summaryrefslogtreecommitdiffstats
path: root/kcontrol/crypto/crypto.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'kcontrol/crypto/crypto.cpp')
-rw-r--r--kcontrol/crypto/crypto.cpp119
1 files changed, 65 insertions, 54 deletions
diff --git a/kcontrol/crypto/crypto.cpp b/kcontrol/crypto/crypto.cpp
index 329c04a31..55536b21e 100644
--- a/kcontrol/crypto/crypto.cpp
+++ b/kcontrol/crypto/crypto.cpp
@@ -878,13 +878,17 @@ void KCryptoConfig::load( bool useDefaults )
config->setGroup("SSLv2");
mUseSSLv2->setChecked(config->readBoolEntry("Enabled", true));
-#ifdef OPENSSL_NO_SSL2
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
mUseSSLv2->setChecked(false);
mUseSSLv2->setEnabled(false);
#endif
config->setGroup("SSLv3");
mUseSSLv3->setChecked(config->readBoolEntry("Enabled", true));
+#if defined(OPENSSL_NO_SSL3)
+ mUseSSLv3->setChecked(false);
+ mUseSSLv3->setEnabled(false);
+#endif
config->setGroup("Warnings");
mWarnOnEnter->setChecked(config->readBoolEntry("OnEnter", false));
@@ -933,12 +937,16 @@ void KCryptoConfig::load( bool useDefaults )
item = static_cast<CipherItem *>(item->nextSibling());
}
-#ifdef OPENSSL_NO_SSL2
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
SSLv2Box->setEnabled( false );
#else
SSLv2Box->setEnabled( mUseSSLv2->isChecked() );
#endif
+#if defined(OPENSSL_NO_SSL3)
+ SSLv3Box->setEnabled( false );
+#else
SSLv3Box->setEnabled( mUseSSLv3->isChecked() );
+#endif
TQStringList groups = policies->groupList();
@@ -1038,7 +1046,8 @@ void KCryptoConfig::load( bool useDefaults )
void KCryptoConfig::save()
{
#ifdef HAVE_SSL
- if (!mUseSSLv2->isChecked() &&
+ if (!mUseTLS->isChecked() &&
+ !mUseSSLv2->isChecked() &&
!mUseSSLv3->isChecked())
KMessageBox::information(this, i18n("If you do not select at least one"
" SSL algorithm, either SSL will not"
@@ -1050,14 +1059,18 @@ void KCryptoConfig::save()
config->writeEntry("Enabled", mUseTLS->isChecked());
config->setGroup("SSLv2");
-#ifdef OPENSSL_NO_SSL2
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
config->writeEntry("Enabled", false);
#else
config->writeEntry("Enabled", mUseSSLv2->isChecked());
#endif
config->setGroup("SSLv3");
+#if defined(OPENSSL_NO_SSL3)
+ config->writeEntry("Enabled", false);
+#else
config->writeEntry("Enabled", mUseSSLv3->isChecked());
+#endif
config->setGroup("Warnings");
config->writeEntry("OnEnter", mWarnOnEnter->isChecked());
@@ -1293,12 +1306,16 @@ void KCryptoConfig::cwCompatible() {
}
mUseTLS->setChecked(true);
-#ifdef OPENSSL_NO_SSL2
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
mUseSSLv2->setChecked(false);
#else
mUseSSLv2->setChecked(true);
#endif
+#if defined(OPENSSL_NO_SSL3)
+ mUseSSLv3->setChecked(false);
+#else
mUseSSLv3->setChecked(true);
+#endif
configChanged();
#endif
}
@@ -1354,12 +1371,16 @@ void KCryptoConfig::cwAll() {
}
mUseTLS->setChecked(true);
-#ifdef OPENSSL_NO_SSL2
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
mUseSSLv2->setChecked(false);
#else
mUseSSLv2->setChecked(true);
#endif
+#if defined(OPENSSL_NO_SSL3)
+ mUseSSLv3->setChecked(false);
+#else
mUseSSLv3->setChecked(true);
+#endif
configChanged();
#endif
}
@@ -1875,9 +1896,6 @@ void KCryptoConfig::slotCAImport() {
return;
#ifdef HAVE_SSL
-#define sk_free KOSSL::self()->sk_free
-#define sk_num KOSSL::self()->sk_num
-#define sk_value KOSSL::self()->sk_value
// First try to load using the OpenSSL method
X509_STORE *certStore = KOSSL::self()->X509_STORE_new();
@@ -1887,13 +1905,14 @@ void KCryptoConfig::slotCAImport() {
KOSSL::self()->X509_LOOKUP_load_file(certLookup,
certFile.local8Bit(),
X509_FILETYPE_PEM)) {
- for (int i = 0; i < sk_X509_OBJECT_num(certStore->objs); i++) {
- X509_OBJECT* x5o = sk_X509_OBJECT_value(certStore->objs, i);
+ STACK_OF(X509_OBJECT) *certStore_objs = KOSSL::self()->X509_STORE_get0_objects(certStore);
+ for (int i = 0; i < KOSSL::self()->OPENSSL_sk_num(certStore_objs); i++) {
+ X509_OBJECT* x5o = reinterpret_cast<X509_OBJECT*>(KOSSL::self()->OPENSSL_sk_value(certStore_objs, i));
if (!x5o) continue;
- if (x5o->type != X509_LU_X509) continue;
+ if (KOSSL::self()->X509_OBJECT_get_type(x5o) != X509_LU_X509) continue;
- X509 *x5 = x5o->data.x509;
+ X509 *x5 = KOSSL::self()->X509_OBJECT_get0_X509(x5o);
if (!x5) continue;
// Easier to use in this form
@@ -1957,7 +1976,7 @@ void KCryptoConfig::slotCAImport() {
qf.open(IO_ReadOnly);
qf.readLine(certtext, qf.size());
- if (certStore) { KOSSL::self()->X509_STORE_free(certStore);
+ if (certStore) { KOSSL::self()->OPENSSL_sk_free(certStore);
certStore = NULL; }
if (certtext.contains("-----BEGIN CERTIFICATE-----")) {
@@ -2029,12 +2048,9 @@ void KCryptoConfig::slotCAImport() {
}
- if (certStore) KOSSL::self()->X509_STORE_free(certStore);
+ if (certStore) KOSSL::self()->OPENSSL_sk_free(certStore);
configChanged();
-#undef sk_free
-#undef sk_num
-#undef sk_value
#endif
offerImportToKMail( certFile );
@@ -2356,81 +2372,76 @@ void KCryptoConfig::slotGeneratePersonal() {
#ifdef HAVE_SSL
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-#define SSL_CONST const
-#else
-#define SSL_CONST
-#endif
-
// This gets all the available ciphers from OpenSSL
bool KCryptoConfig::loadCiphers() {
-unsigned int i;
+unsigned int i, cnt;
SSL_CTX *ctx;
SSL *ssl;
-SSL_CONST SSL_METHOD *meth;
+SSL_METHOD *meth;
+STACK_OF(SSL_CIPHER)* sk;
SSLv2Box->clear();
SSLv3Box->clear();
+ CipherItem *item;
-#ifndef OPENSSL_NO_SSL2
- meth = SSLv2_client_method();
- SSLeay_add_ssl_algorithms();
- ctx = SSL_CTX_new(meth);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_NO_SSL2)
+ meth = KOSSL::self()->SSLv2_client_method();
+ ctx = KOSSL::self()->SSL_CTX_new(meth);
if (ctx == NULL) return false;
- ssl = SSL_new(ctx);
+ ssl = KOSSL::self()->SSL_new(ctx);
if (!ssl) return false;
+ sk = KOSSL::self()->SSL_get_ciphers(ssl);
+ cnt = KOSSL::self()->OPENSSL_sk_num(sk);
- CipherItem *item;
- for (i=0; ; i++) {
+ for (i = 0; i < cnt; i++) {
int j, k;
- SSL_CONST SSL_CIPHER *sc;
- sc = (meth->get_cipher)(i);
+ SSL_CIPHER *sc = reinterpret_cast<SSL_CIPHER*>(KOSSL::self()->OPENSSL_sk_value(sk, i));
if (!sc)
break;
// Leak of sc*?
- TQString scn(sc->name);
+ TQString scn(KOSSL::self()->SSL_CIPHER_get_name(sc));
if (scn.contains("ADH-") || scn.contains("NULL-") || scn.contains("DES-CBC3-SHA") || scn.contains("FZA-")) {
continue;
}
- k = SSL_CIPHER_get_bits(sc, &j);
+ k = KOSSL::self()->SSL_CIPHER_get_bits(sc, &j);
- item = new CipherItem( SSLv2Box, sc->name, k, j, this );
+ item = new CipherItem( SSLv2Box, scn, k, j, this );
}
- if (ctx) SSL_CTX_free(ctx);
- if (ssl) SSL_free(ssl);
-#else
- CipherItem *item;
+ if (ctx) KOSSL::self()->SSL_CTX_free(ctx);
+ if (ssl) KOSSL::self()->SSL_free(ssl);
#endif
+# ifndef OPENSSL_NO_SSL3_METHOD
// We repeat for SSLv3
- meth = SSLv3_client_method();
- SSLeay_add_ssl_algorithms();
- ctx = SSL_CTX_new(meth);
+ meth = KOSSL::self()->SSLv3_client_method();
+ ctx = KOSSL::self()->SSL_CTX_new(meth);
if (ctx == NULL) return false;
- ssl = SSL_new(ctx);
+ ssl = KOSSL::self()->SSL_new(ctx);
if (!ssl) return false;
+ sk = KOSSL::self()->SSL_get_ciphers(ssl);
+ cnt = KOSSL::self()->OPENSSL_sk_num(sk);
- for (i=0; ; i++) {
+ for (i = 0; i < cnt; i++) {
int j, k;
- SSL_CONST SSL_CIPHER *sc;
- sc = (meth->get_cipher)(i);
+ SSL_CIPHER *sc = reinterpret_cast<SSL_CIPHER*>(KOSSL::self()->OPENSSL_sk_value(sk, i));
if (!sc)
break;
// Leak of sc*?
- TQString scn(sc->name);
+ TQString scn(KOSSL::self()->SSL_CIPHER_get_name(sc));
if (scn.contains("ADH-") || scn.contains("NULL-") || scn.contains("DES-CBC3-SHA") || scn.contains("FZA-")) {
continue;
}
- k = SSL_CIPHER_get_bits(sc, &j);
+ k = KOSSL::self()->SSL_CIPHER_get_bits(sc, &j);
- item = new CipherItem( SSLv3Box, sc->name, k, j, this );
+ item = new CipherItem( SSLv3Box, scn, k, j, this );
}
- if (ctx) SSL_CTX_free(ctx);
- if (ssl) SSL_free(ssl);
+ if (ctx) KOSSL::self()->SSL_CTX_free(ctx);
+ if (ssl) KOSSL::self()->SSL_free(ssl);
+#endif
return true;
}
generated by cgit v1.2.1 (git 2.18.0) at 2025-03-08 07:10:20 +0000