Package: isync
Version: 0.9.2
Severity: wishlist
hello,
I was inspired by wmbiff's option to skip verification, so added
a couple of opts as documented in the patch below.
Did not touch docs, just src/changelog, the latter being obviously for
my own -log.
WFM. HTH.
-- paolo
-- System Information
Debian Release: 3.0
Kernel Version: Linux npp 2.4.26-ss-fb-lm287 #1 Fri Jul 16 21:26:09 CEST 2004
i686 unknown
diff -urN isync-0.9.2/debian/changelog /tmp/isync-0.9.2.1/debian/changelog
--- isync-0.9.2/debian/changelog Mon Jan 16 22:23:43 2006
+++ /tmp/isync-0.9.2.1/debian/changelog Mon Jan 16 22:22:53 2006
@@ -1,3 +1,12 @@
+isync (0.9.2-4w00dy1) unstable; urgency=low
+
+ * option -O --no-verify-cert to enable imaps connections despite missing
+ CertificateFile
+ * option -S --ss-cert-ok to accept by default self-signed server
+ certificate
+
+ -- paolo <[EMAIL PROTECTED]> Mon, 16 Jan 2006 22:22:24 +0100
+
isync (0.9.2-4) unstable; urgency=low
* Add Czech debconf translation, thanks to Martin Å Ãn. (Closes: #317571)
diff -urN isync-0.9.2/src/imap.c /tmp/isync-0.9.2.1/src/imap.c
--- isync-0.9.2/src/imap.c Mon Jan 16 22:23:43 2006
+++ /tmp/isync-0.9.2.1/src/imap.c Mon Jan 16 22:11:56 2006
@@ -112,9 +112,18 @@
info (" to: %s\n", buf);
fprintf (stderr,
- "\n*** WARNING *** There is no way to verify this certificate. It
is\n"
- " possible that a hostile attacker has replaced the\n"
- " server certificate. Continue at your own risk!\n"
+ "\n*** WARNING *** There is no way to verify this certificate.\n");
+ if (sscert_ok && (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
+ err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN))
+ {
+ fprintf (stderr,
+ "\n*** Going on anyway as you asked - but you've been warned!\n\n");
+ return 0;
+ }
+
+ fprintf (stderr,
+ " It is possible that a hostile attacker has replaced the\n"
+ " server certificate. Continue at your own risk!\n"
"\nAccept this certificate anyway? [no]: ");
if (fgets (buf, sizeof (buf), stdin) && (buf[0] == 'y' || buf[0] == 'Y'))
{
@@ -130,7 +139,7 @@
SSL_METHOD *method;
int options = 0;
- if (!conf->cert_file)
+ if (!conf->cert_file && !no_vfy_cert)
{
fprintf (stderr, "Error, CertificateFile not defined\n");
return -1;
@@ -145,7 +154,7 @@
SSLContext = SSL_CTX_new (method);
- if (access (conf->cert_file, F_OK))
+ if (!no_vfy_cert && access (conf->cert_file, F_OK))
{
if (errno != ENOENT)
{
@@ -155,7 +164,7 @@
warn ("*** Warning: CertificateFile doesn't exist, can't verify server
certificates\n");
}
else
- if (!SSL_CTX_load_verify_locations
+ if (!no_vfy_cert && !SSL_CTX_load_verify_locations
(SSLContext, conf->cert_file, NULL))
{
fprintf (stderr, "Error, SSL_CTX_load_verify_locations: %s\n",
diff -urN isync-0.9.2/src/isync.h /tmp/isync-0.9.2.1/src/isync.h
--- isync-0.9.2/src/isync.h Mon Jan 16 22:23:43 2006
+++ /tmp/isync-0.9.2.1/src/isync.h Mon Jan 16 22:12:11 2006
@@ -180,7 +180,7 @@
extern config_t *boxes;
extern unsigned int Tag;
extern char Hostname[256];
-extern int Verbose, Quiet;
+extern int Verbose, Quiet, sscert_ok, no_vfy_cert;
extern void info (const char *, ...);
extern void infoc (char);
diff -urN isync-0.9.2/src/main.c /tmp/isync-0.9.2.1/src/main.c
--- isync-0.9.2/src/main.c Mon Jan 16 22:23:43 2006
+++ /tmp/isync-0.9.2.1/src/main.c Mon Jan 16 22:17:47 2006
@@ -95,6 +95,8 @@
{"port", 1, NULL, 'p'},
{"quiet", 0, NULL, 'q'},
{"user", 1, NULL, 'u'},
+ {"no-verify-cert", 0, NULL, 'O'},
+ {"ss-cert-ok", 0, NULL, 'S'},
{"version", 0, NULL, 'v'},
{"verbose", 0, NULL, 'V'},
{0, 0, 0, 0}
@@ -108,6 +110,7 @@
mailbox_t *CleanupMail = 0;
imap_t *CleanupImap = 0;
int CleanupValid = 0;
+int sscert_ok = 0, no_vfy_cert = 0;
static void signal_exit(int sig)
{
@@ -156,6 +159,8 @@
" -s, --host HOST IMAP server address\n"
" -p, --port PORT server IMAP port\n"
" -u, --user USER IMAP user name\n"
+" -O, --no-verify-cert do not (try to) verify server's SSL certificate\n"
+" -S, --ss-cert-ok accept Self-Signed server's SSL certificate as well\n"
" -c, --config CONFIG read an alternate config file (default: ~/.isyncrc)\n"
" -V, --verbose verbose mode (display network traffic)\n"
" -q, --quiet don't display progress info\n"
@@ -248,7 +253,7 @@
global.use_tlsv1 = 1;
#endif
-#define FLAGS "alCLRc:defhp:qu:r:F:M:1I:s:vV"
+#define FLAGS "alCLRc:defhp:qOSu:r:F:M:1I:s:vV"
#if HAVE_GETOPT_LONG
while ((i = getopt_long (argc, argv, FLAGS, Opts, NULL)) != -1)
@@ -324,6 +329,12 @@
break;
case 'u':
global.user = optarg;
+ break;
+ case 'O':
+ no_vfy_cert = 1;
+ break;
+ case 'S':
+ sscert_ok = 1;
break;
case 'V':
Verbose = 1;
