56 Do not crash when using Tunnel in an IPv6-enabled build
socket_connected() is also called on the tunnel pipe.

amends 3ceb55310.
2019-08-19 13:23:03 +02:00
Oswald Buddenhagen
17babc1695 use SNI when connecting with SSL
based on patch by Vincent Bernat <vincent@bernat.ch>.
2018-09-08 18:37:15 +02:00
Klemens Nanni
8a40554f07 User functions provided by recent LibreSSL versions
At least on OpenBSD, this enables new APIs out of the box provided by
LibreSSL 2.7.1 and higher.

From Jeremie Courreges-Anglas <jca@openbsd.org>.
2018-07-01 12:44:19 +02:00
Oswald Buddenhagen
3a2e6b3793 prune SSL 2 support
OpenSSL actually did that a while ago already, so this was dead code.
2017-10-01 10:42:00 +02:00
Oswald Buddenhagen
1b354fa61a Merge branch '1.2'
Conflicts:
	Makefile.am
	configure.ac
	debian/.gitignore
2017-10-01 10:38:43 +02:00
Oswald Buddenhagen
33ee4a4ffe fixes for -Wimplicit-fallthrough 2017-10-01 10:04:31 +02:00
Oswald Buddenhagen
118fdc4f18 Merge branch '1.2'
Conflicts:
	configure.ac
	src/mbsync.1
2017-08-05 21:20:48 +02:00
Oswald Buddenhagen
ada0ae4b8e fix spurious decompression errors
while that's just bad api, inflate() can return Z_BUF_ERROR during
normal operation.

contrary to the zpipe example and what the documentation implies,
deflate() actually isn't that braindead. add respective comments.

REFMAIL: CALA3aExMjtRL0tAmgUANpDTnn-_HJ0sYkOEXWzoO6DVaiNFUHQ@mail.gmail.com
2017-07-30 18:47:30 +02:00
Oswald Buddenhagen
366ed7d762 improve zlib error reporting
zlib is not exactly thorough about always populating z_stream->msg, so
fall back to the error code if necessary.
2017-07-30 13:47:51 +02:00
Patrick Steinhardt
56515abe94 socket: use next addrinfo if opening socket fails
The `socket_connect_one` function previously did an `exit(1)` when
encountering any errors with opening the socket. This would break
connecting to a host where multiple possible addrinfos are returned,
where the leading addrinfos are in fact impossible to connect to. E.g.
with a kernel configured without support for IPv6, the `getaddrinfo`
call may still return a hint containing an IPv6 address alongside
another hint with an IPv4 address. Creating the socket with the IPv6
address, which will cause an error, lead us to exiting early without
even trying remaining hints.

While one can argue that the user should have compiled without HAVE_IPV6
or used an appropriate DNS configuration, we can do better by simply
skipping over the current addrinfo causing an error. To do so, we split
out a new function `socket_connect_next`, which selects the next
available address info and subsequently calls `socket_connect_one`
again. When no hints remain, `sock_connect_one` will error out at that
point.
2017-06-22 09:23:56 +02:00
Oswald Buddenhagen
b2f6ef391b Merge branch 'isync_1_2_branch' 2016-11-05 13:16:32 +01:00
Oswald Buddenhagen
41308e4814 fix build with openssl 1.1
they finally made their structs opaque, and provided proper getters.
2016-07-24 11:58:57 +02:00
Oswald Buddenhagen
719d4a2437 prune obsolete #include
hmac.h was needed only for the cram-md5 implementation.
2016-07-24 11:58:09 +02:00
Oswald Buddenhagen
2648ef578f fix server certificate validation error reporting
use the right function to decode the error code.

found by Andrés Ramírez <sunshavi@fastmail.fm>.
2016-05-21 13:09:56 +02:00
Oswald Buddenhagen
89dc7592ee don't crash when dns lookup fails (ipv6 path)
we call socket_connect_bail() when getaddrinfo() failed, so it must deal
with no addrinfo being there yet.
2015-09-27 12:13:34 +02:00
Oswald Buddenhagen
9a0403f446 de-duplicate cleanup of name-related data in error paths
"name" being both the ipv6 dns info and our own socket label.

sort-of amends 9d22641b.
2015-09-12 11:13:59 +02:00
Anton Khirnov
167964933f add support for sending a TLS client certificate 2015-08-09 09:44:55 +02:00
Oswald Buddenhagen
9d22641b62 make server connection a cancellable operation
this entails splitting drv->open_store() into alloc_store() and
connect_store().
2015-05-24 14:51:31 +02:00
Oswald Buddenhagen
bcd43e2c66 Merge branch 'isync_1_2_branch'
Conflicts:
	configure.ac
	src/drv_imap.c
2015-05-09 19:31:55 +02:00
Oswald Buddenhagen
02af3f4c73 ensure direct exit after calling back
any structures may be invalid after callback invocation.

this has the side effect that the socket write callback now returns
void, like all other callbacks do.
2015-05-09 19:18:40 +02:00
Oswald Buddenhagen
6c08f568d0 fix socket_write() recursion
the synchronous writing to the socket would have typically invoked the
write callback, which would flush further commands, thus recursing.

we take the easy way out and make it fully asynchronous, i.e., no data
is sent before (re-)entering the event loop.

this also has the effect that socket_write() cannot fail any more, and
any errors will be reported asynchronously. this is consistent with
socket_read(), and produces cleaner code.

this introduces a marginal performance regression: the maildir driver is
synchronous, so all messages (which fit into memory) will be read before
any data is sent. this is not considered relevant.
2015-05-09 19:17:41 +02:00
Oswald Buddenhagen
1eb88d4fea add socket timeout handling 2015-04-26 20:58:22 +02:00
Oswald Buddenhagen
a8b26dc4ac soft-limit peak memory usage
propagating many messages from a fast store (typically maildir or a
local IMAP server) to a slow asynchronous store could cause gigabytes of
data being buffered. avoid this by throttling fetches if the target
context reports memory usage above a configurable limit.

REFMAIL: 9737edb14457c71af4ed156c1be0ae59@mpcjanssen.nl
2015-02-15 18:13:05 +01:00
Oswald Buddenhagen
d4392c9220 handle clean SSL connection shutdowns
some servers actually bother to close down the SSL connection before
closing the socket.

this fixes the spurious "unhandled SSL error 6" messages.

REFMAIL: 20150120114805.GA17586@leeloo.kyriasis.com
2015-02-15 12:19:47 +01:00
Oswald Buddenhagen
9e15ab4a5a refactor socket EOF handling
handling EOF already at the socket level isn't a very good idea - it
breaks the abstraction, and makes implementing sane semantics hard.
2015-02-15 12:15:46 +01:00
Oswald Buddenhagen
13c742529c fix crash on shutdown of compressed connection
the callback may destroy the socket, so it is very unwise to use it for
buffering the return value. use a temporary instead.
2015-02-15 11:49:58 +01:00
Oswald Buddenhagen
c9b8cefc29 handle clean shutdown of zlib stream
the server can actually close the zlib stream before closing the socket,
so we need to accept it.

we don't do anything beyond that - the actual EOF will be signaled by
the socket, and if the server (erroneously) sends more data, zlib will
tell us about it.

REFMAIL: 1423048708-975-1-git-send-email-alex.bennee@linaro.org
2015-02-15 11:49:58 +01:00
Oswald Buddenhagen
ef70bd4a40 don't try to flush if there is nothing to flush
zlib reports Z_BUF_ERROR when a flush is attempted without any activity
since the previous flush (if any). while this is harmless as such,
discerning the condition from genuine errors would be much harder than
avoiding the pointless flush in the first place.

REFMAIL: eb5681612f17be777bc8d138d31dd6d6@mpcjanssen.nl
2015-02-15 11:49:58 +01:00
Oswald Buddenhagen
6c959c3ee4 fix handling of unsolicited BYE responses
they can come in at any time, after which we must expect the connection
to be closed (and not complain about it).
2015-01-11 15:05:29 +01:00
Oswald Buddenhagen
139b90be29 added support for IMAP DEFLATE
initial patch by Jesse Weaver <pianohacker@gmail.com>, but mostly
rewritten by me.
2015-01-11 15:05:28 +01:00
Oswald Buddenhagen
f0b80e7d35 make socket writing buffered
the primary objective is reducing the number of small SSL packets (which
are always padded), but fewer syscalls in the non-SSL case should be
good as well.
2015-01-11 15:05:28 +01:00
Oswald Buddenhagen
efb23ab96a vectorize socket_write()
the objective is making the buffer code aware of the total size of a
write in advance. this commit doesn't take advantage of that yet.
2015-01-11 15:05:28 +01:00
Oswald Buddenhagen
a4e2f1a60d use null timer instead of faking a socket notification 2015-01-11 15:05:28 +01:00
Oswald Buddenhagen
1fd66195d8 change socket notifier design
instead of keeping the structures in an opaque array (which was a shadow
of the struct pollfd array if poll() was supported), make them directly
addressable.

this has the advantage that notifier-altering operations (mostly
en-/disabling) don't need to look up the structure by file handle each
time.
on the downside, data locality in the main loop is worse.
neither of these have any real effect on performance.

note that the structures are not allocated separately, but embedded into
the the parent structure (like sockets already were).
2015-01-11 15:05:28 +01:00
Oswald Buddenhagen
f68e021b90 factor out socket_open_internal() 2015-01-11 15:05:28 +01:00
Oswald Buddenhagen
b730f66f7d Merge branch 'isync_1_1_branch' into HEAD
Conflicts:
	src/socket.c
2015-01-11 14:32:15 +01:00
Oswald Buddenhagen
6f7d416bb8 fix acceptance of trusted SSL certs
we should make no assumptions about the layout of OpenSSL's certificate
store, in particular when they are wrong. so copy the interesting part
instead of "deep-linking" into it.

this code is uglier than it should be, but OpenSSL's extensive use of
macros to manage data types would force us to include the ssl headers
into our headers otherwise, which would be even uglier.

REFMAIL: <545442CC.9020400@nodivisions.com>
2014-11-08 14:00:28 +01:00