Garbage collect the saslmaxssf flag, and update documentation for

[nmh] / sbr / netsec.c

diff --git a/sbr/netsec.c b/sbr/netsec.c
index 928f80b77dbb46fca201e711d3079fd6b8cdde77..895892a29d29e1346c2ea4454d731bbfc78e027b 100644 (file)
--- a/sbr/netsec.c
+++ b/sbr/netsec.c
@@ -289,8 +289,9 @@ netsec_b64_snoop_decoder(netsec_context *nsc, const char *string, size_t len,
     const char *decoded;
     size_t decodedlen;
     NMH_UNUSED(nsc);
+    int offset;
 
-    int offset = context ? *((int *) context) : 0;
+    offset = context ? *((int *) context) : 0;
 
     if (offset > 0) {
        /*
@@ -403,11 +404,11 @@ retry:
            if (nsc->ns_snoop) {
 #ifdef CYRUS_SASL
                if (nsc->sasl_seclayer)
-                   fprintf(stderr, "(sasl-encrypted) ");
+                   fprintf(stderr, "(sasl-decrypted) ");
 #endif /* CYRUS_SASL */
 #ifdef TLS_SUPPORT
                if (nsc->tls_active)
-                   fprintf(stderr, "(tls-encrypted) ");
+                   fprintf(stderr, "(tls-decrypted) ");
 #endif /* TLS_SUPPORT */
                fprintf(stderr, "<= ");
                if (nsc->ns_snoop_cb)
@@ -796,24 +797,6 @@ netsec_flush(netsec_context *nsc, char **errstr)
     unsigned int netoutlen = nsc->ns_outbuflen;
     int rc;
 
-    /*
-     * For TLS connections, just call BIO_flush(); we'll let TLS handle
-     * all of our output buffering.
-     */
-#if 0
-    if (nsc->tls_active) {
-       rc = BIO_flush(nsc->ssl_io);
-
-       if (rc <= 0) {
-           netsec_err(errstr, "Error flushing TLS connection: %s",
-                      ERR_error_string(ERR_get_error(), NULL));
-           return NOTOK;
-       }
-
-       return OK;
-    }
-#endif /* TLS_SUPPORT */
-
     /*
      * Small optimization
      */
@@ -935,8 +918,8 @@ netsec_set_sasl_params(netsec_context *nsc, const char *hostname,
        nsc->sasl_mech = getcpy(mechanism);
 
        for (p = nsc->sasl_mech; *p; p++)
-           if (isascii(*p))    /* Just in case */
-               *p = toupper(*p);
+           if (isascii((unsigned char) *p))    /* Just in case */
+               *p = toupper((unsigned char) *p);
     }
 
     nsc->sasl_proto_cb = callback;
@@ -1471,17 +1454,6 @@ netsec_set_tls(netsec_context *nsc, int tls, char **errstr)
        SSL_set_bio(ssl, rbio, wbio);
        SSL_set_connect_state(ssl);
 
-#if 0
-       nsc->ssl_io = BIO_new(BIO_f_buffer());
-
-       if (! nsc->ssl_io) {
-           netsec_err(errstr, "Unable to create a buffer BIO: %s",
-                      ERR_error_string(ERR_get_error(), NULL));
-           SSL_free(ssl);
-           return NOTOK;
-       }
-#endif
-
        ssl_bio = BIO_new(BIO_f_ssl());
 
        if (! ssl_bio) {
@@ -1492,9 +1464,6 @@ netsec_set_tls(netsec_context *nsc, int tls, char **errstr)
        }
 
        BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
-#if 0
-       BIO_push(nsc->ssl_io, ssl_bio);
-#endif
        nsc->ssl_io = ssl_bio;
 
        return OK;
@@ -1538,7 +1507,7 @@ netsec_negotiate_tls(netsec_context *nsc, char **errstr)
            fprintf(stderr, "WARNING: cannot determine SSL ciphers\n");
        } else {
            const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
-           fprintf(stderr, "TLS negotation successful: %s(%d) %s\n",
+           fprintf(stderr, "TLS negotiation successful: %s(%d) %s\n",
                    SSL_CIPHER_get_name(cipher),
                    SSL_CIPHER_get_bits(cipher, NULL),
                    SSL_CIPHER_get_version(cipher));
@@ -1547,18 +1516,6 @@ netsec_negotiate_tls(netsec_context *nsc, char **errstr)
 
     nsc->tls_active = 1;
 
-#if 0
-    /*
-     * At this point, TLS has been activated; we're not going to use
-     * the output buffer, so free it now to save a little bit of memory.
-     */
-
-    if (nsc->ns_outbuffer) {
-       free(nsc->ns_outbuffer);
-       nsc->ns_outbuffer = NULL;
-    }
-#endif
-
     return OK;
 #else /* TLS_SUPPORT */
     netsec_err(errstr, "TLS not supported");