secret/postfix_src/tls__level_8c_source.html

 /*++

 /* NAME

 /*  tls_level 3

 /* SUMMARY

 /*  TLS security level conversion

 /* SYNOPSIS

 /*  #include <tls.h>

 /*

 /*  int tls_level_lookup(name)

 /*  const char *name;

 /*

 /*  const char *str_tls_level(level)

 /*  int level;

 /* DESCRIPTION

 /*  The functions in this module convert TLS levels from symbolic

 /*  name to internal form and vice versa.

 /*

 /*  tls_level_lookup() converts a TLS level from symbolic name

 /*  to internal form. When an unknown level is specified,

 /*  tls_level_lookup() logs no warning, and returns TLS_LEV_INVALID.

 /*

 /*  str_tls_level() converts a TLS level from internal form to

 /*  symbolic name. The result is a null pointer for an unknown

 /*  level.  The "halfdane" level is not a valid user-selected TLS level,

 /*  it is generated internally and is only valid output for the

 /*  str_tls_level() function.

 /* SEE ALSO

 /*  name_code(3) name to number mapping

 /* LICENSE

 /* .ad

 /* .fi

 /*  The Secure Mailer license must be distributed with this software.

 /* AUTHOR(S)

 /*  Wietse Venema

 /*  IBM T.J. Watson Research

 /*  P.O. Box 704

 /*  Yorktown Heights, NY 10598, USA

 /*

 /*  Victor Duchovni

 /*  Morgan Stanley

 /*--*/


 /* System library. */


 #include <sys_defs.h>


 /* Utility library. */


 #include <name_code.h>


 /* TLS library. */


 #include <tls.h>


 /* Application-specific. */


  /*

   * Numerical order of levels is critical (see tls.h):

   *

   * - With "may" and higher, TLS is enabled.

   *

   * - With "encrypt" and higher, TLS is required.

   *

   * - With "fingerprint" and higher, the peer certificate must match.

   *

   * - With "dane" and higher, the peer certificate must also be trusted,

   * possibly via TLSA RRs that make it its own authority.

   *

   * The smtp(8) client will report trust failure in preference to reporting

   * failure to match, so we make "dane" larger than "fingerprint".

   */

 static const NAME_CODE tls_level_table[] = {

     "none", TLS_LEV_NONE,

     "may", TLS_LEV_MAY,

     "encrypt", TLS_LEV_ENCRYPT,

     "fingerprint", TLS_LEV_FPRINT,

     "halfdane", TLS_LEV_HALF_DANE,  /* output only */

     "dane", TLS_LEV_DANE,

     "dane-only", TLS_LEV_DANE_ONLY,

     "verify", TLS_LEV_VERIFY,

     "secure", TLS_LEV_SECURE,

     0, TLS_LEV_INVALID,

 };


 int     tls_level_lookup(const char *name)

 {

     int     level = name_code(tls_level_table, NAME_CODE_FLAG_NONE, name);


     return ((level != TLS_LEV_HALF_DANE) ? level : TLS_LEV_INVALID);

 }


 const char *str_tls_level(int level)

 {

     return (str_name_code(tls_level_table, level));

 }

tls.h

TLS_LEV_DANE_ONLY
#define TLS_LEV_DANE_ONLY
Definition: tls.h:49

TLS_LEV_HALF_DANE
#define TLS_LEV_HALF_DANE
Definition: tls.h:47

TLS_LEV_VERIFY
#define TLS_LEV_VERIFY
Definition: tls.h:50

str_tls_level
const char * str_tls_level(int level)
Definition: tls_level.c:92

TLS_LEV_NONE
#define TLS_LEV_NONE
Definition: tls.h:43

TLS_LEV_DANE
#define TLS_LEV_DANE
Definition: tls.h:48

TLS_LEV_SECURE
#define TLS_LEV_SECURE
Definition: tls.h:51

str_name_code
const char * str_name_code(const NAME_CODE *table, int code)
Definition: name_code.c:83

NAME_CODE_FLAG_NONE
#define NAME_CODE_FLAG_NONE
Definition: name_code.h:22

TLS_LEV_ENCRYPT
#define TLS_LEV_ENCRYPT
Definition: tls.h:45

name_code
int name_code(const NAME_CODE *table, int flags, const char *name)
Definition: name_code.c:65

sys_defs.h

TLS_LEV_FPRINT
#define TLS_LEV_FPRINT
Definition: tls.h:46

tls_level_lookup
int tls_level_lookup(const char *name)
Definition: tls_level.c:85

name_code.h

TLS_LEV_MAY
#define TLS_LEV_MAY
Definition: tls.h:44

NAME_CODE
Definition: name_code.h:17

TLS_LEV_INVALID
#define TLS_LEV_INVALID
Definition: tls.h:41