X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/ab8c4cfdc5e9b8b7bb38d5b49f43e006bd2df7aa..44c4b1b168d0ac7c860f91495c423f425e8a87d9:/sbr/netsec.c diff --git a/sbr/netsec.c b/sbr/netsec.c index 59904522..895892a2 100644 --- a/sbr/netsec.c +++ b/sbr/netsec.c @@ -289,8 +289,9 @@ netsec_b64_snoop_decoder(netsec_context *nsc, const char *string, size_t len, const char *decoded; size_t decodedlen; NMH_UNUSED(nsc); + int offset; - int offset = context ? *((int *) context) : 0; + offset = context ? *((int *) context) : 0; if (offset > 0) { /* @@ -403,11 +404,11 @@ retry: if (nsc->ns_snoop) { #ifdef CYRUS_SASL if (nsc->sasl_seclayer) - fprintf(stderr, "(sasl-encrypted) "); + fprintf(stderr, "(sasl-decrypted) "); #endif /* CYRUS_SASL */ #ifdef TLS_SUPPORT if (nsc->tls_active) - fprintf(stderr, "(tls-encrypted) "); + fprintf(stderr, "(tls-decrypted) "); #endif /* TLS_SUPPORT */ fprintf(stderr, "<= "); if (nsc->ns_snoop_cb) @@ -796,24 +797,6 @@ netsec_flush(netsec_context *nsc, char **errstr) unsigned int netoutlen = nsc->ns_outbuflen; int rc; - /* - * For TLS connections, just call BIO_flush(); we'll let TLS handle - * all of our output buffering. - */ -#ifdef TLS_SUPPORT - if (nsc->tls_active) { - rc = BIO_flush(nsc->ssl_io); - - if (rc <= 0) { - netsec_err(errstr, "Error flushing TLS connection: %s", - ERR_error_string(ERR_get_error(), NULL)); - return NOTOK; - } - - return OK; - } -#endif /* TLS_SUPPORT */ - /* * Small optimization */ @@ -924,7 +907,21 @@ netsec_set_sasl_params(netsec_context *nsc, const char *hostname, return NOTOK; } - nsc->sasl_mech = mechanism ? getcpy(mechanism) : NULL; + /* + * According to the RFC, mechanisms can only be uppercase letter, numbers, + * and a hypen or underscore. So make sure we uppercase any letters + * in case the user passed in lowercase. + */ + + if (mechanism) { + char *p; + nsc->sasl_mech = getcpy(mechanism); + + for (p = nsc->sasl_mech; *p; p++) + if (isascii((unsigned char) *p)) /* Just in case */ + *p = toupper((unsigned char) *p); + } + nsc->sasl_proto_cb = callback; nsc->sasl_hostname = getcpy(hostname); @@ -1457,17 +1454,6 @@ netsec_set_tls(netsec_context *nsc, int tls, char **errstr) SSL_set_bio(ssl, rbio, wbio); SSL_set_connect_state(ssl); -#if 0 - nsc->ssl_io = BIO_new(BIO_f_buffer()); - - if (! nsc->ssl_io) { - netsec_err(errstr, "Unable to create a buffer BIO: %s", - ERR_error_string(ERR_get_error(), NULL)); - SSL_free(ssl); - return NOTOK; - } -#endif - ssl_bio = BIO_new(BIO_f_ssl()); if (! ssl_bio) { @@ -1478,9 +1464,6 @@ netsec_set_tls(netsec_context *nsc, int tls, char **errstr) } BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); -#if 0 - BIO_push(nsc->ssl_io, ssl_bio); -#endif nsc->ssl_io = ssl_bio; return OK; @@ -1524,7 +1507,7 @@ netsec_negotiate_tls(netsec_context *nsc, char **errstr) fprintf(stderr, "WARNING: cannot determine SSL ciphers\n"); } else { const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl); - fprintf(stderr, "TLS negotation successful: %s(%d) %s\n", + fprintf(stderr, "TLS negotiation successful: %s(%d) %s\n", SSL_CIPHER_get_name(cipher), SSL_CIPHER_get_bits(cipher, NULL), SSL_CIPHER_get_version(cipher)); @@ -1533,16 +1516,6 @@ netsec_negotiate_tls(netsec_context *nsc, char **errstr) nsc->tls_active = 1; - /* - * At this point, TLS has been activated; we're not going to use - * the output buffer, so free it now to save a little bit of memory. - */ - - if (nsc->ns_outbuffer) { - free(nsc->ns_outbuffer); - nsc->ns_outbuffer = NULL; - } - return OK; #else /* TLS_SUPPORT */ netsec_err(errstr, "TLS not supported");