1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
/*++
/* NAME
/* tls_level 3
/* SUMMARY
/* TLS security level conversion
/* SYNOPSIS
/* #include <tls.h>
/*
/* int tls_level_lookup(name)
/* const char *name;
/*
/* const char *str_tls_level(level)
/* int level;
/* DESCRIPTION
/* The functions in this module convert TLS levels from symbolic
/* name to internal form and vice versa.
/*
/* tls_level_lookup() converts a TLS level from symbolic name
/* to internal form. When an unknown level is specified,
/* tls_level_lookup() logs no warning, and returns TLS_LEV_INVALID.
/*
/* str_tls_level() converts a TLS level from internal form to
/* symbolic name. The result is a null pointer for an unknown
/* level. The "halfdane" level is not a valid user-selected TLS level,
/* it is generated internally and is only valid output for the
/* str_tls_level() function.
/* SEE ALSO
/* name_code(3) name to number mapping
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*
/* Victor Duchovni
/* Morgan Stanley
/*--*/
/* System library. */
#include <sys_defs.h>
/* Utility library. */
#include <name_code.h>
/* TLS library. */
#include <tls.h>
/* Application-specific. */
/*
* Numerical order of levels is critical (see tls.h):
*
* - With "may" and higher, TLS is enabled.
*
* - With "encrypt" and higher, TLS is required.
*
* - With "fingerprint" and higher, the peer certificate must match.
*
* - With "dane" and higher, the peer certificate must also be trusted,
* possibly via TLSA RRs that make it its own authority.
*
* The smtp(8) client will report trust failure in preference to reporting
* failure to match, so we make "dane" larger than "fingerprint".
*/
static const NAME_CODE tls_level_table[] = {
"none", TLS_LEV_NONE,
"may", TLS_LEV_MAY,
"encrypt", TLS_LEV_ENCRYPT,
"fingerprint", TLS_LEV_FPRINT,
"halfdane", TLS_LEV_HALF_DANE, /* output only */
"dane", TLS_LEV_DANE,
"dane-only", TLS_LEV_DANE_ONLY,
"verify", TLS_LEV_VERIFY,
"secure", TLS_LEV_SECURE,
0, TLS_LEV_INVALID,
};
int tls_level_lookup(const char *name)
{
int level = name_code(tls_level_table, NAME_CODE_FLAG_NONE, name);
return ((level != TLS_LEV_HALF_DANE) ? level : TLS_LEV_INVALID);
}
const char *str_tls_level(int level)
{
return (str_name_code(tls_level_table, level));
}
|
