aboutsummaryrefslogtreecommitdiffstats
path: root/src/net/tls
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/net/tls/TLSProperties.cpp44
-rw-r--r--src/net/tls/gnutls/TLSProperties_GnuTLS.cpp113
-rw-r--r--src/net/tls/gnutls/TLSSession_GnuTLS.cpp24
-rw-r--r--src/net/tls/openssl/TLSProperties_OpenSSL.cpp112
-rw-r--r--src/net/tls/openssl/TLSSession_OpenSSL.cpp11
5 files changed, 285 insertions, 19 deletions
diff --git a/src/net/tls/TLSProperties.cpp b/src/net/tls/TLSProperties.cpp
new file mode 100644
index 00000000..1986db79
--- /dev/null
+++ b/src/net/tls/TLSProperties.cpp
@@ -0,0 +1,44 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library. Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/net/tls/TLSProperties.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
diff --git a/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp b/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp
new file mode 100644
index 00000000..2a161dee
--- /dev/null
+++ b/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp
@@ -0,0 +1,113 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library. Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include "vmime/base.hpp"
+#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
+
+#include <gnutls/gnutls.h>
+#if GNUTLS_VERSION_NUMBER < 0x030000
+#include <gnutls/extra.h>
+#endif
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+TLSProperties::TLSProperties()
+ : m_data(vmime::create <TLSProperties_GnuTLS>())
+{
+ setCipherSuite(CIPHERSUITE_DEFAULT);
+}
+
+
+TLSProperties::TLSProperties(const TLSProperties& props)
+ : object(),
+ m_data(vmime::create <TLSProperties_GnuTLS>())
+{
+ *m_data.dynamicCast <TLSProperties_GnuTLS>() = *props.m_data.dynamicCast <TLSProperties_GnuTLS>();
+}
+
+
+void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite)
+{
+ switch (cipherSuite)
+ {
+ case CIPHERSUITE_HIGH:
+
+ setCipherSuite("SECURE256:%SSL3_RECORD_VERSION");
+ break;
+
+ case CIPHERSUITE_MEDIUM:
+
+ setCipherSuite("SECURE128:%SSL3_RECORD_VERSION");
+ break;
+
+ case CIPHERSUITE_LOW:
+
+ setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
+ break;
+
+ default:
+ case CIPHERSUITE_DEFAULT:
+
+ setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
+ break;
+ }
+}
+
+
+void TLSProperties::setCipherSuite(const string& cipherSuite)
+{
+ m_data.dynamicCast <TLSProperties_GnuTLS>()->cipherSuite = cipherSuite;
+}
+
+
+const string TLSProperties::getCipherSuite() const
+{
+ return m_data.dynamicCast <TLSProperties_GnuTLS>()->cipherSuite;
+}
+
+
+
+TLSProperties_GnuTLS& TLSProperties_GnuTLS::operator=(const TLSProperties_GnuTLS& other)
+{
+ cipherSuite = other.cipherSuite;
+
+ return *this;
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
diff --git a/src/net/tls/gnutls/TLSSession_GnuTLS.cpp b/src/net/tls/gnutls/TLSSession_GnuTLS.cpp
index 97f61d9e..8297e779 100644
--- a/src/net/tls/gnutls/TLSSession_GnuTLS.cpp
+++ b/src/net/tls/gnutls/TLSSession_GnuTLS.cpp
@@ -49,6 +49,7 @@
#include "vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp"
#include "vmime/net/tls/gnutls/TLSSocket_GnuTLS.hpp"
+#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
#include "vmime/exception.hpp"
@@ -133,14 +134,14 @@ static TLSGlobal g_gnutlsGlobal;
// static
-ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv)
+ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
{
- return vmime::create <TLSSession_GnuTLS>(cv);
+ return vmime::create <TLSSession_GnuTLS>(cv, props);
}
-TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv)
- : m_certVerifier(cv)
+TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
+ : m_certVerifier(cv), m_props(props)
{
int res;
@@ -151,21 +152,16 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> c
// Sets some default priority on the ciphers, key exchange methods,
// macs and compression methods.
-#if HAVE_GNUTLS_PRIORITY_FUNCS
+#if VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
gnutls_dh_set_prime_bits(*m_gnutlsSession, 128);
if ((res = gnutls_priority_set_direct
- (*m_gnutlsSession, "NORMAL:%SSL3_RECORD_VERSION", NULL)) != 0)
+ (*m_gnutlsSession, m_props->getCipherSuite().c_str(), NULL)) != 0)
{
- if ((res = gnutls_priority_set_direct
- (*m_gnutlsSession, "NORMAL", NULL)) != 0)
- {
- throwTLSException
- ("gnutls_priority_set_direct", res);
- }
+ throwTLSException("gnutls_priority_set_direct", res);
}
-#else // !HAVE_GNUTLS_PRIORITY_FUNCS
+#else // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
gnutls_set_default_priority(*m_gnutlsSession);
@@ -241,7 +237,7 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> c
gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
-#endif // !HAVE_GNUTLS_PRIORITY_FUNCS
+#endif // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
// Initialize credentials
gnutls_credentials_set(*m_gnutlsSession,
diff --git a/src/net/tls/openssl/TLSProperties_OpenSSL.cpp b/src/net/tls/openssl/TLSProperties_OpenSSL.cpp
new file mode 100644
index 00000000..0efc33c9
--- /dev/null
+++ b/src/net/tls/openssl/TLSProperties_OpenSSL.cpp
@@ -0,0 +1,112 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library. Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/base.hpp"
+#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+TLSProperties::TLSProperties()
+ : m_data(vmime::create <TLSProperties_OpenSSL>())
+{
+ setCipherSuite(CIPHERSUITE_DEFAULT);
+}
+
+
+TLSProperties::TLSProperties(const TLSProperties& props)
+ : object(),
+ m_data(vmime::create <TLSProperties_OpenSSL>())
+{
+ *m_data.dynamicCast <TLSProperties_OpenSSL>() = *props.m_data.dynamicCast <TLSProperties_OpenSSL>();
+}
+
+
+void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite)
+{
+ switch (cipherSuite)
+ {
+ case CIPHERSUITE_HIGH:
+
+ setCipherSuite("HIGH");
+ break;
+
+ case CIPHERSUITE_MEDIUM:
+
+ setCipherSuite("MEDIUM");
+ break;
+
+ case CIPHERSUITE_LOW:
+
+ setCipherSuite("LOW");
+ break;
+
+ default:
+ case CIPHERSUITE_DEFAULT:
+
+ setCipherSuite("DEFAULT");
+ break;
+ }
+}
+
+
+void TLSProperties::setCipherSuite(const string& cipherSuite)
+{
+ m_data.dynamicCast <TLSProperties_OpenSSL>()->cipherSuite = cipherSuite;
+}
+
+
+const string TLSProperties::getCipherSuite() const
+{
+ return m_data.dynamicCast <TLSProperties_OpenSSL>()->cipherSuite;
+}
+
+
+
+TLSProperties_OpenSSL& TLSProperties_OpenSSL::operator=(const TLSProperties_OpenSSL& other)
+{
+ cipherSuite = other.cipherSuite;
+
+ return *this;
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
diff --git a/src/net/tls/openssl/TLSSession_OpenSSL.cpp b/src/net/tls/openssl/TLSSession_OpenSSL.cpp
index fcf82c7b..953e4ebc 100644
--- a/src/net/tls/openssl/TLSSession_OpenSSL.cpp
+++ b/src/net/tls/openssl/TLSSession_OpenSSL.cpp
@@ -28,6 +28,7 @@
#include "vmime/net/tls/openssl/TLSSession_OpenSSL.hpp"
+#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
#include "vmime/net/tls/openssl/OpenSSLInitializer.hpp"
#include "vmime/exception.hpp"
@@ -45,19 +46,19 @@ static OpenSSLInitializer::autoInitializer openSSLInitializer;
// static
-ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv)
+ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
{
- return vmime::create <TLSSession_OpenSSL>(cv);
+ return vmime::create <TLSSession_OpenSSL>(cv, props);
}
-TLSSession_OpenSSL::TLSSession_OpenSSL(ref <vmime::security::cert::certificateVerifier> cv)
- : m_sslctx(0), m_certVerifier(cv)
+TLSSession_OpenSSL::TLSSession_OpenSSL(ref <vmime::security::cert::certificateVerifier> cv, ref <TLSProperties> props)
+ : m_sslctx(0), m_certVerifier(cv), m_props(props)
{
m_sslctx = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(m_sslctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
SSL_CTX_set_mode(m_sslctx, SSL_MODE_AUTO_RETRY);
- SSL_CTX_set_cipher_list(m_sslctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+ SSL_CTX_set_cipher_list(m_sslctx, m_props->getCipherSuite().c_str());
SSL_CTX_set_session_cache_mode(m_sslctx, SSL_SESS_CACHE_OFF);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 22:35:58 +0000