X-Git-Url: http://git.madism.org/?p=apps%2Fmadmutt.git;a=blobdiff_plain;f=lib-sys%2Fmutt_ssl.cpkg;h=562393807be30afaf0f8471e748d6ccf56993407;hp=3717ba4f752aa94bea2ae0958ef0f899621ce9f5;hb=de45ea41e6143bbdd3065488af6cd89f66b2e25b;hpb=f435868132e200bfa71ac155f037cf64bf5414ba;ds=sidebyside diff --git a/lib-sys/mutt_ssl.cpkg b/lib-sys/mutt_ssl.cpkg index 3717ba4..5623938 100644 --- a/lib-sys/mutt_ssl.cpkg +++ b/lib-sys/mutt_ssl.cpkg @@ -44,20 +44,6 @@ ** This variables specifies whether to attempt to use SSLv3 in the ** SSL authentication process. */ - bool use_tlsv1 = 1; - /* - ** .pp - ** This variables specifies whether to attempt to use TLSv1 in the - ** SSL authentication process. - */ - - int min_dh_prime_bits = 0; - /* - ** .pp - ** This variable specifies the minimum acceptable prime size (in bits) - ** for use in any Diffie-Hellman key exchange. A value of 0 will use - ** the default from the GNUTLS library. - */ path_t cert_file = luaM_pathnew("~/.cache/madmutt/certificates"); /* @@ -147,7 +133,7 @@ static int tls_socket_read (CONNECTION * conn, char *buf, ssize_t len) } ret = gnutls_record_recv (data->state, buf, len); - if (gnutls_error_is_fatal (ret) == 1) { + if (ret < 0 && gnutls_error_is_fatal (ret) == 1) { mutt_error (_("tls_socket_read (%s)"), gnutls_strerror (ret)); mutt_sleep (4); return -1; @@ -167,7 +153,7 @@ static int tls_socket_write (CONNECTION * conn, const char *buf, ssize_t len) } ret = gnutls_record_send (data->state, buf, len); - if (gnutls_error_is_fatal (ret) == 1) { + if (ret < 0 && gnutls_error_is_fatal (ret) == 1) { mutt_error (_("tls_socket_write (%s)"), gnutls_strerror (ret)); mutt_sleep (4); return -1; @@ -244,15 +230,7 @@ static int tls_negotiate (CONNECTION * conn) gnutls_transport_set_ptr (data->state, (gnutls_transport_ptr)(intptr_t)conn->fd); /* disable TLS/SSL protocols as needed */ - if (!mod_ssl.use_tlsv1 && !mod_ssl.use_sslv3) { - mutt_error (_("All available protocols for TLS/SSL connection disabled")); - goto fail; - } - else if (!mod_ssl.use_tlsv1) { - protocol_priority[0] = GNUTLS_SSL3; - protocol_priority[1] = 0; - } - else if (!mod_ssl.use_sslv3) { + if (!mod_ssl.use_sslv3) { protocol_priority[0] = GNUTLS_TLS1; protocol_priority[1] = 0; } @@ -266,10 +244,6 @@ static int tls_negotiate (CONNECTION * conn) gnutls_set_default_priority (data->state); gnutls_protocol_set_priority (data->state, protocol_priority); - if (mod_ssl.min_dh_prime_bits > 0) { - gnutls_dh_set_prime_bits(data->state, mod_ssl.min_dh_prime_bits); - } - /* gnutls_set_cred (data->state, GNUTLS_ANON, NULL); */ @@ -429,16 +403,18 @@ static void tls_fingerprint (gnutls_digest_algorithm algo, static char *tls_make_date (time_t t, char *s, ssize_t len) { - struct tm *l = gmtime (&t); - - if (l) - snprintf (s, len, "%s, %d %s %d %02d:%02d:%02d UTC", - Weekdays[l->tm_wday], l->tm_mday, Months[l->tm_mon], - l->tm_year + 1900, l->tm_hour, l->tm_min, l->tm_sec); - else - m_strcpy(s, len, _("[invalid date]")); + struct tm *l = gmtime(&t); + + if (l) { + const char *loc; + loc = setlocale(LC_TIME, "C"); + strftime(s, len, "%a, %d %b %Y %T UTC", l); + setlocale(LC_TIME, loc); + } else { + m_strcpy(s, len, _("[invalid date]")); + } - return (s); + return s; } static int tls_check_stored_hostname (const gnutls_datum * cert, @@ -833,7 +809,7 @@ static int tls_check_certificate (CONNECTION * conn) unset_option (OPTUNBUFFEREDINPUT); mutt_menuDestroy (&menu); gnutls_x509_crt_deinit (cert); - return (done == 2); + return done == 2; } /* vim:set ft=c: */