25 #include <sys/types.h>
33 #include <tqsortedlist.h>
35 #include "ksslsettings.h"
37 #include <kstandarddirs.h>
43 #define crypt _openssl_crypt
44 #include <openssl/ssl.h>
50 #define sk_new d->kossl->sk_new
51 #define sk_push d->kossl->sk_push
52 #define sk_free d->kossl->sk_free
53 #define sk_value d->kossl->sk_value
54 #define sk_num d->kossl->sk_num
55 #define sk_dup d->kossl->sk_dup
56 #define sk_pop d->kossl->sk_pop
61 CipherNode(
const char *_name,
int _keylen) :
62 name(_name), keylen(_keylen) {}
65 inline int operator==(CipherNode &x)
66 {
return ((x.keylen == keylen) && (x.name == name)); }
67 inline int operator< (CipherNode &x) {
return keylen < x.keylen; }
68 inline int operator<=(CipherNode &x) {
return keylen <= x.keylen; }
69 inline int operator> (CipherNode &x) {
return keylen > x.keylen; }
70 inline int operator>=(CipherNode &x) {
return keylen >= x.keylen; }
74 class KSSLSettingsPrivate {
76 KSSLSettingsPrivate() {
79 ~KSSLSettingsPrivate() {
98 d =
new KSSLSettingsPrivate;
99 m_cfg =
new KConfig(
"cryptodefaults",
false,
false);
101 if (!KGlobal::dirs()->addResourceType(
"kssl", KStandardDirs::kde_default(
"data") +
"kssl")) {
105 if (readConfig)
load();
138 bool firstcipher =
true;
139 SSL_METHOD *meth = 0L;
140 TQPtrList<CipherNode> cipherList;
142 cipherList.setAutoDelete(
true);
145 d->kossl = KOSSL::self();
147 if (m_bUseSSLv3 && m_bUseSSLv2)
148 meth = d->kossl->SSLv23_client_method();
150 meth = d->kossl->SSLv3_client_method();
151 else if (m_bUseSSLv2)
152 meth = d->kossl->SSLv2_client_method();
154 SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth);
155 SSL* ssl = d->kossl->SSL_new(ctx);
156 STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl);
157 int cnt = sk_SSL_CIPHER_num(sk);
158 for (
int i=0; i< cnt; i++) {
159 SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i);
163 if(!strcmp(
"SSLv2", d->kossl->SSL_CIPHER_get_version(sc)))
164 m_cfg->setGroup(
"SSLv2");
166 m_cfg->setGroup(
"SSLv3");
168 tcipher.sprintf(
"cipher_%s", sc->name);
169 int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
170 if (m_cfg->readBoolEntry(tcipher, bits >= 56)) {
171 CipherNode *xx =
new CipherNode(sc->name,bits);
172 if (!cipherList.contains(xx))
173 cipherList.prepend(xx);
178 d->kossl->SSL_free(ssl);
179 d->kossl->SSL_CTX_free(ctx);
183 for (
unsigned int i = 0; i < cipherList.count(); i++) {
185 while ((j = cipherList.at(i)) != 0L) {
186 if (j->name.contains(
"ADH-") || j->name.contains(
"NULL-") || j->name.contains(
"DES-CBC3-SHA") || j->name.contains(
"FZA")) {
187 cipherList.remove(j);
195 while (!cipherList.isEmpty()) {
198 else clist.append(
":");
199 clist.append(cipherList.getLast()->name);
200 cipherList.removeLast();
203 kdDebug(7029) <<
"Cipher list is: " << clist << endl;
211 m_cfg->reparseConfiguration();
213 m_cfg->setGroup(
"TLS");
214 m_bUseTLSv1 = m_cfg->readBoolEntry(
"Enabled",
true);
216 m_cfg->setGroup(
"SSLv2");
217 m_bUseSSLv2 = m_cfg->readBoolEntry(
"Enabled",
false);
219 m_cfg->setGroup(
"SSLv3");
220 m_bUseSSLv3 = m_cfg->readBoolEntry(
"Enabled",
true);
222 m_cfg->setGroup(
"Warnings");
223 m_bWarnOnEnter = m_cfg->readBoolEntry(
"OnEnter",
false);
224 m_bWarnOnLeave = m_cfg->readBoolEntry(
"OnLeave",
true);
225 m_bWarnOnUnencrypted = m_cfg->readBoolEntry(
"OnUnencrypted",
true);
226 m_bWarnOnMixed = m_cfg->readBoolEntry(
"OnMixed",
true);
228 m_cfg->setGroup(
"Validation");
229 m_bWarnSelfSigned = m_cfg->readBoolEntry(
"WarnSelfSigned",
true);
230 m_bWarnExpired = m_cfg->readBoolEntry(
"WarnExpired",
true);
231 m_bWarnRevoked = m_cfg->readBoolEntry(
"WarnRevoked",
true);
233 m_cfg->setGroup(
"EGD");
234 d->m_bUseEGD = m_cfg->readBoolEntry(
"UseEGD",
false);
235 d->m_bUseEFile = m_cfg->readBoolEntry(
"UseEFile",
false);
236 d->m_EGDPath = m_cfg->readPathEntry(
"EGDPath");
238 m_cfg->setGroup(
"Auth");
239 d->m_bSendX509 = (
"send" == m_cfg->readEntry(
"AuthMethod",
""));
240 d->m_bPromptX509 = (
"prompt" == m_cfg->readEntry(
"AuthMethod",
""));
254 m_bWarnOnEnter =
false;
255 m_bWarnOnLeave =
true;
256 m_bWarnOnUnencrypted =
true;
257 m_bWarnOnMixed =
true;
258 m_bWarnSelfSigned =
true;
259 m_bWarnExpired =
true;
260 m_bWarnRevoked =
true;
261 d->m_bUseEGD =
false;
262 d->m_bUseEFile =
false;
268 m_cfg->setGroup(
"TLS");
269 m_cfg->writeEntry(
"Enabled", m_bUseTLSv1);
271 m_cfg->setGroup(
"SSLv2");
272 m_cfg->writeEntry(
"Enabled", m_bUseSSLv2);
274 m_cfg->setGroup(
"SSLv3");
275 m_cfg->writeEntry(
"Enabled", m_bUseSSLv3);
277 m_cfg->setGroup(
"Warnings");
278 m_cfg->writeEntry(
"OnEnter", m_bWarnOnEnter);
279 m_cfg->writeEntry(
"OnLeave", m_bWarnOnLeave);
280 m_cfg->writeEntry(
"OnUnencrypted", m_bWarnOnUnencrypted);
281 m_cfg->writeEntry(
"OnMixed", m_bWarnOnMixed);
283 m_cfg->setGroup(
"Validation");
284 m_cfg->writeEntry(
"WarnSelfSigned", m_bWarnSelfSigned);
285 m_cfg->writeEntry(
"WarnExpired", m_bWarnExpired);
286 m_cfg->writeEntry(
"WarnRevoked", m_bWarnRevoked);
288 m_cfg->setGroup(
"EGD");
289 m_cfg->writeEntry(
"UseEGD", d->m_bUseEGD);
290 m_cfg->writeEntry(
"UseEFile", d->m_bUseEFile);
291 m_cfg->writePathEntry(
"EGDPath", d->m_EGDPath);
297 m_cfg->setGroup(
"SSLv2");
298 for (
unsigned int i = 0; i < v2ciphers.count(); i++) {
300 ciphername.sprintf(
"cipher_%s", v2ciphers[i].ascii());
301 if (v2selectedciphers.contains(v2ciphers[i])) {
302 m_cfg->writeEntry(ciphername,
true);
303 }
else m_cfg->writeEntry(ciphername,
false);
306 m_cfg->setGroup(
"SSLv3");
307 for (
unsigned int i = 0; i < v3ciphers.count(); i++) {
309 ciphername.sprintf(
"cipher_%s", v3ciphers[i].ascii());
310 if (v3selectedciphers.contains(v3ciphers[i])) {
311 m_cfg->writeEntry(ciphername,
true);
312 }
else m_cfg->writeEntry(ciphername,
false);
319 TQString cfgName(KGlobal::dirs()->findResource(
"config",
"cryptodefaults"));
320 if (!cfgName.isEmpty())
321 ::chmod(TQFile::encodeName(cfgName), 0600);