• Skip to content
  • Skip to link menu
Trinity API Reference
  • Trinity API Reference
  • tdeio/kssl
 

tdeio/kssl

  • tdeio
  • kssl
ksslsettings.cpp
1 /* This file is part of the KDE project
2  *
3  * Copyright (C) 2000 George Staikos <staikos@kde.org>
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Library General Public
7  * License as published by the Free Software Foundation; either
8  * version 2 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Library General Public License for more details.
14  *
15  * You should have received a copy of the GNU Library General Public License
16  * along with this library; see the file COPYING.LIB. If not, write to
17  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18  * Boston, MA 02110-1301, USA.
19  */
20 
21 #ifdef HAVE_CONFIG_H
22 #include <config.h>
23 #endif
24 
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 
28 #include <stdlib.h>
29 #include <pwd.h>
30 #include <unistd.h>
31 
32 #include <tqfile.h>
33 #include <tqsortedlist.h>
34 
35 #include "ksslsettings.h"
36 #include <tdeglobal.h>
37 #include <kstandarddirs.h>
38 #include <kdebug.h>
39 
40 // this hack provided by Malte Starostik to avoid glibc/openssl bug
41 // on some systems
42 #ifdef KSSL_HAVE_SSL
43 #define crypt _openssl_crypt
44 #include <openssl/ssl.h>
45 #undef crypt
46 #endif
47 #include <kopenssl.h>
48 
49 
50 class CipherNode {
51 public:
52  CipherNode(const char *_name, int _keylen) :
53  name(_name), keylen(_keylen) {}
54  TQString name;
55  int keylen;
56  inline int operator==(CipherNode &x)
57  { return ((x.keylen == keylen) && (x.name == name)); }
58  inline int operator< (CipherNode &x) { return keylen < x.keylen; }
59  inline int operator<=(CipherNode &x) { return keylen <= x.keylen; }
60  inline int operator> (CipherNode &x) { return keylen > x.keylen; }
61  inline int operator>=(CipherNode &x) { return keylen >= x.keylen; }
62 };
63 
64 
65 class KSSLSettingsPrivate {
66 public:
67  KSSLSettingsPrivate() {
68  kossl = NULL; // try to delay this as long as possible
69  }
70  ~KSSLSettingsPrivate() {
71 
72  }
73 
74  KOSSL *kossl;
75  bool m_bUseEGD;
76  bool m_bUseEFile;
77  TQString m_EGDPath;
78  bool m_bSendX509;
79  bool m_bPromptX509;
80 };
81 
82 //
83 // FIXME
84 // Implementation note: for now, we only read cipher settings from disk,
85 // and do not store them in memory. This should change.
86 //
87 
88 KSSLSettings::KSSLSettings(bool readConfig) {
89  d = new KSSLSettingsPrivate;
90  m_cfg = new TDEConfig("cryptodefaults", false, false);
91 
92  if (!TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl")) {
93  //kdDebug(7029) << "Error adding (kssl, share/apps/kssl)" << endl;
94  }
95 
96  if (readConfig) load();
97 }
98 
99 
100 // we don't save settings incase it was a temporary object
101 KSSLSettings::~KSSLSettings() {
102  delete m_cfg;
103  delete d;
104 }
105 
106 
107 bool KSSLSettings::sslv2() const {
108  return m_bUseSSLv2;
109 }
110 
111 
112 bool KSSLSettings::sslv3() const {
113  return m_bUseSSLv3;
114 }
115 
116 
117 bool KSSLSettings::tlsv1() const {
118  return m_bUseTLSv1;
119 }
120 
121 
122 // FIXME: we should make a default list available if this fails
123 // since OpenSSL seems to just choose any old thing if it's given an
124 // empty list. This behavior is not confirmed though.
125 TQString KSSLSettings::getCipherList() {
126  TQString clist;
127 #ifdef KSSL_HAVE_SSL
128  TQString tcipher;
129  bool firstcipher = true;
130  SSL_METHOD *meth = 0L;
131  TQPtrList<CipherNode> cipherList;
132 
133  cipherList.setAutoDelete(true);
134 
135  if (!d->kossl)
136  d->kossl = KOSSL::self();
137 
138  if (m_bUseSSLv3 && m_bUseSSLv2)
139  meth = d->kossl->TLS_client_method();
140  else if(m_bUseSSLv3)
141  meth = d->kossl->SSLv3_client_method();
142  else if (m_bUseSSLv2)
143  meth = d->kossl->SSLv2_client_method();
144 
145  SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth);
146  SSL* ssl = d->kossl->SSL_new(ctx);
147  STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl);
148  int cnt = d->kossl->OPENSSL_sk_num(sk);
149  for (int i=0; i< cnt; i++) {
150  SSL_CIPHER *sc = reinterpret_cast<SSL_CIPHER*>(d->kossl->OPENSSL_sk_value(sk,i));
151  if (!sc)
152  break;
153 
154  if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(sc)))
155  m_cfg->setGroup("SSLv2");
156  else
157  m_cfg->setGroup("SSLv3");
158 
159  tcipher.sprintf("cipher_%s", d->kossl->SSL_CIPHER_get_name(sc));
160  int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
161  if (m_cfg->readBoolEntry(tcipher, bits >= 56)) {
162  CipherNode *xx = new CipherNode(d->kossl->SSL_CIPHER_get_name(sc),bits);
163  if (!cipherList.contains(xx))
164  cipherList.prepend(xx);
165  else
166  delete xx;
167  }
168  }
169  d->kossl->SSL_free(ssl);
170  d->kossl->SSL_CTX_free(ctx);
171 
172  // Remove any ADH ciphers as per RFC2246
173  // Also remove NULL ciphers and 168bit ciphers
174  for (unsigned int i = 0; i < cipherList.count(); i++) {
175  CipherNode *j = 0L;
176  while ((j = cipherList.at(i)) != 0L) {
177  if (j->name.contains("ADH-") || j->name.contains("NULL-") || j->name.contains("DES-CBC3-SHA") || j->name.contains("FZA")) {
178  cipherList.remove(j);
179  } else {
180  break;
181  }
182  }
183  }
184 
185  // now assemble the list cipher1:cipher2:cipher3:...:ciphern
186  while (!cipherList.isEmpty()) {
187  if (firstcipher)
188  firstcipher = false;
189  else clist.append(":");
190  clist.append(cipherList.getLast()->name);
191  cipherList.removeLast();
192  } // while
193 
194  kdDebug(7029) << "Cipher list is: " << clist << endl;
195 
196 #endif
197  return clist;
198 }
199 
200 // FIXME - sync these up so that we can use them with the control module!!
201 void KSSLSettings::load() {
202  m_cfg->reparseConfiguration();
203 
204  m_cfg->setGroup("TLS");
205  m_bUseTLSv1 = m_cfg->readBoolEntry("Enabled", true);
206 
207 #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
208  m_bUseSSLv2 = false;
209 #else
210  m_cfg->setGroup("SSLv2");
211  m_bUseSSLv2 = m_cfg->readBoolEntry("Enabled", false);
212 #endif
213 
214 #if defined(OPENSSL_NO_SSL3)
215  m_bUseSSLv3 = false;
216 #else
217  m_cfg->setGroup("SSLv3");
218  m_bUseSSLv3 = m_cfg->readBoolEntry("Enabled", true);
219 #endif
220 
221  m_cfg->setGroup("Warnings");
222  m_bWarnOnEnter = m_cfg->readBoolEntry("OnEnter", false);
223  m_bWarnOnLeave = m_cfg->readBoolEntry("OnLeave", true);
224  m_bWarnOnUnencrypted = m_cfg->readBoolEntry("OnUnencrypted", true);
225  m_bWarnOnMixed = m_cfg->readBoolEntry("OnMixed", true);
226 
227  m_cfg->setGroup("Validation");
228  m_bWarnSelfSigned = m_cfg->readBoolEntry("WarnSelfSigned", true);
229  m_bWarnExpired = m_cfg->readBoolEntry("WarnExpired", true);
230  m_bWarnRevoked = m_cfg->readBoolEntry("WarnRevoked", true);
231 
232  m_cfg->setGroup("EGD");
233  d->m_bUseEGD = m_cfg->readBoolEntry("UseEGD", false);
234  d->m_bUseEFile = m_cfg->readBoolEntry("UseEFile", false);
235  d->m_EGDPath = m_cfg->readPathEntry("EGDPath");
236 
237  m_cfg->setGroup("Auth");
238  d->m_bSendX509 = ("send" == m_cfg->readEntry("AuthMethod", ""));
239  d->m_bPromptX509 = ("prompt" == m_cfg->readEntry("AuthMethod", ""));
240 
241  #ifdef KSSL_HAVE_SSL
242 
243 
244 
245  #endif
246 }
247 
248 
249 void KSSLSettings::defaults() {
250  m_bUseTLSv1 = true;
251  m_bUseSSLv2 = false;
252  m_bUseSSLv3 = true;
253  m_bWarnOnEnter = false;
254  m_bWarnOnLeave = true;
255  m_bWarnOnUnencrypted = true;
256  m_bWarnOnMixed = true;
257  m_bWarnSelfSigned = true;
258  m_bWarnExpired = true;
259  m_bWarnRevoked = true;
260  d->m_bUseEGD = false;
261  d->m_bUseEFile = false;
262  d->m_EGDPath = "";
263 }
264 
265 
266 void KSSLSettings::save() {
267  m_cfg->setGroup("TLS");
268  m_cfg->writeEntry("Enabled", m_bUseTLSv1);
269 
270  m_cfg->setGroup("SSLv2");
271  m_cfg->writeEntry("Enabled", m_bUseSSLv2);
272 
273  m_cfg->setGroup("SSLv3");
274  m_cfg->writeEntry("Enabled", m_bUseSSLv3);
275 
276  m_cfg->setGroup("Warnings");
277  m_cfg->writeEntry("OnEnter", m_bWarnOnEnter);
278  m_cfg->writeEntry("OnLeave", m_bWarnOnLeave);
279  m_cfg->writeEntry("OnUnencrypted", m_bWarnOnUnencrypted);
280  m_cfg->writeEntry("OnMixed", m_bWarnOnMixed);
281 
282  m_cfg->setGroup("Validation");
283  m_cfg->writeEntry("WarnSelfSigned", m_bWarnSelfSigned);
284  m_cfg->writeEntry("WarnExpired", m_bWarnExpired);
285  m_cfg->writeEntry("WarnRevoked", m_bWarnRevoked);
286 
287  m_cfg->setGroup("EGD");
288  m_cfg->writeEntry("UseEGD", d->m_bUseEGD);
289  m_cfg->writeEntry("UseEFile", d->m_bUseEFile);
290  m_cfg->writePathEntry("EGDPath", d->m_EGDPath);
291 
292  m_cfg->sync();
293  // FIXME - ciphers
294 #if 0
295 #ifdef KSSL_HAVE_SSL
296  m_cfg->setGroup("SSLv2");
297  for (unsigned int i = 0; i < v2ciphers.count(); i++) {
298  TQString ciphername;
299  ciphername.sprintf("cipher_%s", v2ciphers[i].ascii());
300  if (v2selectedciphers.contains(v2ciphers[i])) {
301  m_cfg->writeEntry(ciphername, true);
302  } else m_cfg->writeEntry(ciphername, false);
303  }
304 
305  m_cfg->setGroup("SSLv3");
306  for (unsigned int i = 0; i < v3ciphers.count(); i++) {
307  TQString ciphername;
308  ciphername.sprintf("cipher_%s", v3ciphers[i].ascii());
309  if (v3selectedciphers.contains(v3ciphers[i])) {
310  m_cfg->writeEntry(ciphername, true);
311  } else m_cfg->writeEntry(ciphername, false);
312  }
313 #endif
314 
315  m_cfg->sync();
316 
317  // insure proper permissions -- contains sensitive data
318  TQString cfgName(TDEGlobal::dirs()->findResource("config", "cryptodefaults"));
319  if (!cfgName.isEmpty())
320  ::chmod(TQFile::encodeName(cfgName), 0600);
321 #endif
322 }
323 
324 
325 bool KSSLSettings::warnOnEnter() const { return m_bWarnOnEnter; }
326 void KSSLSettings::setWarnOnEnter(bool x) { m_bWarnOnEnter = x; }
327 bool KSSLSettings::warnOnUnencrypted() const { return m_bWarnOnUnencrypted; }
328 void KSSLSettings::setWarnOnUnencrypted(bool x) { m_bWarnOnUnencrypted = x; }
329 bool KSSLSettings::warnOnLeave() const { return m_bWarnOnLeave; }
330 void KSSLSettings::setWarnOnLeave(bool x) { m_bWarnOnLeave = x; }
331 bool KSSLSettings::warnOnMixed() const { return m_bWarnOnMixed; }
332 bool KSSLSettings::warnOnSelfSigned() const { return m_bWarnSelfSigned; }
333 bool KSSLSettings::warnOnRevoked() const { return m_bWarnRevoked; }
334 bool KSSLSettings::warnOnExpired() const { return m_bWarnExpired; }
335 bool KSSLSettings::useEGD() const { return d->m_bUseEGD; }
336 bool KSSLSettings::useEFile() const { return d->m_bUseEFile; }
337 bool KSSLSettings::autoSendX509() const { return d->m_bSendX509; }
338 bool KSSLSettings::promptSendX509() const { return d->m_bPromptX509; }
339 
340 void KSSLSettings::setTLSv1(bool enabled) { m_bUseTLSv1 = enabled; }
341 void KSSLSettings::setSSLv2(bool enabled) { m_bUseSSLv2 = enabled; }
342 void KSSLSettings::setSSLv3(bool enabled) { m_bUseSSLv3 = enabled; }
343 
344 TQString& KSSLSettings::getEGDPath() { return d->m_EGDPath; }
345 
KSSLSettings::warnOnRevoked
bool warnOnRevoked() const KDE_DEPRECATED
Do not use this.
Definition: ksslsettings.cpp:333
KSSLSettings::warnOnLeave
bool warnOnLeave() const
Does the user want to be warned on leaving SSL mode.
Definition: ksslsettings.cpp:329
KSSLSettings::useEFile
bool useEFile() const
Does the user want to use an entropy file?
Definition: ksslsettings.cpp:336
KSSLSettings::autoSendX509
bool autoSendX509() const
Does the user want X.509 client certificates to always be sent when possible?
Definition: ksslsettings.cpp:337
KSSLSettings::setTLSv1
void setTLSv1(bool enabled)
Change the user's TLSv1 preference.
Definition: ksslsettings.cpp:340
KSSLSettings::setSSLv2
void setSSLv2(bool enabled)
Change the user's SSLv2 preference.
Definition: ksslsettings.cpp:341
KSSLSettings::setWarnOnLeave
void setWarnOnLeave(bool x)
Change the user's warnOnLeave() setting.
Definition: ksslsettings.cpp:330
KSSLSettings::sslv3
bool sslv3() const
Does the user allow SSLv3.
Definition: ksslsettings.cpp:112
KSSLSettings::warnOnMixed
bool warnOnMixed() const
Does the user want to be warned during mixed SSL/non-SSL mode.
Definition: ksslsettings.cpp:331
KSSLSettings::setWarnOnEnter
void setWarnOnEnter(bool x)
Change the user's warnOnEnter() setting.
Definition: ksslsettings.cpp:326
KSSLSettings::useEGD
bool useEGD() const
Does the user want to use the Entropy Gathering Daemon?
Definition: ksslsettings.cpp:335
KSSLSettings::warnOnUnencrypted
bool warnOnUnencrypted() const
Does the user want to be warned on sending unencrypted data.
Definition: ksslsettings.cpp:327
KSSLSettings::KSSLSettings
KSSLSettings(bool readConfig=true)
Construct a KSSL Settings object.
Definition: ksslsettings.cpp:88
KSSLSettings::setWarnOnUnencrypted
void setWarnOnUnencrypted(bool x)
Change the user's warnOnUnencrypted() setting.
Definition: ksslsettings.cpp:328
KSSLSettings::setSSLv3
void setSSLv3(bool enabled)
Change the user's SSLv3 preference.
Definition: ksslsettings.cpp:342
KSSLSettings::defaults
void defaults()
Revert to default settings.
Definition: ksslsettings.cpp:249
KSSLSettings::load
void load()
Load the user's settings.
Definition: ksslsettings.cpp:201
KSSLSettings::getEGDPath
TQString & getEGDPath()
Get the configured path to the entropy gathering daemon or entropy file.
Definition: ksslsettings.cpp:344
KSSLSettings::warnOnSelfSigned
bool warnOnSelfSigned() const KDE_DEPRECATED
Do not use this.
Definition: ksslsettings.cpp:332
KSSLSettings::tlsv1
bool tlsv1() const
Does the user allow TLSv1.
Definition: ksslsettings.cpp:117
KSSLSettings::getCipherList
TQString getCipherList()
Get the OpenSSL cipher list for selecting the list of ciphers to use in a connection.
Definition: ksslsettings.cpp:125
KSSLSettings::~KSSLSettings
~KSSLSettings()
Destroy this KSSL Settings object.
Definition: ksslsettings.cpp:101
KSSLSettings::promptSendX509
bool promptSendX509() const
Does the user want to be prompted to send X.509 client certificates when possible?
Definition: ksslsettings.cpp:338
KSSLSettings::warnOnEnter
bool warnOnEnter() const
Does the user want to be warned on entering SSL mode.
Definition: ksslsettings.cpp:325
KSSLSettings::sslv2
bool sslv2() const
Does the user allow SSLv2.
Definition: ksslsettings.cpp:107
KSSLSettings::save
void save()
Save the current settings.
Definition: ksslsettings.cpp:266
KSSLSettings::warnOnExpired
bool warnOnExpired() const KDE_DEPRECATED
Do not use this.
Definition: ksslsettings.cpp:334

tdeio/kssl

Skip menu "tdeio/kssl"
  • Main Page
  • Alphabetical List
  • Class List
  • File List
  • Class Members
  • Related Pages

tdeio/kssl

Skip menu "tdeio/kssl"
  • arts
  • dcop
  • dnssd
  • interfaces
  •   kspeech
  •     interface
  •     library
  •   tdetexteditor
  • kate
  • kded
  • kdoctools
  • kimgio
  • kjs
  • libtdemid
  • libtdescreensaver
  •     tdecore
  • tdeabc
  • tdecmshell
  • tdecore
  • tdefx
  • tdehtml
  • tdeinit
  • tdeio
  •   bookmarks
  •   httpfilter
  •   kpasswdserver
  •   kssl
  • tdeioslave
  •   http
  •   tdefile
  •   tdeio
  •   tdeioexec
  • tdemdi
  •   tdemdi
  • tdenewstuff
  • tdeparts
  • tdeprint
  • tderandr
  • tderesources
  • tdespell2
  • tdesu
  • tdeui
  • tdeunittest
  • tdeutils
  • tdewallet
Generated for tdeio/kssl by doxygen 1.8.8
This website is maintained by Timothy Pearson.