Mercurial > dovecot > core-2.2
changeset 16245:ac0e59dfe081
lib-http: If remote SSL cert is invalid, treat it as non-retryable error.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 08 Apr 2013 13:03:12 +0300 |
parents | c7555e6d13fd |
children | dd0d5981ad42 |
files | src/lib-http/http-client-connection.c |
diffstat | 1 files changed, 31 insertions(+), 23 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-http/http-client-connection.c Mon Apr 08 13:02:27 2013 +0300 +++ b/src/lib-http/http-client-connection.c Mon Apr 08 13:03:12 2013 +0300 @@ -97,29 +97,6 @@ } static void -http_client_connection_abort_temp_error(struct http_client_connection **_conn, - unsigned int status, const char *error) -{ - struct http_client_connection *conn = *_conn; - const char *sslerr; - - if (status == HTTP_CLIENT_REQUEST_ERROR_CONNECTION_LOST && - conn->ssl_iostream != NULL) { - sslerr = ssl_iostream_get_last_error(conn->ssl_iostream); - if (sslerr != NULL) { - error = t_strdup_printf("%s (last SSL error: %s)", - error, sslerr); - } - } - - conn->connected = FALSE; - conn->closing = TRUE; - - http_client_connection_retry_requests(conn, status, error); - http_client_connection_unref(_conn); -} - -static void http_client_connection_abort_error(struct http_client_connection **_conn, unsigned int status, const char *error) { @@ -138,6 +115,37 @@ } static void +http_client_connection_abort_temp_error(struct http_client_connection **_conn, + unsigned int status, const char *error) +{ + struct http_client_connection *conn = *_conn; + const char *sslerr; + + if (status == HTTP_CLIENT_REQUEST_ERROR_CONNECTION_LOST && + conn->ssl_iostream != NULL) { + sslerr = ssl_iostream_get_last_error(conn->ssl_iostream); + if (sslerr != NULL) { + error = t_strdup_printf("%s (last SSL error: %s)", + error, sslerr); + } + if (ssl_iostream_has_handshake_failed(conn->ssl_iostream)) { + /* this isn't really a "connection lost", but that we + don't trust the remote's SSL certificate. don't + retry. */ + http_client_connection_abort_error(_conn, + HTTP_CLIENT_REQUEST_ERROR_BAD_RESPONSE, error); + return; + } + } + + conn->connected = FALSE; + conn->closing = TRUE; + + http_client_connection_retry_requests(conn, status, error); + http_client_connection_unref(_conn); +} + +static void http_client_connection_idle_timeout(struct http_client_connection *conn) { http_client_connection_debug(conn, "Idle connection timed out");