-#if defined(USE_SSL) || defined(USE_GNUTLS)
-#ifdef USE_SSL
- {"ssl_client_cert", DT_PATH, R_NONE, UL &SslClientCert, "" },
- /*
- ** .pp
- ** Availability: SSL
- **
- ** .pp
- ** The file containing a client certificate and its associated private
- ** key.
- */
-#endif /* USE_SSL */
- {"ssl_force_tls", DT_BOOL, R_NONE, OPTSSLFORCETLS, "no" },
- /*
- ** .pp
- ** If this variable is \fIset\fP, Madmutt will require that all connections
- ** to remote servers be encrypted. Furthermore it will attempt to
- ** negotiate TLS even if the server does not advertise the capability,
- ** since it would otherwise have to abort the connection anyway. This
- ** option supersedes ``$$ssl_starttls''.
- */
- {"ssl_starttls", DT_QUAD, R_NONE, OPT_SSLSTARTTLS, "yes" },
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** If \fIset\fP (the default), Madmutt will attempt to use STARTTLS on servers
- ** advertising the capability. When \fIunset\fP, Madmutt will not attempt to
- ** use STARTTLS regardless of the server's capabilities.
- */
- {"certificate_file", DT_PATH, R_NONE, UL &SslCertFile, "~/.mutt_certificates"},
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** This variable specifies the file where the certificates you trust
- ** are saved. When an unknown certificate is encountered, you are asked
- ** if you accept it or not. If you accept it, the certificate can also
- ** be saved in this file and further connections are automatically
- ** accepted.
- ** .pp
- ** You can also manually add CA certificates in this file. Any server
- ** certificate that is signed with one of these CA certificates are
- ** also automatically accepted.
- ** .pp
- ** Example: \fTset certificate_file=~/.madmutt/certificates\fP
- */
-# if defined(_MAKEDOC) || !defined (USE_GNUTLS)
- {"ssl_usesystemcerts", DT_BOOL, R_NONE, OPTSSLSYSTEMCERTS, "yes" },
- /*
- ** .pp
- ** Availability: SSL
- **
- ** .pp
- ** If set to \fIyes\fP, Madmutt will use CA certificates in the
- ** system-wide certificate store when checking if server certificate
- ** is signed by a trusted CA.
- */
- {"entropy_file", DT_PATH, R_NONE, UL &SslEntropyFile, "" },
- /*
- ** .pp
- ** Availability: SSL
- **
- ** .pp
- ** The file which includes random data that is used to initialize SSL
- ** library functions.
- */
- {"ssl_use_sslv2", DT_BOOL, R_NONE, OPTSSLV2, "no" },
- /*
- ** .pp
- ** Availability: SSL
- **
- ** .pp
- ** This variables specifies whether to attempt to use SSLv2 in the
- ** SSL authentication process.
- */
-# endif /* _MAKEDOC || !USE_GNUTLS */
- {"ssl_use_sslv3", DT_BOOL, R_NONE, OPTSSLV3, "yes" },
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** This variables specifies whether to attempt to use SSLv3 in the
- ** SSL authentication process.
- */
- {"ssl_use_tlsv1", DT_BOOL, R_NONE, OPTTLSV1, "yes" },
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** This variables specifies whether to attempt to use TLSv1 in the
- ** SSL authentication process.
- */
-# ifdef USE_GNUTLS
- {"ssl_min_dh_prime_bits", DT_NUM, R_NONE, UL &SslDHPrimeBits, "0" },
- /*
- ** .pp
- ** Availability: GNUTLS
- **
- ** .pp
- ** This variable specifies the minimum acceptable prime size (in bits)
- ** for use in any Diffie-Hellman key exchange. A value of 0 will use
- ** the default from the GNUTLS library.
- */
- {"ssl_ca_certificates_file", DT_PATH, R_NONE, UL &SslCACertFile, "" },
- /*
- ** .pp
- ** This variable specifies a file containing trusted CA certificates.
- ** Any server certificate that is signed with one of these CA
- ** certificates are also automatically accepted.
- ** .pp
- ** Example: \fTset ssl_ca_certificates_file=/etc/ssl/certs/ca-certificates.crt\fP
- */
-# endif /* USE_GNUTLS */
-# endif /* USE_SSL || USE_GNUTLS */