Mercurial > dovecot > core-2.2
changeset 13643:c9ef7a0f9b44
login: When renegotiating SSL handshake, don't reread settings when TLS SNI is used.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 25 Oct 2011 21:44:38 +0300 |
parents | 402cff03919a |
children | 1dd992f75906 |
files | src/login-common/client-common.h src/login-common/ssl-proxy-openssl.c |
diffstat | 2 files changed, 8 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/client-common.h Tue Oct 25 21:41:28 2011 +0300 +++ b/src/login-common/client-common.h Tue Oct 25 21:44:38 2011 +0300 @@ -118,6 +118,7 @@ unsigned int tls:1; unsigned int secured:1; unsigned int trusted:1; + unsigned int ssl_servername_settings_read:1; unsigned int authenticating:1; unsigned int auth_tried_disabled_plaintext:1; unsigned int auth_tried_unsupported_mech:1;
--- a/src/login-common/ssl-proxy-openssl.c Tue Oct 25 21:41:28 2011 +0300 +++ b/src/login-common/ssl-proxy-openssl.c Tue Oct 25 21:44:38 2011 +0300 @@ -1089,9 +1089,13 @@ host = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); client = proxy->client; - client->set = login_settings_read(client->pool, - &client->local_ip, &client->ip, host, - &other_sets); + if (!client->ssl_servername_settings_read) { + client->ssl_servername_settings_read = TRUE; + client->set = login_settings_read(client->pool, + &client->local_ip, + &client->ip, host, + &other_sets); + } ctx = ssl_server_context_get(client->set); SSL_set_SSL_CTX(ssl, ctx->ctx); }