Mercurial > dovecot > core-2.2

changeset 16244:c7555e6d13fd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
lib-ssl-iostream: Added ssl_iostream_has_handshake_failed()
author Timo Sirainen <tss@iki.fi>
date Mon, 08 Apr 2013 13:02:27 +0300
parents be767af05259
children ac0e59dfe081
files src/lib-ssl-iostream/iostream-openssl.c src/lib-ssl-iostream/iostream-openssl.h src/lib-ssl-iostream/iostream-ssl-private.h src/lib-ssl-iostream/iostream-ssl.c src/lib-ssl-iostream/iostream-ssl.h
diffstat 5 files changed, 21 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/lib-ssl-iostream/iostream-openssl.c	Mon Apr 08 02:06:29 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl.c	Mon Apr 08 13:02:27 2013 +0300
@@ -117,8 +117,10 @@
 	}
 	if (!preverify_ok) {
 		ssl_io->cert_broken = TRUE;
-		if (ssl_io->require_valid_cert)
+		if (ssl_io->require_valid_cert) {
+			ssl_io->handshake_failed = TRUE;
 			return 0;
+		}
 	}
 	return 1;
 }
@@ -550,6 +552,7 @@
 			i_stream_close(ssl_io->plain_input);
 			o_stream_close(ssl_io->plain_output);
 			openssl_iostream_set_error(ssl_io, error);
+			ssl_io->handshake_failed = TRUE;
 			errno = EINVAL;
 			return -1;
 		}
@@ -584,6 +587,12 @@
 }
 
 static bool
+openssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io)
+{
+	return ssl_io->handshake_failed;
+}
+
+static bool
 openssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io)
 {
 	return ssl_io->cert_received && !ssl_io->cert_broken;
@@ -685,6 +694,7 @@
 
 	openssl_iostream_set_log_prefix,
 	openssl_iostream_is_handshaked,
+	openssl_iostream_has_handshake_failed,
 	openssl_iostream_has_valid_client_cert,
 	openssl_iostream_has_broken_client_cert,
 	openssl_iostream_cert_match_name,
--- a/src/lib-ssl-iostream/iostream-openssl.h	Mon Apr 08 02:06:29 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl.h	Mon Apr 08 13:02:27 2013 +0300
@@ -41,6 +41,7 @@
 	void *handshake_context;
 
 	unsigned int handshaked:1;
+	unsigned int handshake_failed:1;
 	unsigned int cert_received:1;
 	unsigned int cert_broken:1;
 	unsigned int want_read:1;
--- a/src/lib-ssl-iostream/iostream-ssl-private.h	Mon Apr 08 02:06:29 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-ssl-private.h	Mon Apr 08 13:02:27 2013 +0300
@@ -30,6 +30,7 @@
 
 	void (*set_log_prefix)(struct ssl_iostream *ssl_io, const char *prefix);
 	bool (*is_handshaked)(const struct ssl_iostream *ssl_io);
+	bool (*has_handshake_failed)(const struct ssl_iostream *ssl_io);
 	bool (*has_valid_client_cert)(const struct ssl_iostream *ssl_io);
 	bool (*has_broken_client_cert)(struct ssl_iostream *ssl_io);
 	int (*cert_match_name)(struct ssl_iostream *ssl_io, const char *name);
--- a/src/lib-ssl-iostream/iostream-ssl.c	Mon Apr 08 02:06:29 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-ssl.c	Mon Apr 08 13:02:27 2013 +0300
@@ -151,6 +151,11 @@
 	return ssl_vfuncs->is_handshaked(ssl_io);
 }
 
+bool ssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io)
+{
+	return ssl_vfuncs->has_handshake_failed(ssl_io);
+}
+
 bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io)
 {
 	return ssl_vfuncs->has_valid_client_cert(ssl_io);
--- a/src/lib-ssl-iostream/iostream-ssl.h	Mon Apr 08 02:06:29 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-ssl.h	Mon Apr 08 13:02:27 2013 +0300
@@ -49,6 +49,9 @@
 					 void *context);
 
 bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io);
+/* Returns TRUE if the remote cert is invalid, or handshake callback returned
+   failure. */
+bool ssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io);
 bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io);
 bool ssl_iostream_has_broken_client_cert(struct ssl_iostream *ssl_io);
 int ssl_iostream_check_cert_validity(struct ssl_iostream *ssl_io,