summaryrefslogtreecommitdiffstats
path: root/kio/kssl/ksslsettings.cc
diff options
context:
space:
mode:
Diffstat (limited to 'kio/kssl/ksslsettings.cc')
-rw-r--r--kio/kssl/ksslsettings.cc356
1 files changed, 0 insertions, 356 deletions
diff --git a/kio/kssl/ksslsettings.cc b/kio/kssl/ksslsettings.cc
deleted file mode 100644
index 5a77b12bf..000000000
--- a/kio/kssl/ksslsettings.cc
+++ /dev/null
@@ -1,356 +0,0 @@
-/* This file is part of the KDE project
- *
- * Copyright (C) 2000 George Staikos <staikos@kde.org>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Library General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Library General Public License for more details.
- *
- * You should have received a copy of the GNU Library General Public License
- * along with this library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- * Boston, MA 02110-1301, USA.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <stdlib.h>
-#include <pwd.h>
-#include <unistd.h>
-
-#include <tqfile.h>
-#include <tqsortedlist.h>
-
-#include "ksslsettings.h"
-#include <kglobal.h>
-#include <kstandarddirs.h>
-#include <kdebug.h>
-
-// this hack provided by Malte Starostik to avoid glibc/openssl bug
-// on some systems
-#ifdef KSSL_HAVE_SSL
-#define crypt _openssl_crypt
-#include <openssl/ssl.h>
-#undef crypt
-#endif
-#include <kopenssl.h>
-
-#ifdef KSSL_HAVE_SSL
-#define sk_new d->kossl->sk_new
-#define sk_push d->kossl->sk_push
-#define sk_free d->kossl->sk_free
-#define sk_value d->kossl->sk_value
-#define sk_num d->kossl->sk_num
-#define sk_dup d->kossl->sk_dup
-#define sk_pop d->kossl->sk_pop
-#endif
-
- class CipherNode {
- public:
- CipherNode(const char *_name, int _keylen) :
- name(_name), keylen(_keylen) {}
- TQString name;
- int keylen;
- inline int operator==(CipherNode &x)
- { return ((x.keylen == keylen) && (x.name == name)); }
- inline int operator< (CipherNode &x) { return keylen < x.keylen; }
- inline int operator<=(CipherNode &x) { return keylen <= x.keylen; }
- inline int operator> (CipherNode &x) { return keylen > x.keylen; }
- inline int operator>=(CipherNode &x) { return keylen >= x.keylen; }
- };
-
-
-class KSSLSettingsPrivate {
-public:
- KSSLSettingsPrivate() {
- kossl = NULL; // try to delay this as long as possible
- }
- ~KSSLSettingsPrivate() {
-
- }
-
- KOSSL *kossl;
- bool m_bUseEGD;
- bool m_bUseEFile;
- TQString m_EGDPath;
- bool m_bSendX509;
- bool m_bPromptX509;
-};
-
-//
-// FIXME
-// Implementation note: for now, we only read cipher settings from disk,
-// and do not store them in memory. This should change.
-//
-
-KSSLSettings::KSSLSettings(bool readConfig) {
- d = new KSSLSettingsPrivate;
- m_cfg = new KConfig("cryptodefaults", false, false);
-
- if (!KGlobal::dirs()->addResourceType("kssl", KStandardDirs::kde_default("data") + "kssl")) {
- //kdDebug(7029) << "Error adding (kssl, share/apps/kssl)" << endl;
- }
-
- if (readConfig) load();
-}
-
-
-// we don't save settings incase it was a temporary object
-KSSLSettings::~KSSLSettings() {
- delete m_cfg;
- delete d;
-}
-
-
-bool KSSLSettings::sslv2() const {
- return m_bUseSSLv2;
-}
-
-
-bool KSSLSettings::sslv3() const {
- return m_bUseSSLv3;
-}
-
-
-bool KSSLSettings::tlsv1() const {
- return m_bUseTLSv1;
-}
-
-
-// FIXME: we should make a default list available if this fails
-// since OpenSSL seems to just choose any old thing if it's given an
-// empty list. This behavior is not confirmed though.
-TQString KSSLSettings::getCipherList() {
- TQString clist;
-#ifdef KSSL_HAVE_SSL
- TQString tcipher;
- bool firstcipher = true;
- SSL_METHOD *meth = 0L;
- TQPtrList<CipherNode> cipherList;
-
- cipherList.setAutoDelete(true);
-
- if (!d->kossl)
- d->kossl = KOSSL::self();
-
- if (m_bUseSSLv3 && m_bUseSSLv2)
- meth = d->kossl->SSLv23_client_method();
- else if(m_bUseSSLv3)
- meth = d->kossl->SSLv3_client_method();
- else if (m_bUseSSLv2)
- meth = d->kossl->SSLv2_client_method();
-
- SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth);
- SSL* ssl = d->kossl->SSL_new(ctx);
- STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl);
- int cnt = sk_SSL_CIPHER_num(sk);
- for (int i=0; i< cnt; i++) {
- SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i);
- if (!sc)
- break;
-
- if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(sc)))
- m_cfg->setGroup("SSLv2");
- else
- m_cfg->setGroup("SSLv3");
-
- tcipher.sprintf("cipher_%s", sc->name);
- int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
- if (m_cfg->readBoolEntry(tcipher, bits >= 56)) {
- CipherNode *xx = new CipherNode(sc->name,bits);
- if (!cipherList.contains(xx))
- cipherList.prepend(xx);
- else
- delete xx;
- }
- }
- d->kossl->SSL_free(ssl);
- d->kossl->SSL_CTX_free(ctx);
-
- // Remove any ADH ciphers as per RFC2246
- // Also remove NULL ciphers and 168bit ciphers
- for (unsigned int i = 0; i < cipherList.count(); i++) {
- CipherNode *j = 0L;
- while ((j = cipherList.at(i)) != 0L) {
- if (j->name.contains("ADH-") || j->name.contains("NULL-") || j->name.contains("DES-CBC3-SHA") || j->name.contains("FZA")) {
- cipherList.remove(j);
- } else {
- break;
- }
- }
- }
-
- // now assemble the list cipher1:cipher2:cipher3:...:ciphern
- while (!cipherList.isEmpty()) {
- if (firstcipher)
- firstcipher = false;
- else clist.append(":");
- clist.append(cipherList.getLast()->name);
- cipherList.removeLast();
- } // while
-
- kdDebug(7029) << "Cipher list is: " << clist << endl;
-
-#endif
- return clist;
-}
-
-// FIXME - sync these up so that we can use them with the control module!!
-void KSSLSettings::load() {
- m_cfg->reparseConfiguration();
-
- m_cfg->setGroup("TLS");
- m_bUseTLSv1 = m_cfg->readBoolEntry("Enabled", true);
-
- m_cfg->setGroup("SSLv2");
- m_bUseSSLv2 = m_cfg->readBoolEntry("Enabled", false);
-
- m_cfg->setGroup("SSLv3");
- m_bUseSSLv3 = m_cfg->readBoolEntry("Enabled", true);
-
- m_cfg->setGroup("Warnings");
- m_bWarnOnEnter = m_cfg->readBoolEntry("OnEnter", false);
- m_bWarnOnLeave = m_cfg->readBoolEntry("OnLeave", true);
- m_bWarnOnUnencrypted = m_cfg->readBoolEntry("OnUnencrypted", true);
- m_bWarnOnMixed = m_cfg->readBoolEntry("OnMixed", true);
-
- m_cfg->setGroup("Validation");
- m_bWarnSelfSigned = m_cfg->readBoolEntry("WarnSelfSigned", true);
- m_bWarnExpired = m_cfg->readBoolEntry("WarnExpired", true);
- m_bWarnRevoked = m_cfg->readBoolEntry("WarnRevoked", true);
-
- m_cfg->setGroup("EGD");
- d->m_bUseEGD = m_cfg->readBoolEntry("UseEGD", false);
- d->m_bUseEFile = m_cfg->readBoolEntry("UseEFile", false);
- d->m_EGDPath = m_cfg->readPathEntry("EGDPath");
-
- m_cfg->setGroup("Auth");
- d->m_bSendX509 = ("send" == m_cfg->readEntry("AuthMethod", ""));
- d->m_bPromptX509 = ("prompt" == m_cfg->readEntry("AuthMethod", ""));
-
- #ifdef KSSL_HAVE_SSL
-
-
-
- #endif
-}
-
-
-void KSSLSettings::defaults() {
- m_bUseTLSv1 = true;
- m_bUseSSLv2 = false;
- m_bUseSSLv3 = true;
- m_bWarnOnEnter = false;
- m_bWarnOnLeave = true;
- m_bWarnOnUnencrypted = true;
- m_bWarnOnMixed = true;
- m_bWarnSelfSigned = true;
- m_bWarnExpired = true;
- m_bWarnRevoked = true;
- d->m_bUseEGD = false;
- d->m_bUseEFile = false;
- d->m_EGDPath = "";
-}
-
-
-void KSSLSettings::save() {
- m_cfg->setGroup("TLS");
- m_cfg->writeEntry("Enabled", m_bUseTLSv1);
-
- m_cfg->setGroup("SSLv2");
- m_cfg->writeEntry("Enabled", m_bUseSSLv2);
-
- m_cfg->setGroup("SSLv3");
- m_cfg->writeEntry("Enabled", m_bUseSSLv3);
-
- m_cfg->setGroup("Warnings");
- m_cfg->writeEntry("OnEnter", m_bWarnOnEnter);
- m_cfg->writeEntry("OnLeave", m_bWarnOnLeave);
- m_cfg->writeEntry("OnUnencrypted", m_bWarnOnUnencrypted);
- m_cfg->writeEntry("OnMixed", m_bWarnOnMixed);
-
- m_cfg->setGroup("Validation");
- m_cfg->writeEntry("WarnSelfSigned", m_bWarnSelfSigned);
- m_cfg->writeEntry("WarnExpired", m_bWarnExpired);
- m_cfg->writeEntry("WarnRevoked", m_bWarnRevoked);
-
- m_cfg->setGroup("EGD");
- m_cfg->writeEntry("UseEGD", d->m_bUseEGD);
- m_cfg->writeEntry("UseEFile", d->m_bUseEFile);
- m_cfg->writePathEntry("EGDPath", d->m_EGDPath);
-
- m_cfg->sync();
- // FIXME - ciphers
-#if 0
-#ifdef KSSL_HAVE_SSL
- m_cfg->setGroup("SSLv2");
- for (unsigned int i = 0; i < v2ciphers.count(); i++) {
- TQString ciphername;
- ciphername.sprintf("cipher_%s", v2ciphers[i].ascii());
- if (v2selectedciphers.contains(v2ciphers[i])) {
- m_cfg->writeEntry(ciphername, true);
- } else m_cfg->writeEntry(ciphername, false);
- }
-
- m_cfg->setGroup("SSLv3");
- for (unsigned int i = 0; i < v3ciphers.count(); i++) {
- TQString ciphername;
- ciphername.sprintf("cipher_%s", v3ciphers[i].ascii());
- if (v3selectedciphers.contains(v3ciphers[i])) {
- m_cfg->writeEntry(ciphername, true);
- } else m_cfg->writeEntry(ciphername, false);
- }
-#endif
-
- m_cfg->sync();
-
- // insure proper permissions -- contains sensitive data
- TQString cfgName(KGlobal::dirs()->findResource("config", "cryptodefaults"));
- if (!cfgName.isEmpty())
- ::chmod(TQFile::encodeName(cfgName), 0600);
-#endif
-}
-
-
-bool KSSLSettings::warnOnEnter() const { return m_bWarnOnEnter; }
-void KSSLSettings::setWarnOnEnter(bool x) { m_bWarnOnEnter = x; }
-bool KSSLSettings::warnOnUnencrypted() const { return m_bWarnOnUnencrypted; }
-void KSSLSettings::setWarnOnUnencrypted(bool x) { m_bWarnOnUnencrypted = x; }
-bool KSSLSettings::warnOnLeave() const { return m_bWarnOnLeave; }
-void KSSLSettings::setWarnOnLeave(bool x) { m_bWarnOnLeave = x; }
-bool KSSLSettings::warnOnMixed() const { return m_bWarnOnMixed; }
-bool KSSLSettings::warnOnSelfSigned() const { return m_bWarnSelfSigned; }
-bool KSSLSettings::warnOnRevoked() const { return m_bWarnRevoked; }
-bool KSSLSettings::warnOnExpired() const { return m_bWarnExpired; }
-bool KSSLSettings::useEGD() const { return d->m_bUseEGD; }
-bool KSSLSettings::useEFile() const { return d->m_bUseEFile; }
-bool KSSLSettings::autoSendX509() const { return d->m_bSendX509; }
-bool KSSLSettings::promptSendX509() const { return d->m_bPromptX509; }
-
-void KSSLSettings::setTLSv1(bool enabled) { m_bUseTLSv1 = enabled; }
-void KSSLSettings::setSSLv2(bool enabled) { m_bUseSSLv2 = enabled; }
-void KSSLSettings::setSSLv3(bool enabled) { m_bUseSSLv3 = enabled; }
-
-TQString& KSSLSettings::getEGDPath() { return d->m_EGDPath; }
-
-#ifdef KSSL_HAVE_SSL
-#undef sk_new
-#undef sk_push
-#undef sk_free
-#undef sk_value
-#undef sk_num
-#undef sk_pop
-#undef sk_dup
-#endif
-