Adding upstream version 3.4.23.upstream/3.4.23upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 95 insertions, 0 deletions

diff --git a/src/tls/tls_level.c b/src/tls/tls_level.c
new file mode 100644
index 0000000..eec15fd
--- /dev/null
+++ b/src/tls/tls_level.c
@@ -0,0 +1,95 @@
+/*++
+/* NAME
+/*	tls_level 3
+/* SUMMARY
+/*	TLS security level conversion
+/* SYNOPSIS
+/*	#include <tls.h>
+/*
+/*	int	tls_level_lookup(name)
+/*	const char *name;
+/*
+/*	const char *str_tls_level(level)
+/*	int	level;
+/* DESCRIPTION
+/*	The functions in this module convert TLS levels from symbolic
+/*	name to internal form and vice versa.
+/*
+/*	tls_level_lookup() converts a TLS level from symbolic name
+/*	to internal form. When an unknown level is specified,
+/*	tls_level_lookup() logs no warning, and returns TLS_LEV_INVALID.
+/*
+/*	str_tls_level() converts a TLS level from internal form to
+/*	symbolic name. The result is a null pointer for an unknown
+/*	level.  The "halfdane" level is not a valid user-selected TLS level,
+/*	it is generated internally and is only valid output for the
+/*	str_tls_level() function.
+/* SEE ALSO
+/*	name_code(3) name to number mapping
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*
+/*	Victor Duchovni
+/*	Morgan Stanley
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+
+/* Utility library. */
+
+#include <name_code.h>
+
+/* TLS library. */
+
+#include <tls.h>
+
+/* Application-specific. */
+
+ /*
+  * Numerical order of levels is critical (see tls.h):
+  * 
+  * - With "may" and higher, TLS is enabled.
+  * 
+  * - With "encrypt" and higher, TLS is required.
+  * 
+  * - With "fingerprint" and higher, the peer certificate must match.
+  * 
+  * - With "dane" and higher, the peer certificate must also be trusted,
+  * possibly via TLSA RRs that make it its own authority.
+  * 
+  * The smtp(8) client will report trust failure in preference to reporting
+  * failure to match, so we make "dane" larger than "fingerprint".
+  */
+static const NAME_CODE tls_level_table[] = {
+    "none", TLS_LEV_NONE,
+    "may", TLS_LEV_MAY,
+    "encrypt", TLS_LEV_ENCRYPT,
+    "fingerprint", TLS_LEV_FPRINT,
+    "halfdane", TLS_LEV_HALF_DANE,	/* output only */
+    "dane", TLS_LEV_DANE,
+    "dane-only", TLS_LEV_DANE_ONLY,
+    "verify", TLS_LEV_VERIFY,
+    "secure", TLS_LEV_SECURE,
+    0, TLS_LEV_INVALID,
+};
+
+int     tls_level_lookup(const char *name)
+{
+    int     level = name_code(tls_level_table, NAME_CODE_FLAG_NONE, name);
+
+    return ((level != TLS_LEV_HALF_DANE) ? level : TLS_LEV_INVALID);
+}
+
+const char *str_tls_level(int level)
+{
+    return (str_name_code(tls_level_table, level));
+}