It is still possible to build Balsa without OpenSSL support. While this was reasonable ~15 years ago when encryption was not yet popular, I don't think this is up-to date anymore. In Germany, no mail provider offers an unencrypted access to POP3 or IMAP these days. It may be different in other countries, but at least since Edward Snowden, everybody should use it if possible. As *every* disto will ship with OpenSSL being installed by default, IMO it should be safe to *require* OpenSSL for building balsa.
The patch - modifies the configure script accordingly, - cleans up a lot of conditional compilation (which was controlled by /two/ macros, USE_TLS and USE_SSL, btw.) and - replaces the custom md5 implementation by OpenSSL's. Note that the files libbalsa/imap/md5-utils.[hc] can be removed. I must admit that I could not really test the MD5 implementation change (I just verified in a different application that it doesn't produce leaks or other harm), but it's *really* straightforward...
diff --git a/configure.ac b/configure.ac
index 2002402..9a2f696 100644
--- a/configure.ac
+++ b/configure.ac
@@ -180,11 +180,6 @@ AC_ARG_WITH([sqlite],
[Use SQLite for GPE address books (default=no)]),
[with_sqlite=$withval],[with_sqlite=no])
-AC_ARG_WITH(ssl,
- AC_HELP_STRING([--with-ssl],
- [Enable SSL (default=no)]),
- [ with_ssl=$withval ],[ with_ssl=no ])
-
AC_ARG_WITH(gmime,
AC_HELP_STRING([--with-gmime],
[Version of GMime 2.4, or 2.6 (default=detect)]),
@@ -679,49 +674,15 @@ fi
# OpenSSL configuration.
#
-
-AC_MSG_CHECKING([whether to build SSL support])
-if test "x$with_ssl" != xno ; then
-# openssl >=0.9.7 is pkg-config compatible.
- if pkg-config openssl >/dev/null 2>&1; then
- BALSA_LIBS="$BALSA_LIBS `pkg-config --libs openssl`"
- BALSA_CFLAGS="`pkg-config --cflags-only-I openssl` $BALSA_CFLAGS"
- AC_MSG_RESULT(yes)
- AC_DEFINE(USE_SSL,1,[Defined when SSL support is to be compiled.])
- AC_DEFINE(USE_TLS,USE_SSL,[Defined when TLS is to be enabled.])
- else
- if test -d $with_ssl && test -f "$with_ssl/include/openssl/ssl.h" ; then
- ssldir=$with_ssl
- else
- AC_TRY_COMPILE([#include <openssl/ssl.h>], ,
- ssldir=default,
- ssldir="")
- if test "x$ssldir" = x ; then
- for prefixdir in /usr /usr/local /usr/lib /usr/pkg /var /opt; do
- for dir in $prefixdir $prefixdir/openssl $prefixdir/ssl; do
- if test -f "$dir/include/openssl/ssl.h"; then
- ssldir=$dir
- fi
- done
- done
- fi
- fi
- if test -z "$ssldir"; then
- AC_MSG_ERROR([SSL requested but no SSL headers found.])
- else
- AC_MSG_RESULT(yes)
- BALSA_LIBS="$BALSA_LIBS -lssl -lcrypto"
- if test "x$ssldir" != xdefault ; then
- BALSA_CFLAGS="-I${ssldir}/include $BALSA_CFLAGS"
- fi
- ac_cv_path_openssl=$ssldir
- AC_DEFINE(USE_SSL,1,[Defined when SSL support is to be compiled.])
- AC_DEFINE(USE_TLS,USE_SSL,[Defined when TLS is to be enabled.])
- fi
- fi
-else
- AC_MSG_RESULT(no)
-fi
+PKG_CHECK_MODULES(OPENSSL, [openssl],
+ [BALSA_CFLAGS="$OPENSSL_CFLAGS $BALSA_CFLAGS"
+ BALSA_LIBS="$OPENSSL_LIBS $BALSA_LIBS"],
+ [ AC_CHECK_HEADERS([openssl/ssl.h], [],
+ [AC_MSG_ERROR([OpenSSL headers not found])], [])
+ AC_SEARCH_LIBS(SSL_library_init, ssl,
+ [BALSA_LIBS="$BALSA_LIBS -lssl -lcrypto"],
+ [AC_MSG_ERROR([libssl not found])], [-lcrypto]) ]
+)
# KRB5/GSSAPI configuration.
#
@@ -1036,7 +997,6 @@ echo " Use GPGME: $gpgmecfg"
echo " Use LDAP: $with_ldap"
echo " Use GSS: $with_gss"
echo " Use SQLite: $with_sqlite"
-echo " Use SSL: $with_ssl"
echo " Use GtkSpell: $with_gtkspell"
echo " Use Libnotify: $with_libnotify"
echo " Use GtkSourceView: $with_gtksourceview"
diff --git a/libbalsa/imap-server.c b/libbalsa/imap-server.c
index 01d5b89..2f74567 100644
--- a/libbalsa/imap-server.c
+++ b/libbalsa/imap-server.c
@@ -47,11 +47,7 @@
#include "imap-commands.h"
#include <glib/gi18n.h>
-#ifdef USE_TLS
#define REQ_SSL(s) (LIBBALSA_SERVER(s)->use_ssl)
-#else
-#define REQ_SSL(s) (0)
-#endif
/** wait 60 seconds for packets */
#define IMAP_CMD_TIMEOUT (60*1000)
diff --git a/libbalsa/imap/Makefile.am b/libbalsa/imap/Makefile.am
index abf56bf..7e94e95 100644
--- a/libbalsa/imap/Makefile.am
+++ b/libbalsa/imap/Makefile.am
@@ -32,8 +32,6 @@ libimap_a_SOURCES = \
libimap-marshal.c \
libimap-marshal.h \
libimap.h \
- md5-utils.c \
- md5-utils.h \
pop3.c \
pop3.h \
siobuf.c \
diff --git a/libbalsa/imap/auth-cram.c b/libbalsa/imap/auth-cram.c
index e51d63c..41c0543 100644
--- a/libbalsa/imap/auth-cram.c
+++ b/libbalsa/imap/auth-cram.c
@@ -26,9 +26,9 @@
#include <stdlib.h>
#include <string.h>
#include <glib.h>
+#include <openssl/evp.h>
#include "imap-auth.h"
-#include "md5-utils.h"
#include "util.h"
#include "imap_private.h"
@@ -132,10 +132,9 @@ static void
hmac_md5 (const char* password, char* challenge,
unsigned char* response)
{
- MD5Context ctx;
+ EVP_MD_CTX ctx;
unsigned char ipad[MD5_BLOCK_LEN], opad[MD5_BLOCK_LEN];
unsigned char secret[MD5_BLOCK_LEN+1];
- unsigned char hash_passwd[MD5_DIGEST_LEN];
unsigned int secret_len, chal_len;
int i;
@@ -145,11 +144,9 @@ hmac_md5 (const char* password, char* challenge,
/* passwords longer than MD5_BLOCK_LEN bytes are substituted with their MD5
* digests */
if (secret_len > MD5_BLOCK_LEN) {
- md5_init (&ctx);
- md5_update (&ctx, (unsigned char*) password, secret_len);
- md5_final (&ctx, hash_passwd);
- strncpy ((char*) secret, (char*) hash_passwd, MD5_DIGEST_LEN);
- secret_len = MD5_DIGEST_LEN;
+ EVP_DigestInit(&ctx, EVP_md5());
+ EVP_DigestUpdate(&ctx, (const unsigned char*) password, secret_len);
+ EVP_DigestFinal(&ctx, secret, &secret_len);
}
else
strncpy ((char *) secret, password, sizeof (secret));
@@ -165,14 +162,14 @@ hmac_md5 (const char* password, char* challenge,
}
/* inner hash: challenge and ipadded secret */
- md5_init (&ctx);
- md5_update (&ctx, ipad, MD5_BLOCK_LEN);
- md5_update (&ctx, (unsigned char*) challenge, chal_len);
- md5_final (&ctx, response);
+ EVP_DigestInit(&ctx, EVP_md5());
+ EVP_DigestUpdate(&ctx, ipad, MD5_BLOCK_LEN);
+ EVP_DigestUpdate(&ctx, (unsigned char*) challenge, chal_len);
+ EVP_DigestFinal(&ctx, response, NULL);
/* outer hash: inner hash and opadded secret */
- md5_init (&ctx);
- md5_update (&ctx, opad, MD5_BLOCK_LEN);
- md5_update (&ctx, response, MD5_DIGEST_LEN);
- md5_final (&ctx, response);
+ EVP_DigestInit(&ctx, EVP_md5());
+ EVP_DigestUpdate(&ctx, opad, MD5_BLOCK_LEN);
+ EVP_DigestUpdate(&ctx, response, chal_len);
+ EVP_DigestFinal(&ctx, response, NULL);
}
diff --git a/libbalsa/imap/imap-handle.c b/libbalsa/imap/imap-handle.c
index a932381..b38c86c 100644
--- a/libbalsa/imap/imap-handle.c
+++ b/libbalsa/imap/imap-handle.c
@@ -42,10 +42,8 @@
#include <resolv.h>
#endif /* defined(HAVE_RES_INIT) */
-#if defined(USE_TLS)
#include <openssl/ssl.h>
#include <openssl/err.h>
-#endif
#include "libimap-marshal.h"
#include "imap-auth.h"
@@ -149,9 +147,7 @@ imap_mbox_handle_init(ImapMboxHandle *handle)
handle->msg_cache = NULL;
handle->flag_cache= g_array_new(FALSE, TRUE, sizeof(ImapFlagCache));
handle->doing_logout = FALSE;
-#ifdef USE_TLS
handle->using_tls = 0;
-#endif
handle->tls_mode = IMAP_TLS_ENABLED;
handle->idle_state = IDLE_INACTIVE;
handle->cmd_info = NULL;
@@ -592,15 +588,7 @@ imap_mbox_handle_connect(ImapMboxHandle* ret, const char *host, int over_ssl)
g_return_val_if_fail(imap_mbox_is_disconnected(ret), IMAP_CONNECT_FAILED);
HANDLE_LOCK(ret);
-#if !defined(USE_TLS)
- if(over_ssl) {
- imap_mbox_handle_set_msg(ret,"SSL requested but SSL support not compiled");
- HANDLE_UNLOCK(ret);
- return IMAP_UNSECURE;
- }
-#else
ret->over_ssl = over_ssl;
-#endif
g_free(ret->host); ret->host = g_strdup(host);
@@ -790,10 +778,8 @@ imap_mbox_connect(ImapMboxHandle* handle)
imap_compress_release(&handle->compress);
}
-#ifdef USE_TLS
handle->using_tls = 0;
if(handle->over_ssl) service = "imaps";
-#endif
handle->sd = imap_socket_open(handle->host, service);
if(handle->sd<0)
@@ -810,7 +796,6 @@ imap_mbox_connect(ImapMboxHandle* handle)
sio_set_timeout(handle->sio, handle->timeout);
sio_set_timeoutcb(handle->sio, imap_timeout_cb, handle);
}
-#ifdef USE_TLS
if(handle->over_ssl) {
SSL *ssl = imap_create_ssl();
if(!ssl) {
@@ -826,7 +811,6 @@ imap_mbox_connect(ImapMboxHandle* handle)
return IMAP_UNSECURE;
}
}
-#endif
if(handle->monitor_cb)
sio_set_monitorcb(handle->sio, handle->monitor_cb, handle->monitor_arg);
@@ -839,7 +823,6 @@ imap_mbox_connect(ImapMboxHandle* handle)
}
handle->can_fetch_body =
(strncmp(handle->last_msg, "Microsoft Exchange", 18) != 0);
-#if defined(USE_TLS)
if(handle->over_ssl)
resp = IMR_OK; /* secured already with SSL */
else if(handle->tls_mode != IMAP_TLS_DISABLED &&
@@ -851,9 +834,6 @@ imap_mbox_connect(ImapMboxHandle* handle)
resp = IMR_OK; /* secured with TLS */
} else
resp = IMR_NO; /* not over SSL and TLS unavailable */
-#else
- resp = IMR_NO;
-#endif
if(handle->tls_mode == IMAP_TLS_REQUIRED && resp != IMR_OK) {
imap_mbox_handle_set_msg(handle,"TLS required but not available");
return IMAP_UNSECURE;
@@ -2010,7 +1990,6 @@ imap_cmd_step(ImapMboxHandle* handle, unsigned lastcmd)
g_return_val_if_fail(handle, IMR_BAD);
g_return_val_if_fail(handle->state != IMHS_DISCONNECTED, IMR_BAD);
-#ifdef USE_TLS
if(ERR_peek_error()) {
fprintf(stderr, "OpenSSL error in %s():\n", __FUNCTION__);
ERR_print_errors_fp(stderr);
@@ -2018,7 +1997,6 @@ imap_cmd_step(ImapMboxHandle* handle, unsigned lastcmd)
imap_handle_disconnect(handle);
return IMR_SEVERED;
}
-#endif
ci = cmdi_find_by_no(handle->cmd_info, lastcmd);
if(ci && ci->completed) {
/* The response to this command has been encountered earlier,
diff --git a/libbalsa/imap/imap-tls.c b/libbalsa/imap/imap-tls.c
index 67ce894..ca994ae 100644
--- a/libbalsa/imap/imap-tls.c
+++ b/libbalsa/imap/imap-tls.c
@@ -44,8 +44,6 @@
#include "config.h"
-#ifdef USE_TLS
-
#include <string.h>
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
@@ -400,4 +398,3 @@ imap_handle_starttls(ImapMboxHandle *handle)
return IMR_NO;
}
}
-#endif /* USE_TLS */
diff --git a/libbalsa/imap/imap_private.h b/libbalsa/imap/imap_private.h
index 64adf7b..018845c 100644
--- a/libbalsa/imap/imap_private.h
+++ b/libbalsa/imap/imap_private.h
@@ -20,6 +20,7 @@
*/
#include <glib-object.h>
+#include <openssl/ssl.h>
#include "config.h"
@@ -152,12 +153,9 @@ struct _ImapMboxHandle {
gulong quota_used_k; /**< used quota in kByte */
gchar *quota_root;
- /* conditional stuff at the end for the safety. */
-#ifdef USE_TLS
unsigned over_ssl:1; /* transmission is to be made over SSL-protected
* connection, usually to imaps port. */
unsigned using_tls:1;
-#endif
};
#define IMAP_MBOX_IS_DISCONNECTED(h) ((h)->state == IMHS_DISCONNECTED)
@@ -215,12 +213,9 @@ ImapResponse imap_search_exec_unlocked(ImapMboxHandle *h, gboolean uid,
ImapResponse imap_assure_needed_flags(ImapMboxHandle *h,
ImapMsgFlag needed_flags);
-#ifdef USE_TLS
-#include <openssl/ssl.h>
SSL* imap_create_ssl(void);
int imap_setup_ssl(struct siobuf *sio, const char* host, SSL *ssl,
ImapUserCb user_cb, void *user_arg);
-#endif
void imap_handle_disconnect(ImapMboxHandle *h);
ImapConnectionState imap_mbox_handle_get_state(ImapMboxHandle *h);
diff --git a/libbalsa/imap/pop3.c b/libbalsa/imap/pop3.c
index ad9e3fc..404d9e8 100644
--- a/libbalsa/imap/pop3.c
+++ b/libbalsa/imap/pop3.c
@@ -29,15 +29,13 @@
#include <string.h>
#include <unistd.h>
-#if defined(USE_TLS)
#include <openssl/ssl.h>
+#include <openssl/evp.h>
#include <openssl/err.h>
-#endif
#include "pop3.h"
#include "siobuf.h"
#include "imap_private.h"
-#include "md5-utils.h"
#define ELEMENTS(x) (sizeof (x) / sizeof(x[0]))
@@ -194,7 +192,7 @@ pop_check_status(PopHandle *pop, GError **err)
"POP3 connection severed");
return FALSE;
}
-
+
if(strncmp(buf, "+OK", 3) == 0)
res = TRUE;
/*
@@ -311,16 +309,16 @@ get_apop_stamp(const char *greeting, char *stamp)
static void
compute_auth_hash(char *stamp, char *hash, const char *passwd)
{
- MD5Context mdContext;
+ EVP_MD_CTX ctx;
register unsigned char *dp;
register char *cp;
unsigned char *ep;
unsigned char digest[16];
- md5_init(&mdContext);
- md5_update(&mdContext, (unsigned char *)stamp, strlen(stamp));
- md5_update(&mdContext, (unsigned char *)passwd, strlen(passwd));
- md5_final(&mdContext, digest);
+ EVP_DigestInit(&ctx, EVP_md5());
+ EVP_DigestUpdate(&ctx, stamp, strlen(stamp));
+ EVP_DigestUpdate(&ctx, passwd, strlen(passwd));
+ EVP_DigestFinal(&ctx, digest, NULL);
cp = hash;
dp = digest;
@@ -431,7 +429,6 @@ pop_authenticate(PopHandle *pop, const char *greeting, GError **err)
===================================================================
*/
-#ifdef USE_TLS
static gboolean
pop_stls(PopHandle *pop, GError **err)
{
@@ -457,7 +454,6 @@ pop_stls(PopHandle *pop, GError **err)
return FALSE;
}
}
-#endif
static gboolean
parse_list_response(PopHandle *pop, char *line, ssize_t sz, GError **err)
@@ -504,9 +500,7 @@ pop_connect(PopHandle *pop, const char *host, GError **err)
const char *service = "pop3";
char line[POP_LINE_LEN];
-#ifdef USE_TLS
if(pop->over_ssl) service = "pop3s";
-#endif
g_free(pop->host);
pop->host = g_strdup(host);
@@ -527,7 +521,6 @@ pop_connect(PopHandle *pop, const char *host, GError **err)
}
if(pop->timeout>0)
sio_set_timeout(pop->sio, pop->timeout);
-#ifdef USE_TLS
if(pop->over_ssl) {
SSL *ssl = imap_create_ssl();
if(!ssl || !imap_setup_ssl(pop->sio, pop->host, ssl,
@@ -539,7 +532,6 @@ pop_connect(PopHandle *pop, const char *host, GError **err)
return IMAP_UNSECURE;
}
}
-#endif
if(pop->monitor_cb)
sio_set_monitorcb(pop->sio, pop->monitor_cb, pop->monitor_arg);
@@ -554,12 +546,10 @@ pop_connect(PopHandle *pop, const char *host, GError **err)
else return FALSE;
}
-#ifdef USE_TLS
if(pop->tls_mode != IMAP_TLS_DISABLED && pop_can_do(pop, POP_CAP_STLS)) {
if(!pop_stls(pop, err)) /* TLS negotiation attempted.. */
return FALSE; /* .. but failed. */
}
-#endif
if(pop->tls_mode == IMAP_TLS_REQUIRED &&
!(pop->tls_enabled || pop->over_ssl) ) {
sio_detach(pop->sio); pop->sio = NULL; close(pop->sd);
diff --git a/libbalsa/imap/siobuf.c b/libbalsa/imap/siobuf.c
index f5f9bd1..fa21c03 100644
--- a/libbalsa/imap/siobuf.c
+++ b/libbalsa/imap/siobuf.c
@@ -40,15 +40,11 @@
#include <unistd.h>
#include <glib.h>
-#ifdef USE_TLS
-# include <openssl/ssl.h>
-#endif
+#include <openssl/ssl.h>
#include "siobuf.h"
-#ifdef USE_TLS
static int sio_sslpoll (struct siobuf *sio, int ret);
-#endif
/* Socket I/O buffering */
struct siobuf
@@ -78,9 +74,7 @@ struct siobuf
void *secarg;
timeoutcb_t timeout_cb; /* timeout (retry/abort) action callback */
void *timeout_arg; /* argument of timeout callback */
-#ifdef USE_TLS
SSL *ssl; /* The SSL connection */
-#endif
void *user_data;
};
@@ -142,7 +136,6 @@ sio_detach (struct siobuf *sio)
destroyed anyway. */
sio->timeout_cb = NULL;
sio->timeout_arg = NULL;
-#ifdef USE_TLS
if (sio->ssl != NULL)
{
int ret;
@@ -155,7 +148,6 @@ sio_detach (struct siobuf *sio)
SSL_free (sio->ssl);
sio->ssl = NULL;
}
-#endif
free (sio->read_buffer);
free (sio->write_buffer);
free (sio);
@@ -186,7 +178,6 @@ sio_set_timeout (struct siobuf *sio, int milliseconds)
assert (sio != NULL);
sio->milliseconds = milliseconds;
-#ifdef USE_TLS
if (sio->ssl != NULL)
{
long ssl_timeout;
@@ -197,10 +188,8 @@ sio_set_timeout (struct siobuf *sio, int milliseconds)
ssl_timeout = ((long) milliseconds + 999L) / 1000L;
SSL_SESSION_set_timeout (SSL_get_session (sio->ssl), ssl_timeout);
}
-#endif
}
-#ifdef USE_TLS
int
sio_set_tlsclient_ssl (struct siobuf *sio, SSL *ssl)
{
@@ -248,7 +237,6 @@ sio_set_tlsserver_ssl (struct siobuf *sio, SSL *ssl)
}
return sio->ssl != NULL;
}
-#endif
void
sio_set_securitycb (struct siobuf *sio,
@@ -275,7 +263,6 @@ sio_poll (struct siobuf *sio, int want_read, int want_write, int fast)
if (want_read && sio->read_unread > 0)
return SIO_READ;
-#ifdef USE_TLS
/* SSL_read() returns data a record at a time, however it is possible
that more than one record was read from the socket. If this happens
poll() will not report data waiting to be read but SSL_read() will
@@ -283,7 +270,6 @@ sio_poll (struct siobuf *sio, int want_read, int want_write, int fast)
*/
if (want_read && sio->ssl != NULL && SSL_pending (sio->ssl))
return SIO_READ;
-#endif
npoll = 0;
if (want_read)
@@ -328,7 +314,6 @@ sio_poll (struct siobuf *sio, int want_read, int want_write, int fast)
return (rval > 0) ? rval : -1;
}
-#ifdef USE_TLS
static int
sio_sslpoll (struct siobuf *sio, int ret)
{
@@ -355,7 +340,6 @@ sio_sslpoll (struct siobuf *sio, int ret)
}
return sio_poll (sio, want_read, want_write, 0);
}
-#endif
void
sio_write (struct siobuf *sio, const void *bufp, int buflen)
@@ -401,7 +385,6 @@ raw_write (struct siobuf *sio, const char *buf, int len)
assert (sio != NULL && buf != NULL);
for (total = 0; total < len; total += n)
-#ifdef USE_TLS
if (sio->ssl != NULL)
{
/* SSL_write() writes a record a time. The outer loop calls
@@ -413,7 +396,6 @@ raw_write (struct siobuf *sio, const char *buf, int len)
return n;
}
else
-#endif
{
/* Its conceiveable that write() actually writes less than
requested. The outer loop calls this until all of the write
@@ -545,7 +527,6 @@ raw_read (struct siobuf *sio, char *buf, int len)
assert (sio != NULL && buf != NULL && len > 0);
-#ifdef USE_TLS
if (sio->ssl != NULL)
{
/* SSL_read() reads complete records from the network and returns
@@ -559,7 +540,6 @@ raw_read (struct siobuf *sio, char *buf, int len)
break;
}
else
-#endif
{
pollfd.fd = sio->sdr;
pollfd.events = POLLIN;
diff --git a/libbalsa/imap/siobuf.h b/libbalsa/imap/siobuf.h
index 656d251..f5f1386 100644
--- a/libbalsa/imap/siobuf.h
+++ b/libbalsa/imap/siobuf.h
@@ -22,6 +22,8 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+#include <openssl/ssl.h>
+
typedef struct siobuf *siobuf_t;
#define SIO_BUFSIZE 2048 /* arbitrary, not too short, not too long */
@@ -81,9 +83,6 @@ int sio_printf(struct siobuf *sio, const char *format, ...)
void *sio_set_userdata (struct siobuf *sio, void *user_data);
void *sio_get_userdata (struct siobuf *io);
-
-#ifdef USE_TLS
int sio_set_tlsclient_ssl (struct siobuf *sio, SSL *ssl);
int sio_set_tlsserver_ssl (struct siobuf *sio, SSL *ssl);
#endif
-#endif
diff --git a/libbalsa/libbalsa.c b/libbalsa/libbalsa.c
index 3f7cfb2..73d19d5 100644
--- a/libbalsa/libbalsa.c
+++ b/libbalsa/libbalsa.c
@@ -33,6 +33,9 @@
#include <sys/stat.h>
#include <stdarg.h>
#include <unistd.h>
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
#ifdef HAVE_NOTIFY
#include <libnotify/notify.h>
@@ -364,10 +367,6 @@ libbalsa_ask(gboolean (*cb)(void *arg), void *arg)
#endif /* BALSA_USE_THREADS */
-#if defined(USE_SSL)
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
static int libbalsa_ask_for_cert_acceptance(X509 *cert,
const char *explanation);
static char*
@@ -622,7 +621,6 @@ libbalsa_ask_for_cert_acceptance(X509 *cert, const char *explanation)
acd.explanation = explanation;
return libbalsa_ask(ask_cert_real, &acd);
}
-#endif /* WITH_SSL */
static int
diff --git a/libbalsa/libbalsa.h b/libbalsa/libbalsa.h
index 7f29b65..1de129b 100644
--- a/libbalsa/libbalsa.h
+++ b/libbalsa/libbalsa.h
@@ -42,6 +42,7 @@ typedef struct _LibBalsaSmtpServer LibBalsaSmtpServer;
typedef struct _LibbalsaVfs LibbalsaVfs;
+#include <openssl/ssl.h>
#include "message.h"
#include "body.h"
#include "files.h"
@@ -132,11 +133,8 @@ gchar *libbalsa_guess_imap_inbox(void);
gchar* libbalsa_date_to_utf8(const time_t *date, const gchar *date_string);
LibBalsaMessageStatus libbalsa_get_icon_from_flags(LibBalsaMessageFlag flags);
-#ifdef USE_TLS
-#include <openssl/ssl.h>
gboolean libbalsa_is_cert_known(X509* cert, long vfy_result);
void libbalsa_certs_destroy(void);
-#endif
gboolean libbalsa_abort_on_timeout(const char *host);
diff --git a/libbalsa/send.c b/libbalsa/send.c
index ec54c8b..2122035 100644
--- a/libbalsa/send.c
+++ b/libbalsa/send.c
@@ -1168,7 +1168,6 @@ libbalsa_smtp_event_cb (smtp_session_t session, int event_no, void *arg, ...)
NULL, NULL, 0);
break;
-#ifdef USE_TLS
/* SMTP_TLS related things. Observe that we need to have SSL
* enabled in balsa to properly interpret libesmtp
* messages. */
@@ -1198,7 +1197,6 @@ libbalsa_smtp_event_cb (smtp_session_t session, int event_no, void *arg, ...)
*ok = 1;
break;
}
-#endif /* USE_TLS */
}
va_end (ap);
}
diff --git a/libbalsa/server.c b/libbalsa/server.c
index 4e82e7d..3ea7e37 100644
--- a/libbalsa/server.c
+++ b/libbalsa/server.c
@@ -34,9 +34,7 @@
#include <gnome-keyring.h>
#endif /* defined(HAVE_LIBSECRET) */
-#ifdef USE_TLS
#include <openssl/err.h>
-#endif
#include "libbalsa.h"
#include "libbalsa_private.h"
@@ -510,7 +508,6 @@ libbalsa_server_user_cb(ImapUserEventType ue, void *arg, ...)
break;
}
case IME_TLS_VERIFY_ERROR: {
-#ifdef USE_TLS
long vfy_result;
SSL *ssl;
X509 *cert;
@@ -527,9 +524,6 @@ libbalsa_server_user_cb(ImapUserEventType ue, void *arg, ...)
*ok = libbalsa_is_cert_known(cert, vfy_result);
X509_free(cert);
}
-#else
- g_warning("TLS error with TLS disabled!?");
-#endif
break;
}
case IME_TLS_NO_PEER_CERT: {
diff --git a/src/mailbox-conf.c b/src/mailbox-conf.c
index 7a1c985..96481c2 100644
--- a/src/mailbox-conf.c
+++ b/src/mailbox-conf.c
@@ -212,14 +212,6 @@ balsa_server_conf_get_advanced_widget(BalsaServerConf *bsc, LibBalsaServer *s,
box = gtk_box_new(GTK_ORIENTATION_VERTICAL, 0);
-#if !defined(USE_SSL)
- gtk_box_pack_start(GTK_BOX(box),
- gtk_label_new
- (_("Balsa was built without SSL support.\n"
- "Neither SSL nor TLS can be used.")),
- FALSE, FALSE, 0);
-#endif /* !defined(USE_SSL) */
-
bsc->grid = GTK_GRID(libbalsa_create_grid());
gtk_container_set_border_width(GTK_CONTAINER(bsc->grid), 12);
gtk_box_pack_start(GTK_BOX(box), GTK_WIDGET(bsc->grid),
@@ -230,9 +222,6 @@ balsa_server_conf_get_advanced_widget(BalsaServerConf *bsc, LibBalsaServer *s,
bsc->use_ssl = balsa_server_conf_add_checkbox(bsc, _("Use _SSL"));
if(use_ssl)
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(bsc->use_ssl), TRUE);
-#if !defined(USE_SSL)
- gtk_widget_set_sensitive(bsc->use_ssl, FALSE);
-#endif /* !defined(USE_SSL) */
label =
libbalsa_create_grid_label(_("Use _TLS:"), GTK_WIDGET(bsc->grid), 1);
@@ -251,10 +240,6 @@ balsa_server_conf_get_advanced_widget(BalsaServerConf *bsc, LibBalsaServer *s,
gtk_widget_show_all(GTK_WIDGET(bsc->grid));
bsc->used_rows = 2;
gtk_widget_set_sensitive(bsc->tls_option, !use_ssl);
-#if !defined(USE_TLS)
- gtk_widget_set_sensitive(label, FALSE);
- gtk_widget_set_sensitive(bsc->tls_option, FALSE);
-#endif /* !defined(USE_TLS) */
return box;
}
pgppY1Zn5PoJ2.pgp
Description: PGP signature
_______________________________________________ balsa-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/balsa-list
