Mercurial > dovecot > core-2.2
changeset 12683:fd9c01323475
login: ssl_require_client_cert and ssl_username_from_cert settings should have had auth_ prefix.
The actual functionality was provided by the auth_* settings, but with these
duplicated settings login process didn't give as good error messages.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Tue, 04 Jan 2011 13:53:17 +0200 |
| parents | 8e84c40b7a67 |
| children | 89f4e4cdbeac |
| files | src/login-common/client-common.c src/login-common/login-settings.c src/login-common/login-settings.h |
| diffstat | 3 files changed, 11 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/client-common.c Tue Jan 04 13:22:20 2011 +0200 +++ b/src/login-common/client-common.c Tue Jan 04 13:53:17 2011 +0200 @@ -497,7 +497,8 @@ const char *client_get_extra_disconnect_reason(struct client *client) { - if (client->set->ssl_require_client_cert && client->ssl_proxy != NULL) { + if (client->set->auth_ssl_require_client_cert && + client->ssl_proxy != NULL) { if (ssl_proxy_has_broken_client_cert(client->ssl_proxy)) return "(client sent an invalid cert)"; if (!ssl_proxy_has_valid_client_cert(client->ssl_proxy)) @@ -510,7 +511,7 @@ /* some auth attempts without SSL/TLS */ if (client->auth_tried_disabled_plaintext) return "(tried to use disabled plaintext auth)"; - if (client->set->ssl_require_client_cert) + if (client->set->auth_ssl_require_client_cert) return "(cert required, client didn't start TLS)"; if (client->auth_tried_unsupported_mech) return "(tried to use unsupported auth mechanism)";
--- a/src/login-common/login-settings.c Tue Jan 04 13:22:20 2011 +0200 +++ b/src/login-common/login-settings.c Tue Jan 04 13:53:17 2011 +0200 @@ -34,8 +34,8 @@ DEF(SET_STR, ssl_cipher_list), DEF(SET_STR, ssl_cert_username_field), DEF(SET_BOOL, ssl_verify_client_cert), - DEF(SET_BOOL, ssl_require_client_cert), - DEF(SET_BOOL, ssl_username_from_cert), + DEF(SET_BOOL, auth_ssl_require_client_cert), + DEF(SET_BOOL, auth_ssl_username_from_cert), DEF(SET_BOOL, verbose_ssl), DEF(SET_BOOL, disable_plaintext_auth), @@ -64,8 +64,8 @@ .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL", .ssl_cert_username_field = "commonName", .ssl_verify_client_cert = FALSE, - .ssl_require_client_cert = FALSE, - .ssl_username_from_cert = FALSE, + .auth_ssl_require_client_cert = FALSE, + .auth_ssl_username_from_cert = FALSE, .verbose_ssl = FALSE, .disable_plaintext_auth = TRUE, @@ -131,7 +131,8 @@ set->log_format_elements_split = p_strsplit(pool, set->login_log_format_elements, " "); - if (set->ssl_require_client_cert || set->ssl_username_from_cert) { + if (set->auth_ssl_require_client_cert || + set->auth_ssl_username_from_cert) { /* if we require valid cert, make sure we also ask for it */ set->ssl_verify_client_cert = TRUE; }
--- a/src/login-common/login-settings.h Tue Jan 04 13:22:20 2011 +0200 +++ b/src/login-common/login-settings.h Tue Jan 04 13:53:17 2011 +0200 @@ -16,8 +16,8 @@ const char *ssl_cipher_list; const char *ssl_cert_username_field; bool ssl_verify_client_cert; - bool ssl_require_client_cert; - bool ssl_username_from_cert; + bool auth_ssl_require_client_cert; + bool auth_ssl_username_from_cert; bool verbose_ssl; bool disable_plaintext_auth;