Mercurial > dovecot > core-2.2

changeset 13643:c9ef7a0f9b44

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
login: When renegotiating SSL handshake, don't reread settings when TLS SNI is used.
author Timo Sirainen <tss@iki.fi>
date Tue, 25 Oct 2011 21:44:38 +0300
parents 402cff03919a
children 1dd992f75906
files src/login-common/client-common.h src/login-common/ssl-proxy-openssl.c
diffstat 2 files changed, 8 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/login-common/client-common.h	Tue Oct 25 21:41:28 2011 +0300
+++ b/src/login-common/client-common.h	Tue Oct 25 21:44:38 2011 +0300
@@ -118,6 +118,7 @@
 	unsigned int tls:1;
 	unsigned int secured:1;
 	unsigned int trusted:1;
+	unsigned int ssl_servername_settings_read:1;
 	unsigned int authenticating:1;
 	unsigned int auth_tried_disabled_plaintext:1;
 	unsigned int auth_tried_unsupported_mech:1;
--- a/src/login-common/ssl-proxy-openssl.c	Tue Oct 25 21:41:28 2011 +0300
+++ b/src/login-common/ssl-proxy-openssl.c	Tue Oct 25 21:44:38 2011 +0300
@@ -1089,9 +1089,13 @@
 	host = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
 
 	client = proxy->client;
-	client->set = login_settings_read(client->pool,
-					  &client->local_ip, &client->ip, host,
-					  &other_sets);
+	if (!client->ssl_servername_settings_read) {
+		client->ssl_servername_settings_read = TRUE;
+		client->set = login_settings_read(client->pool,
+						  &client->local_ip,
+						  &client->ip, host,
+						  &other_sets);
+	}
 	ctx = ssl_server_context_get(client->set);
 	SSL_set_SSL_CTX(ssl, ctx->ctx);
 }