Mercurial > dovecot > core-2.2
changeset 13772:ca49f570f0c1
login: Added ssl_crypto_device setting to set OpenSSL engine.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 24 Nov 2011 01:45:59 +0200 |
parents | cc497af529cd |
children | 9a474b7934c9 |
files | src/login-common/login-settings.c src/login-common/login-settings.h src/login-common/ssl-proxy-openssl.c |
diffstat | 3 files changed, 22 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/login-settings.c Thu Nov 24 01:45:09 2011 +0200 +++ b/src/login-common/login-settings.c Thu Nov 24 01:45:59 2011 +0200 @@ -35,6 +35,7 @@ DEF(SET_STR, ssl_cert_username_field), DEF(SET_STR, ssl_client_cert), DEF(SET_STR, ssl_client_key), + DEF(SET_STR, ssl_crypto_device), DEF(SET_BOOL, ssl_verify_client_cert), DEF(SET_BOOL, auth_ssl_require_client_cert), DEF(SET_BOOL, auth_ssl_username_from_cert), @@ -67,6 +68,7 @@ .ssl_cert_username_field = "commonName", .ssl_client_cert = "", .ssl_client_key = "", + .ssl_crypto_device = "", .ssl_verify_client_cert = FALSE, .auth_ssl_require_client_cert = FALSE, .auth_ssl_username_from_cert = FALSE,
--- a/src/login-common/login-settings.h Thu Nov 24 01:45:09 2011 +0200 +++ b/src/login-common/login-settings.h Thu Nov 24 01:45:59 2011 +0200 @@ -17,6 +17,7 @@ const char *ssl_cert_username_field; const char *ssl_client_cert; const char *ssl_client_key; + const char *ssl_crypto_device; bool ssl_verify_client_cert; bool auth_ssl_require_client_cert; bool auth_ssl_username_from_cert;
--- a/src/login-common/ssl-proxy-openssl.c Thu Nov 24 01:45:09 2011 +0200 +++ b/src/login-common/ssl-proxy-openssl.c Thu Nov 24 01:45:59 2011 +0200 @@ -21,6 +21,7 @@ #include "iostream-openssl.h" #include <openssl/crypto.h> +#include <openssl/engine.h> #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/ssl.h> @@ -99,6 +100,7 @@ static struct ssl_proxy *ssl_proxies; static struct ssl_parameters ssl_params; static int ssl_username_nid; +static ENGINE *ssl_engine; static void plain_read(struct ssl_proxy *proxy); static void ssl_read(struct ssl_proxy *proxy); @@ -1274,6 +1276,19 @@ SSL_load_error_strings(); OpenSSL_add_all_algorithms(); + if (*set->ssl_crypto_device != '\0') { + ENGINE_load_builtin_engines(); + ssl_engine = ENGINE_by_id(set->ssl_crypto_device); + if (ssl_engine == NULL) { + i_fatal("Unknown ssl_crypto_device: %s", + set->ssl_crypto_device); + } + ENGINE_init(ssl_engine); + ENGINE_set_default_RSA(ssl_engine); + ENGINE_set_default_DSA(ssl_engine); + ENGINE_set_default_ciphers(ssl_engine); + } + extdata_index = SSL_get_ex_new_index(0, dovecot, NULL, NULL, NULL); ssl_servers = hash_table_create(default_pool, default_pool, 0, @@ -1324,6 +1339,10 @@ ssl_free_parameters(&ssl_params); SSL_CTX_free(ssl_client_ctx); + if (ssl_engine != NULL) { + ENGINE_cleanup(); + ENGINE_finish(ssl_engine); + } EVP_cleanup(); ERR_free_strings(); }