diff --git a/SConstruct b/SConstruct index 888e3f95..d1813bd1 100644 --- a/SConstruct +++ b/SConstruct @@ -222,10 +222,13 @@ libvmime_messaging_sources = [ libvmime_net_tls_sources = [ 'net/tls/TLSSession.cpp', 'net/tls/TLSSession.hpp', 'net/tls/TLSSocket.cpp', 'net/tls/TLSSocket.hpp', + 'net/tls/TLSProperties.cpp', 'net/tls/TLSProperties.hpp', 'net/tls/gnutls/TLSSession_GnuTLS.cpp', 'net/tls/gnutls/TLSSession_GnuTLS.hpp', 'net/tls/gnutls/TLSSocket_GnuTLS.cpp', 'net/tls/gnutls/TLSSocket_GnuTLS.hpp', + 'net/tls/gnutls/TLSProperties_GnuTLS.cpp', 'net/tls/gnutls/TLSProperties_GnuTLS.hpp', 'net/tls/openssl/TLSSession_OpenSSL.cpp', 'net/tls/openssl/TLSSession_OpenSSL.hpp', 'net/tls/openssl/TLSSocket_OpenSSL.cpp', 'net/tls/openssl/TLSSocket_OpenSSL.hpp', + 'net/tls/openssl/TLSProperties_OpenSSL.cpp', 'net/tls/openssl/TLSProperties_OpenSSL.hpp', 'net/tls/openssl/OpenSSLInitializer.cpp', 'net/tls/openssl/OpenSSLInitializer.hpp', 'net/tls/TLSSecuredConnectionInfos.cpp', 'net/tls/TLSSecuredConnectionInfos.hpp', 'security/cert/certificateChain.cpp', 'security/cert/certificateChain.hpp', diff --git a/doc/book/net.tex b/doc/book/net.tex index 7359c3e3..8b1c7fa7 100644 --- a/doc/book/net.tex +++ b/doc/book/net.tex @@ -1006,3 +1006,68 @@ Finally, to make the service use your own certificate verifier, simply write: theService->setCertificateVerifier(vmime::create ()); \end{lstlisting} +\subsection{SSL/TLS Properties} % -------------------------------------------- + +If you want to customize behavior or set some options on TLS/SSL connection, +you may use the TLSProperties object, and pass it to the service session. The +TLS/SSL options must be set {\em before} creating any service with the session +(ie. before calling either {\vcode getStore()} or {\vcode getTransport()} on +the session), or they will not be used. + +The following example shows how to set the cipher suite preferences for TLS: + +\begin{lstlisting}[caption={Setting TLS cipher suite preferences}] +vmime::ref sess = /* ... */; + +vmime::ref tlsProps = + vmime::create (); + +// for OpenSSL +tlsProps->setCipherString("HIGH:!ADH:@STRENGTH"); + +// for GNU TLS +tlsProps->setCipherString("NORMAL:%SSL3_RECORD_VERSION"); + +sess->setTLSProperties(tlsProps); +\end{lstlisting} + +Please note that the cipher suite string format and meaning depend on the +underlying TLS library (either OpenSSL or GNU TLS): + +\begin{itemize} +\item for GNU TLS, read this: \newline +\url{http://gnutls.org/manual/html\_node/Priority-Strings.html} + +\item for OpenSSL, read this: \newline +\url{http://www.openssl.org/docs/apps/ciphers.html#CIPHER\_STRINGS} +\end{itemize} + +You may also set cipher suite preferences using predefined constants that +map to generic security modes: + +\begin{lstlisting}[caption={Setting TLS cipher suite preferences using predefined modes}] +sess->setCipherSuite(vmime::net::tls::TLSProperties::CIPHERSUITE_HIGH); +\end{lstlisting} + +The following constants are available: + +\noindent\begin{tabularx}{1.0\textwidth}{|l|X|} +\hline + {\bf Constant} & + {\bf Meaning} \\ +\hline + CIPHERSUITE\_HIGH & + High encryption cipher suites ($>$ 128 bits) \\ +\hline + CIPHERSUITE\_MEDIUM & + Medium encryption cipher suites ($>=$ 128 bits) \\ +\hline + CIPHERSUITE\_LOW & + Low encryption cipher suites ($>=$ 64 bits) \\ +\hline + CIPHERSUITE\_DEFAULT & + Default cipher suite (actual cipher suites used depends + on the underlying SSL/TLS library) \\ +\hline +\end{tabularx} + diff --git a/src/net/imap/IMAPConnection.cpp b/src/net/imap/IMAPConnection.cpp index 4002eded..53f8ba9f 100644 --- a/src/net/imap/IMAPConnection.cpp +++ b/src/net/imap/IMAPConnection.cpp @@ -112,8 +112,9 @@ void IMAPConnection::connect() #if VMIME_HAVE_TLS_SUPPORT if (store->isIMAPS()) // dedicated port/IMAPS { - ref tlsSession = - tls::TLSSession::create(store->getCertificateVerifier()); + ref tlsSession = tls::TLSSession::create + (store->getCertificateVerifier(), + store->getSession()->getTLSProperties()); ref tlsSocket = tlsSession->getSocket(m_socket); @@ -474,8 +475,9 @@ void IMAPConnection::startTLS() ("STARTTLS", resp->getErrorLog(), "bad response"); } - ref tlsSession = - tls::TLSSession::create(m_store.acquire()->getCertificateVerifier()); + ref tlsSession = tls::TLSSession::create + (m_store.acquire()->getCertificateVerifier(), + m_store.acquire()->getSession()->getTLSProperties()); ref tlsSocket = tlsSession->getSocket(m_socket); diff --git a/src/net/pop3/POP3Connection.cpp b/src/net/pop3/POP3Connection.cpp index 948242d7..dd0024e9 100644 --- a/src/net/pop3/POP3Connection.cpp +++ b/src/net/pop3/POP3Connection.cpp @@ -106,8 +106,9 @@ void POP3Connection::connect() #if VMIME_HAVE_TLS_SUPPORT if (store->isPOP3S()) // dedicated port/POP3S { - ref tlsSession = - tls::TLSSession::create(store->getCertificateVerifier()); + ref tlsSession = tls::TLSSession::create + (store->getCertificateVerifier(), + store->getSession()->getTLSProperties()); ref tlsSocket = tlsSession->getSocket(m_socket); @@ -544,8 +545,9 @@ void POP3Connection::startTLS() if (!response->isSuccess()) throw exceptions::command_error("STLS", response->getFirstLine()); - ref tlsSession = - tls::TLSSession::create(m_store.acquire()->getCertificateVerifier()); + ref tlsSession = tls::TLSSession::create + (m_store.acquire()->getCertificateVerifier(), + m_store.acquire()->getSession()->getTLSProperties()); ref tlsSocket = tlsSession->getSocket(m_socket); diff --git a/src/net/session.cpp b/src/net/session.cpp index 970ef71d..a444d000 100644 --- a/src/net/session.cpp +++ b/src/net/session.cpp @@ -39,18 +39,19 @@ namespace net { session::session() + : m_tlsProps(vmime::create ()) { } session::session(const session& sess) - : object(), m_props(sess.m_props) + : object(), m_props(sess.m_props), m_tlsProps(vmime::create (*sess.m_tlsProps)) { } session::session(const propertySet& props) - : m_props(props) + : m_props(props), m_tlsProps(vmime::create ()) { } @@ -136,6 +137,18 @@ propertySet& session::getProperties() } +void session::setTLSProperties(ref tlsProps) +{ + m_tlsProps = vmime::create (*tlsProps); +} + + +ref session::getTLSProperties() const +{ + return m_tlsProps; +} + + } // net } // vmime diff --git a/src/net/smtp/SMTPConnection.cpp b/src/net/smtp/SMTPConnection.cpp index 88170243..e831ccfc 100644 --- a/src/net/smtp/SMTPConnection.cpp +++ b/src/net/smtp/SMTPConnection.cpp @@ -107,8 +107,9 @@ void SMTPConnection::connect() #if VMIME_HAVE_TLS_SUPPORT if (transport->isSMTPS()) // dedicated port/SMTPS { - ref tlsSession = - tls::TLSSession::create(transport->getCertificateVerifier()); + ref tlsSession = tls::TLSSession::create + (transport->getCertificateVerifier(), + transport->getSession()->getTLSProperties()); ref tlsSocket = tlsSession->getSocket(m_socket); @@ -479,8 +480,9 @@ void SMTPConnection::startTLS() resp->getCode(), resp->getEnhancedCode()); } - ref tlsSession = - tls::TLSSession::create(getTransport()->getCertificateVerifier()); + ref tlsSession = tls::TLSSession::create + (getTransport()->getCertificateVerifier(), + getTransport()->getSession()->getTLSProperties()); ref tlsSocket = tlsSession->getSocket(m_socket); diff --git a/src/net/tls/TLSProperties.cpp b/src/net/tls/TLSProperties.cpp new file mode 100644 index 00000000..1986db79 --- /dev/null +++ b/src/net/tls/TLSProperties.cpp @@ -0,0 +1,44 @@ +// +// VMime library (http://www.vmime.org) +// Copyright (C) 2002-2013 Vincent Richard +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License as +// published by the Free Software Foundation; either version 3 of +// the License, or (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// Linking this library statically or dynamically with other modules is making +// a combined work based on this library. Thus, the terms and conditions of +// the GNU General Public License cover the whole combination. +// + +#include "vmime/config.hpp" + + +#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT + + +#include "vmime/net/tls/TLSProperties.hpp" + + +namespace vmime { +namespace net { +namespace tls { + + +} // tls +} // net +} // vmime + + +#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT + diff --git a/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp b/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp new file mode 100644 index 00000000..2a161dee --- /dev/null +++ b/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp @@ -0,0 +1,113 @@ +// +// VMime library (http://www.vmime.org) +// Copyright (C) 2002-2013 Vincent Richard +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License as +// published by the Free Software Foundation; either version 3 of +// the License, or (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// Linking this library statically or dynamically with other modules is making +// a combined work based on this library. Thus, the terms and conditions of +// the GNU General Public License cover the whole combination. +// + +#include "vmime/config.hpp" + + +#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS + + +#include "vmime/base.hpp" +#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp" + +#include +#if GNUTLS_VERSION_NUMBER < 0x030000 +#include +#endif + + +namespace vmime { +namespace net { +namespace tls { + + +TLSProperties::TLSProperties() + : m_data(vmime::create ()) +{ + setCipherSuite(CIPHERSUITE_DEFAULT); +} + + +TLSProperties::TLSProperties(const TLSProperties& props) + : object(), + m_data(vmime::create ()) +{ + *m_data.dynamicCast () = *props.m_data.dynamicCast (); +} + + +void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite) +{ + switch (cipherSuite) + { + case CIPHERSUITE_HIGH: + + setCipherSuite("SECURE256:%SSL3_RECORD_VERSION"); + break; + + case CIPHERSUITE_MEDIUM: + + setCipherSuite("SECURE128:%SSL3_RECORD_VERSION"); + break; + + case CIPHERSUITE_LOW: + + setCipherSuite("NORMAL:%SSL3_RECORD_VERSION"); + break; + + default: + case CIPHERSUITE_DEFAULT: + + setCipherSuite("NORMAL:%SSL3_RECORD_VERSION"); + break; + } +} + + +void TLSProperties::setCipherSuite(const string& cipherSuite) +{ + m_data.dynamicCast ()->cipherSuite = cipherSuite; +} + + +const string TLSProperties::getCipherSuite() const +{ + return m_data.dynamicCast ()->cipherSuite; +} + + + +TLSProperties_GnuTLS& TLSProperties_GnuTLS::operator=(const TLSProperties_GnuTLS& other) +{ + cipherSuite = other.cipherSuite; + + return *this; +} + + +} // tls +} // net +} // vmime + + +#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS diff --git a/src/net/tls/gnutls/TLSSession_GnuTLS.cpp b/src/net/tls/gnutls/TLSSession_GnuTLS.cpp index 97f61d9e..8297e779 100644 --- a/src/net/tls/gnutls/TLSSession_GnuTLS.cpp +++ b/src/net/tls/gnutls/TLSSession_GnuTLS.cpp @@ -49,6 +49,7 @@ #include "vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp" #include "vmime/net/tls/gnutls/TLSSocket_GnuTLS.hpp" +#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp" #include "vmime/exception.hpp" @@ -133,14 +134,14 @@ static TLSGlobal g_gnutlsGlobal; // static -ref TLSSession::create(ref cv) +ref TLSSession::create(ref cv, ref props) { - return vmime::create (cv); + return vmime::create (cv, props); } -TLSSession_GnuTLS::TLSSession_GnuTLS(ref cv) - : m_certVerifier(cv) +TLSSession_GnuTLS::TLSSession_GnuTLS(ref cv, ref props) + : m_certVerifier(cv), m_props(props) { int res; @@ -151,21 +152,16 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref c // Sets some default priority on the ciphers, key exchange methods, // macs and compression methods. -#if HAVE_GNUTLS_PRIORITY_FUNCS +#if VMIME_HAVE_GNUTLS_PRIORITY_FUNCS gnutls_dh_set_prime_bits(*m_gnutlsSession, 128); if ((res = gnutls_priority_set_direct - (*m_gnutlsSession, "NORMAL:%SSL3_RECORD_VERSION", NULL)) != 0) + (*m_gnutlsSession, m_props->getCipherSuite().c_str(), NULL)) != 0) { - if ((res = gnutls_priority_set_direct - (*m_gnutlsSession, "NORMAL", NULL)) != 0) - { - throwTLSException - ("gnutls_priority_set_direct", res); - } + throwTLSException("gnutls_priority_set_direct", res); } -#else // !HAVE_GNUTLS_PRIORITY_FUNCS +#else // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS gnutls_set_default_priority(*m_gnutlsSession); @@ -241,7 +237,7 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref c gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority); -#endif // !HAVE_GNUTLS_PRIORITY_FUNCS +#endif // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS // Initialize credentials gnutls_credentials_set(*m_gnutlsSession, diff --git a/src/net/tls/openssl/TLSProperties_OpenSSL.cpp b/src/net/tls/openssl/TLSProperties_OpenSSL.cpp new file mode 100644 index 00000000..0efc33c9 --- /dev/null +++ b/src/net/tls/openssl/TLSProperties_OpenSSL.cpp @@ -0,0 +1,112 @@ +// +// VMime library (http://www.vmime.org) +// Copyright (C) 2002-2013 Vincent Richard +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License as +// published by the Free Software Foundation; either version 3 of +// the License, or (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// Linking this library statically or dynamically with other modules is making +// a combined work based on this library. Thus, the terms and conditions of +// the GNU General Public License cover the whole combination. +// + +#include "vmime/config.hpp" + + +#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL + + +#include "vmime/base.hpp" +#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp" + +#include +#include + + +namespace vmime { +namespace net { +namespace tls { + + +TLSProperties::TLSProperties() + : m_data(vmime::create ()) +{ + setCipherSuite(CIPHERSUITE_DEFAULT); +} + + +TLSProperties::TLSProperties(const TLSProperties& props) + : object(), + m_data(vmime::create ()) +{ + *m_data.dynamicCast () = *props.m_data.dynamicCast (); +} + + +void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite) +{ + switch (cipherSuite) + { + case CIPHERSUITE_HIGH: + + setCipherSuite("HIGH"); + break; + + case CIPHERSUITE_MEDIUM: + + setCipherSuite("MEDIUM"); + break; + + case CIPHERSUITE_LOW: + + setCipherSuite("LOW"); + break; + + default: + case CIPHERSUITE_DEFAULT: + + setCipherSuite("DEFAULT"); + break; + } +} + + +void TLSProperties::setCipherSuite(const string& cipherSuite) +{ + m_data.dynamicCast ()->cipherSuite = cipherSuite; +} + + +const string TLSProperties::getCipherSuite() const +{ + return m_data.dynamicCast ()->cipherSuite; +} + + + +TLSProperties_OpenSSL& TLSProperties_OpenSSL::operator=(const TLSProperties_OpenSSL& other) +{ + cipherSuite = other.cipherSuite; + + return *this; +} + + +} // tls +} // net +} // vmime + + +#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL + diff --git a/src/net/tls/openssl/TLSSession_OpenSSL.cpp b/src/net/tls/openssl/TLSSession_OpenSSL.cpp index fcf82c7b..953e4ebc 100644 --- a/src/net/tls/openssl/TLSSession_OpenSSL.cpp +++ b/src/net/tls/openssl/TLSSession_OpenSSL.cpp @@ -28,6 +28,7 @@ #include "vmime/net/tls/openssl/TLSSession_OpenSSL.hpp" +#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp" #include "vmime/net/tls/openssl/OpenSSLInitializer.hpp" #include "vmime/exception.hpp" @@ -45,19 +46,19 @@ static OpenSSLInitializer::autoInitializer openSSLInitializer; // static -ref TLSSession::create(ref cv) +ref TLSSession::create(ref cv, ref props) { - return vmime::create (cv); + return vmime::create (cv, props); } -TLSSession_OpenSSL::TLSSession_OpenSSL(ref cv) - : m_sslctx(0), m_certVerifier(cv) +TLSSession_OpenSSL::TLSSession_OpenSSL(ref cv, ref props) + : m_sslctx(0), m_certVerifier(cv), m_props(props) { m_sslctx = SSL_CTX_new(SSLv23_client_method()); SSL_CTX_set_options(m_sslctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); SSL_CTX_set_mode(m_sslctx, SSL_MODE_AUTO_RETRY); - SSL_CTX_set_cipher_list(m_sslctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); + SSL_CTX_set_cipher_list(m_sslctx, m_props->getCipherSuite().c_str()); SSL_CTX_set_session_cache_mode(m_sslctx, SSL_SESS_CACHE_OFF); } diff --git a/vmime/net/session.hpp b/vmime/net/session.hpp index a6c6e775..b92c2ac7 100644 --- a/vmime/net/session.hpp +++ b/vmime/net/session.hpp @@ -33,6 +33,8 @@ #include "vmime/security/authenticator.hpp" +#include "vmime/net/tls/TLSProperties.hpp" + #include "vmime/utility/url.hpp" #include "vmime/propertySet.hpp" @@ -141,9 +143,23 @@ public: */ propertySet& getProperties(); + /** Set properties for SSL/TLS secured connections in this session. + * + * @param tlsProps SSL/TLS properties + */ + void setTLSProperties(ref tlsProps); + + /** Get properties for SSL/TLS secured connections in this session. + * + * @return SSL/TLS properties + */ + ref getTLSProperties() const; + private: propertySet m_props; + + ref m_tlsProps; }; diff --git a/vmime/net/tls/TLSProperties.hpp b/vmime/net/tls/TLSProperties.hpp new file mode 100644 index 00000000..23540eeb --- /dev/null +++ b/vmime/net/tls/TLSProperties.hpp @@ -0,0 +1,105 @@ +// +// VMime library (http://www.vmime.org) +// Copyright (C) 2002-2013 Vincent Richard +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License as +// published by the Free Software Foundation; either version 3 of +// the License, or (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// Linking this library statically or dynamically with other modules is making +// a combined work based on this library. Thus, the terms and conditions of +// the GNU General Public License cover the whole combination. +// + +#ifndef VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED +#define VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED + + +#include "vmime/config.hpp" + + +#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT + + +#include "vmime/types.hpp" + + +namespace vmime { +namespace net { +namespace tls { + + +/** Holds options for a TLS session. + */ +class VMIME_EXPORT TLSProperties : public object +{ +public: + + TLSProperties(); + TLSProperties(const TLSProperties&); + + + /** Predefined generic cipher suites (work with all TLS libraries). */ + enum GenericCipherSuite + { + CIPHERSUITE_HIGH, /**< High encryption cipher suites (> 128 bits). */ + CIPHERSUITE_MEDIUM, /**< Medium encryption cipher suites (>= 128 bits). */ + CIPHERSUITE_LOW, /**< Low encryption cipher suites (>= 64 bits). */ + + CIPHERSUITE_DEFAULT /**< Default cipher suite. */ + }; + + /** Sets the cipher suite preferences for a SSL/TLS session, using + * predefined, generic suites. This works with all underlying TLS + * libraries (OpenSSL and GNU TLS). + * + * @param cipherSuite predefined cipher suite + */ + void setCipherSuite(const GenericCipherSuite cipherSuite); + + /** Sets the cipher suite preferences for a SSL/TLS session, using + * a character string. The format and meaning of the string depend + * on the underlying TLS library. + * + * For GNU TLS, read this: + * http://gnutls.org/manual/html_node/Priority-Strings.html + * + * For OpenSSL, read this: + * http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS + * + * @param cipherSuite cipher suite as a string + */ + void setCipherSuite(const string& cipherSuite); + + /** Returns the cipher suite preferences for a SSL/TLS session, as + * a character string. The format and meaning of the string depend + * on the underlying TLS library (see setCipherSuite() method). + * + * @return cipher suite string + */ + const string getCipherSuite() const; + +private: + + ref m_data; +}; + + +} // tls +} // net +} // vmime + + +#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT + +#endif // VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED diff --git a/vmime/net/tls/TLSSession.hpp b/vmime/net/tls/TLSSession.hpp index 5cd14435..faca9d11 100644 --- a/vmime/net/tls/TLSSession.hpp +++ b/vmime/net/tls/TLSSession.hpp @@ -34,6 +34,7 @@ #include "vmime/types.hpp" #include "vmime/net/tls/TLSSocket.hpp" +#include "vmime/net/tls/TLSProperties.hpp" #include "vmime/security/cert/certificateVerifier.hpp" @@ -53,9 +54,10 @@ public: * * @param cv object responsible for verifying certificates * sent by the server + * @param props TLS properties for this session * @return a new TLS session */ - static ref create(ref cv); + static ref create(ref cv, ref props); /** Create a new socket that adds a TLS security layer around * an existing socket. You should create only one socket diff --git a/vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp b/vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp new file mode 100644 index 00000000..2038778a --- /dev/null +++ b/vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp @@ -0,0 +1,68 @@ +// +// VMime library (http://www.vmime.org) +// Copyright (C) 2002-2013 Vincent Richard +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License as +// published by the Free Software Foundation; either version 3 of +// the License, or (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// Linking this library statically or dynamically with other modules is making +// a combined work based on this library. Thus, the terms and conditions of +// the GNU General Public License cover the whole combination. +// + +#ifndef VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED +#define VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED + + +#ifndef VMIME_BUILDING_DOC + + +#include "vmime/config.hpp" + + +#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS + + +#include "vmime/types.hpp" + +#include "vmime/net/tls/TLSProperties.hpp" + + +namespace vmime { +namespace net { +namespace tls { + + +class TLSProperties_GnuTLS : public object +{ +public: + + TLSProperties_GnuTLS& operator=(const TLSProperties_GnuTLS& other); + + + string cipherSuite; +}; + + +} // tls +} // net +} // vmime + + +#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS + +#endif // VMIME_BUILDING_DOC + +#endif // VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED + diff --git a/vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp b/vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp index 1f70a1c7..45fee070 100644 --- a/vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp +++ b/vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp @@ -38,6 +38,7 @@ #include "vmime/net/tls/TLSSession.hpp" #include "vmime/net/tls/TLSSocket.hpp" +#include "vmime/net/tls/TLSProperties.hpp" namespace vmime { @@ -51,7 +52,7 @@ class TLSSession_GnuTLS : public TLSSession public: - TLSSession_GnuTLS(ref cv); + TLSSession_GnuTLS(ref cv, ref props); ~TLSSession_GnuTLS(); @@ -73,6 +74,7 @@ private: #endif // LIBGNUTLS_VERSION ref m_certVerifier; + ref m_props; }; diff --git a/vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp b/vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp new file mode 100644 index 00000000..5d2f075a --- /dev/null +++ b/vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp @@ -0,0 +1,68 @@ +// +// VMime library (http://www.vmime.org) +// Copyright (C) 2002-2013 Vincent Richard +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License as +// published by the Free Software Foundation; either version 3 of +// the License, or (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// Linking this library statically or dynamically with other modules is making +// a combined work based on this library. Thus, the terms and conditions of +// the GNU General Public License cover the whole combination. +// + +#ifndef VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED +#define VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED + + +#ifndef VMIME_BUILDING_DOC + + +#include "vmime/config.hpp" + + +#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL + + +#include "vmime/types.hpp" + +#include "vmime/net/tls/TLSProperties.hpp" + + +namespace vmime { +namespace net { +namespace tls { + + +class TLSProperties_OpenSSL : public object +{ +public: + + TLSProperties_OpenSSL& operator=(const TLSProperties_OpenSSL& other); + + + string cipherSuite; +}; + + +} // tls +} // net +} // vmime + + +#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL + +#endif // VMIME_BUILDING_DOC + +#endif // VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED + diff --git a/vmime/net/tls/openssl/TLSSession_OpenSSL.hpp b/vmime/net/tls/openssl/TLSSession_OpenSSL.hpp index 74c49a19..85f018f1 100644 --- a/vmime/net/tls/openssl/TLSSession_OpenSSL.hpp +++ b/vmime/net/tls/openssl/TLSSession_OpenSSL.hpp @@ -38,6 +38,7 @@ #include "vmime/net/tls/TLSSession.hpp" #include "vmime/net/tls/TLSSocket.hpp" +#include "vmime/net/tls/TLSProperties.hpp" #include @@ -54,7 +55,7 @@ class TLSSession_OpenSSL : public TLSSession public: - TLSSession_OpenSSL(const ref cv); + TLSSession_OpenSSL(const ref cv, ref props); ~TLSSession_OpenSSL(); @@ -90,6 +91,7 @@ private: SSL_CTX* m_sslctx; ref m_certVerifier; + ref m_props; };