---
src/drv_imap.c | 14 ++++++++++++++
src/mbsync.1 | 10 ++++++++++
src/socket.c | 13 +++++++++++++
src/socket.h | 2 ++
4 files changed, 39 insertions(+)
diff --git a/src/drv_imap.c b/src/drv_imap.c
index f27e58e..63c43f4 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -2777,6 +2777,20 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep
)
cfg->file, cfg->line,
server->sconf.cert_file );
cfg->err = 1;
}
+ } else if (!strcasecmp( "ClientCertificate", cfg->cmd )) {
+ server->sconf.client_certfile = expand_strdup( cfg->val
);
+ if (access( server->sconf.client_certfile, R_OK )) {
+ sys_error( "%s:%d: ClientCertificate '%s'",
+ cfg->file, cfg->line,
server->sconf.client_certfile );
+ cfg->err = 1;
+ }
+ } else if (!strcasecmp( "ClientKey", cfg->cmd )) {
+ server->sconf.client_keyfile = expand_strdup( cfg->val
);
+ if (access( server->sconf.client_keyfile, R_OK )) {
+ sys_error( "%s:%d: ClientKey '%s'",
+ cfg->file, cfg->line,
server->sconf.client_keyfile );
+ cfg->err = 1;
+ }
} else if (!strcasecmp( "SystemCertificates", cfg->cmd )) {
server->sconf.system_certs = parse_bool( cfg );
} else if (!strcasecmp( "SSLType", cfg->cmd )) {
diff --git a/src/mbsync.1 b/src/mbsync.1
index cb190a2..7e5a503 100644
--- a/src/mbsync.1
+++ b/src/mbsync.1
@@ -378,6 +378,16 @@ Note that the system's default certificate store is always
used
and should not be specified here.
..
.TP
+\fBClientCertificate\fR \fIpath\fR
+File containing a client certificate to send to the server.
+\fBClientKey\fR should also be specified.
+..
+.TP
+\fBClientKey\fR \fIpath\fR
+File containing the private key corresponding to the client
+certificate.
+..
+.TP
\fBPipelineDepth\fR \fIdepth\fR
Maximum number of IMAP commands which can be simultaneously in flight.
Setting this to \fI1\fR disables pipelining.
diff --git a/src/socket.c b/src/socket.c
index 27bc8cd..3dd22f5 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -223,6 +223,19 @@ init_ssl_ctx( const server_conf_t *conf )
conf->cert_file, ERR_error_string( ERR_get_error(), 0 )
);
return 0;
}
+
+ if (conf->client_certfile && !SSL_CTX_use_certificate_chain_file(
mconf->SSLContext, conf->client_certfile)) {
+ error( "Error while loading client certificate file '%s': %s\n",
+ conf->client_certfile, ERR_error_string(
ERR_get_error(), 0 ) );
+ return 0;
+ }
+
+ if (conf->client_keyfile && !SSL_CTX_use_PrivateKey_file(
mconf->SSLContext, conf->client_keyfile, SSL_FILETYPE_PEM)) {
+ error( "Error while loading client private key '%s': %s\n",
+ conf->client_keyfile, ERR_error_string( ERR_get_error(),
0 ) );
+ return 0;
+ }
+
mconf->trusted_certs = (_STACK *)sk_X509_OBJECT_dup(
SSL_CTX_get_cert_store( mconf->SSLContext )->objs );
if (mconf->system_certs && !SSL_CTX_set_default_verify_paths(
mconf->SSLContext ))
warn( "Warning: Unable to load default certificate files: %s\n",
diff --git a/src/socket.h b/src/socket.h
index bbbc56b..1a089cd 100644
--- a/src/socket.h
+++ b/src/socket.h
@@ -50,6 +50,8 @@ typedef struct server_conf {
int timeout;
#ifdef HAVE_LIBSSL
char *cert_file;
+ char *client_certfile;
+ char *client_keyfile;
char system_certs;
char ssl_versions;
--
2.0.0
------------------------------------------------------------------------------
_______________________________________________
isync-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/isync-devel
