When STARTTLS is used, we re-use the connection and put a
new socket "on top" of the old one and reuse the file
descriptor of the previous socket.
This lead to two issues: First, now both sockets tried to close
the underlying file descriptor: Once from the non-starttls connection,
once by the starttls connection. This wasnt so harmful, as closing would
fail with EBADF. Fix this by using the flag `closeOnFree` for such
fd assignments, in this way the ownership is clearer.
The second issue is more severe: when passing the fd to the TLS socket,
the TLS socket could already have an fd assigned, but that would never
be freed. To fix the fd leak simply call `close` on the old fd
when `setFileDescriptor` is called.
Fixes: #5175
Given the query parameter `tlsVerifyMode` one can specify the TLS
validation mode for IMAP, SMTP, and sieve protocols when the TLS
wrapper is enabled.
Possible options are:
* tlsVerifyMode=allowInsecureLocalhost: This will disable peer verification
if the remote host is on the local machine (localhost and similar)
* tlsVerifyMode=none: Disable all TLS checks. This should be used for
debugging only
Refs #5078
Add a new initializer for NGActiveSSLSocket, `initWithConnectedActiveSocket`
with the purpose to be initialized on top of a connected socket. Moving
the function of grabbing the socket fd and options from outside into the
SSL socket implementation itself.
Also by passing the socket, we dont have to pass the host name explicitly
anymore, as we can get it from the socket itself.
The verifyMode selector can enable the full TLS checks (default), disable
them for localhost addresses, or disable peer verification completely.
Refs #5078
The function isLocalhost will return true if the given address is on the
same machine. For this it checks for "localhost[6]" domain names or if
the IP is in 127.0.0.1/8.
Add the hostName getter to return the hostname, for LocalSocketAddress it will
always return YES.
In certain scenarios it may be helpful to disable peer verification,
even though it undermines the concept in TLS.
The default is to verify the peer, but it can be disabled if validation
is disabled before the handshake is performed.
haraldwolff
Francis Lachapelle
Ludovic Marcotte
Nicolas Höft