Mercurial > dovecot > core-2.2
annotate src/login-common/ssl-proxy.h @ 14516:36cde186aec6
*-login: If client certificate isn't valid, log the reason why.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 25 Apr 2012 21:28:16 +0300 |
parents | 339b1337aab0 |
children | 983c6ff12cc9 |
rev | line source |
---|---|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
4570
diff
changeset
|
1 #ifndef SSL_PROXY_H |
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
4570
diff
changeset
|
2 #define SSL_PROXY_H |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 |
1235 | 4 struct ip_addr; |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
1235
diff
changeset
|
5 struct ssl_proxy; |
9283
02721ba17309
login processes: Added initial support for per-connection configuration.
Timo Sirainen <tss@iki.fi>
parents:
9165
diff
changeset
|
6 struct login_settings; |
9929
d60fa42fbaac
*-login: Fixes to SSL/login proxy connection counting.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
7 struct client; |
1235 | 8 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
9 extern bool ssl_initialized; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 |
9165
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
11 typedef int ssl_handshake_callback_t(void *context); |
96678e83eab6
imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
12 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 /* establish SSL connection with the given fd, returns a new fd which you |
3520 | 14 must use from now on, or -1 if error occurred. Unless -1 is returned, |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 the given fd must be simply forgotten. */ |
14368 | 16 int ssl_proxy_alloc(int fd, const struct ip_addr *ip, pool_t set_pool, |
10224
3f1c47797dee
ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
17 const struct login_settings *set, |
3f1c47797dee
ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
18 struct ssl_proxy **proxy_r); |
14368 | 19 int ssl_proxy_client_alloc(int fd, struct ip_addr *ip, pool_t set_pool, |
10224
3f1c47797dee
ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
20 const struct login_settings *set, |
3f1c47797dee
ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
21 ssl_handshake_callback_t *callback, void *context, |
3f1c47797dee
ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
22 struct ssl_proxy **proxy_r); |
3f1c47797dee
ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents:
9929
diff
changeset
|
23 void ssl_proxy_start(struct ssl_proxy *proxy); |
9929
d60fa42fbaac
*-login: Fixes to SSL/login proxy connection counting.
Timo Sirainen <tss@iki.fi>
parents:
9756
diff
changeset
|
24 void ssl_proxy_set_client(struct ssl_proxy *proxy, struct client *client); |
7912
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
7374
diff
changeset
|
25 bool ssl_proxy_has_valid_client_cert(const struct ssl_proxy *proxy) ATTR_PURE; |
8302
0db37acdc59f
Login process: Log auth failure reasons better in disconnect message.
Timo Sirainen <tss@iki.fi>
parents:
8122
diff
changeset
|
26 bool ssl_proxy_has_broken_client_cert(struct ssl_proxy *proxy); |
13675
7e3afd2252fd
login proxy: Verify that remote hostname matches SSL cert, unless ssl=any-cert
Timo Sirainen <tss@iki.fi>
parents:
10695
diff
changeset
|
27 int ssl_proxy_cert_match_name(struct ssl_proxy *proxy, const char *verify_name); |
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
28 const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy); |
7912
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
7374
diff
changeset
|
29 bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE; |
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
7374
diff
changeset
|
30 const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE; |
8122
3917bf9cf311
login_log_format_elements: Added %k to show SSL protocol/cipher information.
Timo Sirainen <tss@iki.fi>
parents:
7912
diff
changeset
|
31 const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy); |
10695
fd5141e85076
imap: Remember if TLS compression is enabled.
Timo Sirainen <tss@iki.fi>
parents:
10224
diff
changeset
|
32 const char *ssl_proxy_get_compression(struct ssl_proxy *proxy); |
14516
36cde186aec6
*-login: If client certificate isn't valid, log the reason why.
Timo Sirainen <tss@iki.fi>
parents:
14393
diff
changeset
|
33 const char *ssl_proxy_get_cert_error(struct ssl_proxy *proxy); |
9756
e30495ae11de
*-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents:
9283
diff
changeset
|
34 void ssl_proxy_free(struct ssl_proxy **proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 |
4538
9d9e72374164
Fixes to login process handling, especially with
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
36 /* Return number of active SSL proxies */ |
7912
81806d402514
Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents:
7374
diff
changeset
|
37 unsigned int ssl_proxy_get_count(void) ATTR_PURE; |
4538
9d9e72374164
Fixes to login process handling, especially with
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
38 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 void ssl_proxy_init(void); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 void ssl_proxy_deinit(void); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 #endif |