Mercurial > dovecot > core-2.2
changeset 16244:c7555e6d13fd
lib-ssl-iostream: Added ssl_iostream_has_handshake_failed()
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 08 Apr 2013 13:02:27 +0300 |
parents | be767af05259 |
children | ac0e59dfe081 |
files | src/lib-ssl-iostream/iostream-openssl.c src/lib-ssl-iostream/iostream-openssl.h src/lib-ssl-iostream/iostream-ssl-private.h src/lib-ssl-iostream/iostream-ssl.c src/lib-ssl-iostream/iostream-ssl.h |
diffstat | 5 files changed, 21 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-ssl-iostream/iostream-openssl.c Mon Apr 08 02:06:29 2013 +0300 +++ b/src/lib-ssl-iostream/iostream-openssl.c Mon Apr 08 13:02:27 2013 +0300 @@ -117,8 +117,10 @@ } if (!preverify_ok) { ssl_io->cert_broken = TRUE; - if (ssl_io->require_valid_cert) + if (ssl_io->require_valid_cert) { + ssl_io->handshake_failed = TRUE; return 0; + } } return 1; } @@ -550,6 +552,7 @@ i_stream_close(ssl_io->plain_input); o_stream_close(ssl_io->plain_output); openssl_iostream_set_error(ssl_io, error); + ssl_io->handshake_failed = TRUE; errno = EINVAL; return -1; } @@ -584,6 +587,12 @@ } static bool +openssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io) +{ + return ssl_io->handshake_failed; +} + +static bool openssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io) { return ssl_io->cert_received && !ssl_io->cert_broken; @@ -685,6 +694,7 @@ openssl_iostream_set_log_prefix, openssl_iostream_is_handshaked, + openssl_iostream_has_handshake_failed, openssl_iostream_has_valid_client_cert, openssl_iostream_has_broken_client_cert, openssl_iostream_cert_match_name,
--- a/src/lib-ssl-iostream/iostream-openssl.h Mon Apr 08 02:06:29 2013 +0300 +++ b/src/lib-ssl-iostream/iostream-openssl.h Mon Apr 08 13:02:27 2013 +0300 @@ -41,6 +41,7 @@ void *handshake_context; unsigned int handshaked:1; + unsigned int handshake_failed:1; unsigned int cert_received:1; unsigned int cert_broken:1; unsigned int want_read:1;
--- a/src/lib-ssl-iostream/iostream-ssl-private.h Mon Apr 08 02:06:29 2013 +0300 +++ b/src/lib-ssl-iostream/iostream-ssl-private.h Mon Apr 08 13:02:27 2013 +0300 @@ -30,6 +30,7 @@ void (*set_log_prefix)(struct ssl_iostream *ssl_io, const char *prefix); bool (*is_handshaked)(const struct ssl_iostream *ssl_io); + bool (*has_handshake_failed)(const struct ssl_iostream *ssl_io); bool (*has_valid_client_cert)(const struct ssl_iostream *ssl_io); bool (*has_broken_client_cert)(struct ssl_iostream *ssl_io); int (*cert_match_name)(struct ssl_iostream *ssl_io, const char *name);
--- a/src/lib-ssl-iostream/iostream-ssl.c Mon Apr 08 02:06:29 2013 +0300 +++ b/src/lib-ssl-iostream/iostream-ssl.c Mon Apr 08 13:02:27 2013 +0300 @@ -151,6 +151,11 @@ return ssl_vfuncs->is_handshaked(ssl_io); } +bool ssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io) +{ + return ssl_vfuncs->has_handshake_failed(ssl_io); +} + bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io) { return ssl_vfuncs->has_valid_client_cert(ssl_io);
--- a/src/lib-ssl-iostream/iostream-ssl.h Mon Apr 08 02:06:29 2013 +0300 +++ b/src/lib-ssl-iostream/iostream-ssl.h Mon Apr 08 13:02:27 2013 +0300 @@ -49,6 +49,9 @@ void *context); bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io); +/* Returns TRUE if the remote cert is invalid, or handshake callback returned + failure. */ +bool ssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io); bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io); bool ssl_iostream_has_broken_client_cert(struct ssl_iostream *ssl_io); int ssl_iostream_check_cert_validity(struct ssl_iostream *ssl_io,