• Skip to content
  • Skip to link menu
Trinity API Reference
  • Trinity API Reference
  • kio/kssl
 

kio/kssl

  • kio
  • kssl
ksslsettings.cc
1 /* This file is part of the KDE project
2  *
3  * Copyright (C) 2000 George Staikos <staikos@kde.org>
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Library General Public
7  * License as published by the Free Software Foundation; either
8  * version 2 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Library General Public License for more details.
14  *
15  * You should have received a copy of the GNU Library General Public License
16  * along with this library; see the file COPYING.LIB. If not, write to
17  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18  * Boston, MA 02110-1301, USA.
19  */
20 
21 #ifdef HAVE_CONFIG_H
22 #include <config.h>
23 #endif
24 
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 
28 #include <stdlib.h>
29 #include <pwd.h>
30 #include <unistd.h>
31 
32 #include <tqfile.h>
33 #include <tqsortedlist.h>
34 
35 #include "ksslsettings.h"
36 #include <kglobal.h>
37 #include <kstandarddirs.h>
38 #include <kdebug.h>
39 
40 // this hack provided by Malte Starostik to avoid glibc/openssl bug
41 // on some systems
42 #ifdef KSSL_HAVE_SSL
43 #define crypt _openssl_crypt
44 #include <openssl/ssl.h>
45 #undef crypt
46 #endif
47 #include <kopenssl.h>
48 
49 #ifdef KSSL_HAVE_SSL
50 #define sk_new d->kossl->sk_new
51 #define sk_push d->kossl->sk_push
52 #define sk_free d->kossl->sk_free
53 #define sk_value d->kossl->sk_value
54 #define sk_num d->kossl->sk_num
55 #define sk_dup d->kossl->sk_dup
56 #define sk_pop d->kossl->sk_pop
57 #endif
58 
59  class CipherNode {
60  public:
61  CipherNode(const char *_name, int _keylen) :
62  name(_name), keylen(_keylen) {}
63  TQString name;
64  int keylen;
65  inline int operator==(CipherNode &x)
66  { return ((x.keylen == keylen) && (x.name == name)); }
67  inline int operator< (CipherNode &x) { return keylen < x.keylen; }
68  inline int operator<=(CipherNode &x) { return keylen <= x.keylen; }
69  inline int operator> (CipherNode &x) { return keylen > x.keylen; }
70  inline int operator>=(CipherNode &x) { return keylen >= x.keylen; }
71  };
72 
73 
74 class KSSLSettingsPrivate {
75 public:
76  KSSLSettingsPrivate() {
77  kossl = NULL; // try to delay this as long as possible
78  }
79  ~KSSLSettingsPrivate() {
80 
81  }
82 
83  KOSSL *kossl;
84  bool m_bUseEGD;
85  bool m_bUseEFile;
86  TQString m_EGDPath;
87  bool m_bSendX509;
88  bool m_bPromptX509;
89 };
90 
91 //
92 // FIXME
93 // Implementation note: for now, we only read cipher settings from disk,
94 // and do not store them in memory. This should change.
95 //
96 
97 KSSLSettings::KSSLSettings(bool readConfig) {
98  d = new KSSLSettingsPrivate;
99  m_cfg = new KConfig("cryptodefaults", false, false);
100 
101  if (!KGlobal::dirs()->addResourceType("kssl", KStandardDirs::kde_default("data") + "kssl")) {
102  //kdDebug(7029) << "Error adding (kssl, share/apps/kssl)" << endl;
103  }
104 
105  if (readConfig) load();
106 }
107 
108 
109 // we don't save settings incase it was a temporary object
110 KSSLSettings::~KSSLSettings() {
111  delete m_cfg;
112  delete d;
113 }
114 
115 
116 bool KSSLSettings::sslv2() const {
117  return m_bUseSSLv2;
118 }
119 
120 
121 bool KSSLSettings::sslv3() const {
122  return m_bUseSSLv3;
123 }
124 
125 
126 bool KSSLSettings::tlsv1() const {
127  return m_bUseTLSv1;
128 }
129 
130 
131 // FIXME: we should make a default list available if this fails
132 // since OpenSSL seems to just choose any old thing if it's given an
133 // empty list. This behavior is not confirmed though.
134 TQString KSSLSettings::getCipherList() {
135  TQString clist;
136 #ifdef KSSL_HAVE_SSL
137  TQString tcipher;
138  bool firstcipher = true;
139  SSL_METHOD *meth = 0L;
140  TQPtrList<CipherNode> cipherList;
141 
142  cipherList.setAutoDelete(true);
143 
144  if (!d->kossl)
145  d->kossl = KOSSL::self();
146 
147  if (m_bUseSSLv3 && m_bUseSSLv2)
148  meth = d->kossl->SSLv23_client_method();
149  else if(m_bUseSSLv3)
150  meth = d->kossl->SSLv3_client_method();
151  else if (m_bUseSSLv2)
152  meth = d->kossl->SSLv2_client_method();
153 
154  SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth);
155  SSL* ssl = d->kossl->SSL_new(ctx);
156  STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl);
157  int cnt = sk_SSL_CIPHER_num(sk);
158  for (int i=0; i< cnt; i++) {
159  SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i);
160  if (!sc)
161  break;
162 
163  if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(sc)))
164  m_cfg->setGroup("SSLv2");
165  else
166  m_cfg->setGroup("SSLv3");
167 
168  tcipher.sprintf("cipher_%s", sc->name);
169  int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
170  if (m_cfg->readBoolEntry(tcipher, bits >= 56)) {
171  CipherNode *xx = new CipherNode(sc->name,bits);
172  if (!cipherList.contains(xx))
173  cipherList.prepend(xx);
174  else
175  delete xx;
176  }
177  }
178  d->kossl->SSL_free(ssl);
179  d->kossl->SSL_CTX_free(ctx);
180 
181  // Remove any ADH ciphers as per RFC2246
182  // Also remove NULL ciphers and 168bit ciphers
183  for (unsigned int i = 0; i < cipherList.count(); i++) {
184  CipherNode *j = 0L;
185  while ((j = cipherList.at(i)) != 0L) {
186  if (j->name.contains("ADH-") || j->name.contains("NULL-") || j->name.contains("DES-CBC3-SHA") || j->name.contains("FZA")) {
187  cipherList.remove(j);
188  } else {
189  break;
190  }
191  }
192  }
193 
194  // now assemble the list cipher1:cipher2:cipher3:...:ciphern
195  while (!cipherList.isEmpty()) {
196  if (firstcipher)
197  firstcipher = false;
198  else clist.append(":");
199  clist.append(cipherList.getLast()->name);
200  cipherList.removeLast();
201  } // while
202 
203  kdDebug(7029) << "Cipher list is: " << clist << endl;
204 
205 #endif
206  return clist;
207 }
208 
209 // FIXME - sync these up so that we can use them with the control module!!
210 void KSSLSettings::load() {
211  m_cfg->reparseConfiguration();
212 
213  m_cfg->setGroup("TLS");
214  m_bUseTLSv1 = m_cfg->readBoolEntry("Enabled", true);
215 
216  m_cfg->setGroup("SSLv2");
217  m_bUseSSLv2 = m_cfg->readBoolEntry("Enabled", false);
218 
219  m_cfg->setGroup("SSLv3");
220  m_bUseSSLv3 = m_cfg->readBoolEntry("Enabled", true);
221 
222  m_cfg->setGroup("Warnings");
223  m_bWarnOnEnter = m_cfg->readBoolEntry("OnEnter", false);
224  m_bWarnOnLeave = m_cfg->readBoolEntry("OnLeave", true);
225  m_bWarnOnUnencrypted = m_cfg->readBoolEntry("OnUnencrypted", true);
226  m_bWarnOnMixed = m_cfg->readBoolEntry("OnMixed", true);
227 
228  m_cfg->setGroup("Validation");
229  m_bWarnSelfSigned = m_cfg->readBoolEntry("WarnSelfSigned", true);
230  m_bWarnExpired = m_cfg->readBoolEntry("WarnExpired", true);
231  m_bWarnRevoked = m_cfg->readBoolEntry("WarnRevoked", true);
232 
233  m_cfg->setGroup("EGD");
234  d->m_bUseEGD = m_cfg->readBoolEntry("UseEGD", false);
235  d->m_bUseEFile = m_cfg->readBoolEntry("UseEFile", false);
236  d->m_EGDPath = m_cfg->readPathEntry("EGDPath");
237 
238  m_cfg->setGroup("Auth");
239  d->m_bSendX509 = ("send" == m_cfg->readEntry("AuthMethod", ""));
240  d->m_bPromptX509 = ("prompt" == m_cfg->readEntry("AuthMethod", ""));
241 
242  #ifdef KSSL_HAVE_SSL
243 
244 
245 
246  #endif
247 }
248 
249 
250 void KSSLSettings::defaults() {
251  m_bUseTLSv1 = true;
252  m_bUseSSLv2 = false;
253  m_bUseSSLv3 = true;
254  m_bWarnOnEnter = false;
255  m_bWarnOnLeave = true;
256  m_bWarnOnUnencrypted = true;
257  m_bWarnOnMixed = true;
258  m_bWarnSelfSigned = true;
259  m_bWarnExpired = true;
260  m_bWarnRevoked = true;
261  d->m_bUseEGD = false;
262  d->m_bUseEFile = false;
263  d->m_EGDPath = "";
264 }
265 
266 
267 void KSSLSettings::save() {
268  m_cfg->setGroup("TLS");
269  m_cfg->writeEntry("Enabled", m_bUseTLSv1);
270 
271  m_cfg->setGroup("SSLv2");
272  m_cfg->writeEntry("Enabled", m_bUseSSLv2);
273 
274  m_cfg->setGroup("SSLv3");
275  m_cfg->writeEntry("Enabled", m_bUseSSLv3);
276 
277  m_cfg->setGroup("Warnings");
278  m_cfg->writeEntry("OnEnter", m_bWarnOnEnter);
279  m_cfg->writeEntry("OnLeave", m_bWarnOnLeave);
280  m_cfg->writeEntry("OnUnencrypted", m_bWarnOnUnencrypted);
281  m_cfg->writeEntry("OnMixed", m_bWarnOnMixed);
282 
283  m_cfg->setGroup("Validation");
284  m_cfg->writeEntry("WarnSelfSigned", m_bWarnSelfSigned);
285  m_cfg->writeEntry("WarnExpired", m_bWarnExpired);
286  m_cfg->writeEntry("WarnRevoked", m_bWarnRevoked);
287 
288  m_cfg->setGroup("EGD");
289  m_cfg->writeEntry("UseEGD", d->m_bUseEGD);
290  m_cfg->writeEntry("UseEFile", d->m_bUseEFile);
291  m_cfg->writePathEntry("EGDPath", d->m_EGDPath);
292 
293  m_cfg->sync();
294  // FIXME - ciphers
295 #if 0
296 #ifdef KSSL_HAVE_SSL
297  m_cfg->setGroup("SSLv2");
298  for (unsigned int i = 0; i < v2ciphers.count(); i++) {
299  TQString ciphername;
300  ciphername.sprintf("cipher_%s", v2ciphers[i].ascii());
301  if (v2selectedciphers.contains(v2ciphers[i])) {
302  m_cfg->writeEntry(ciphername, true);
303  } else m_cfg->writeEntry(ciphername, false);
304  }
305 
306  m_cfg->setGroup("SSLv3");
307  for (unsigned int i = 0; i < v3ciphers.count(); i++) {
308  TQString ciphername;
309  ciphername.sprintf("cipher_%s", v3ciphers[i].ascii());
310  if (v3selectedciphers.contains(v3ciphers[i])) {
311  m_cfg->writeEntry(ciphername, true);
312  } else m_cfg->writeEntry(ciphername, false);
313  }
314 #endif
315 
316  m_cfg->sync();
317 
318  // insure proper permissions -- contains sensitive data
319  TQString cfgName(KGlobal::dirs()->findResource("config", "cryptodefaults"));
320  if (!cfgName.isEmpty())
321  ::chmod(TQFile::encodeName(cfgName), 0600);
322 #endif
323 }
324 
325 
326 bool KSSLSettings::warnOnEnter() const { return m_bWarnOnEnter; }
327 void KSSLSettings::setWarnOnEnter(bool x) { m_bWarnOnEnter = x; }
328 bool KSSLSettings::warnOnUnencrypted() const { return m_bWarnOnUnencrypted; }
329 void KSSLSettings::setWarnOnUnencrypted(bool x) { m_bWarnOnUnencrypted = x; }
330 bool KSSLSettings::warnOnLeave() const { return m_bWarnOnLeave; }
331 void KSSLSettings::setWarnOnLeave(bool x) { m_bWarnOnLeave = x; }
332 bool KSSLSettings::warnOnMixed() const { return m_bWarnOnMixed; }
333 bool KSSLSettings::warnOnSelfSigned() const { return m_bWarnSelfSigned; }
334 bool KSSLSettings::warnOnRevoked() const { return m_bWarnRevoked; }
335 bool KSSLSettings::warnOnExpired() const { return m_bWarnExpired; }
336 bool KSSLSettings::useEGD() const { return d->m_bUseEGD; }
337 bool KSSLSettings::useEFile() const { return d->m_bUseEFile; }
338 bool KSSLSettings::autoSendX509() const { return d->m_bSendX509; }
339 bool KSSLSettings::promptSendX509() const { return d->m_bPromptX509; }
340 
341 void KSSLSettings::setTLSv1(bool enabled) { m_bUseTLSv1 = enabled; }
342 void KSSLSettings::setSSLv2(bool enabled) { m_bUseSSLv2 = enabled; }
343 void KSSLSettings::setSSLv3(bool enabled) { m_bUseSSLv3 = enabled; }
344 
345 TQString& KSSLSettings::getEGDPath() { return d->m_EGDPath; }
346 
347 #ifdef KSSL_HAVE_SSL
348 #undef sk_new
349 #undef sk_push
350 #undef sk_free
351 #undef sk_value
352 #undef sk_num
353 #undef sk_pop
354 #undef sk_dup
355 #endif
356 

kio/kssl

Skip menu "kio/kssl"
  • Main Page
  • Alphabetical List
  • Class List
  • File List
  • Class Members
  • Related Pages

kio/kssl

Skip menu "kio/kssl"
  • arts
  • dcop
  • dnssd
  • interfaces
  •     interface
  •     library
  •   kspeech
  •   ktexteditor
  • kabc
  • kate
  • kcmshell
  • kdecore
  • kded
  • kdefx
  • kdeprint
  • kdesu
  • kdeui
  • kdoctools
  • khtml
  • kimgio
  • kinit
  • kio
  •   bookmarks
  •   httpfilter
  •   kfile
  •   kio
  •   kioexec
  •   kpasswdserver
  •   kssl
  • kioslave
  •   http
  • kjs
  • kmdi
  •   kmdi
  • knewstuff
  • kparts
  • krandr
  • kresources
  • kspell2
  • kunittest
  • kutils
  • kwallet
  • libkmid
  • libkscreensaver
Generated for kio/kssl by doxygen 1.8.3.1
This website is maintained by Timothy Pearson.
KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. |