Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/login-common/ssl-proxy-openssl.c @ 1907:190f1d315ce6 HEAD
Added setting ssl_ca_file, patch by Zach Bagnall
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 19 Jan 2004 19:07:21 +0200 |
parents | 1e6ed8045f2b |
children | d8f06a0c818e |
rev | line source |
---|---|
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* Copyright (C) 2002 Timo Sirainen */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "common.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #include "ioloop.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "network.h" |
1231 | 6 #include "hash.h" |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "ssl-proxy.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #ifdef HAVE_OPENSSL |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include <openssl/crypto.h> |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include <openssl/x509.h> |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include <openssl/pem.h> |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include <openssl/ssl.h> |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include <openssl/err.h> |
1556
545f6b150e2c
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents:
1544
diff
changeset
|
16 #include <openssl/rand.h> |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
1544
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
18 #define SSL_CIPHER_LIST "ALL:!LOW" |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
19 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
20 enum ssl_io_action { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
21 SSL_ADD_INPUT, |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
22 SSL_REMOVE_INPUT, |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
23 SSL_ADD_OUTPUT, |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
24 SSL_REMOVE_OUTPUT |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 }; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 struct ssl_proxy { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 int refcount; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 SSL *ssl; |
1235 | 31 struct ip_addr ip; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 int fd_ssl, fd_plain; |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
34 struct io *io_ssl_read, *io_ssl_write, *io_plain_read, *io_plain_write; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 unsigned char plainout_buf[1024]; |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
37 unsigned int plainout_size; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 unsigned char sslout_buf[1024]; |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
40 unsigned int sslout_size; |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
41 |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
42 unsigned int handshaked:1; |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
43 unsigned int destroyed:1; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 }; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 static SSL_CTX *ssl_ctx; |
1230
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
47 static struct hash_table *ssl_proxies; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
49 static void plain_read(void *context); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
50 static void plain_write(void *context); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
51 static void ssl_write(struct ssl_proxy *proxy); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
52 static void ssl_step(void *context); |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
53 static void ssl_proxy_destroy(struct ssl_proxy *proxy); |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
54 static int ssl_proxy_unref(struct ssl_proxy *proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
56 static void ssl_set_io(struct ssl_proxy *proxy, enum ssl_io_action action) |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
57 { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
58 switch (action) { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
59 case SSL_ADD_INPUT: |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
60 if (proxy->io_ssl_read != NULL) |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
61 break; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
62 proxy->io_ssl_read = io_add(proxy->fd_ssl, IO_READ, |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
63 ssl_step, proxy); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
64 break; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
65 case SSL_REMOVE_INPUT: |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
66 if (proxy->io_ssl_read != NULL) { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
67 io_remove(proxy->io_ssl_read); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
68 proxy->io_ssl_read = NULL; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
69 } |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
70 break; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
71 case SSL_ADD_OUTPUT: |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
72 if (proxy->io_ssl_write != NULL) |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
73 break; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
74 proxy->io_ssl_write = io_add(proxy->fd_ssl, IO_WRITE, |
1457 | 75 ssl_step, proxy); |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
76 break; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
77 case SSL_REMOVE_OUTPUT: |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
78 if (proxy->io_ssl_write != NULL) { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
79 io_remove(proxy->io_ssl_write); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
80 proxy->io_ssl_write = NULL; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
81 } |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
82 break; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
83 } |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
84 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 static void plain_block_input(struct ssl_proxy *proxy, int block) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 if (block) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 if (proxy->io_plain_read != NULL) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 io_remove(proxy->io_plain_read); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 proxy->io_plain_read = NULL; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 } else { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 if (proxy->io_plain_read == NULL) { |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
95 proxy->io_plain_read = io_add(proxy->fd_plain, IO_READ, |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
96 plain_read, proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
101 static void plain_read(void *context) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 { |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
103 struct ssl_proxy *proxy = context; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
104 ssize_t ret; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
105 |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
106 if (proxy->sslout_size == sizeof(proxy->sslout_buf)) { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
107 /* buffer full, block input until it's written */ |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
108 plain_block_input(proxy, TRUE); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
109 return; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
110 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 |
1490 | 112 proxy->refcount++; |
113 | |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
114 while (proxy->sslout_size < sizeof(proxy->sslout_buf) && |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
115 !proxy->destroyed) { |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
116 ret = net_receive(proxy->fd_plain, |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
117 proxy->sslout_buf + proxy->sslout_size, |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
118 sizeof(proxy->sslout_buf) - |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
119 proxy->sslout_size); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
120 if (ret <= 0) { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
121 if (ret < 0) |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
122 ssl_proxy_destroy(proxy); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
123 break; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
124 } else { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
125 proxy->sslout_size += ret; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
126 ssl_write(proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 } |
1490 | 129 |
130 ssl_proxy_unref(proxy); | |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
133 static void plain_write(void *context) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 { |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
135 struct ssl_proxy *proxy = context; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 ssize_t ret; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 |
1490 | 138 proxy->refcount++; |
139 | |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
140 ret = net_transmit(proxy->fd_plain, proxy->plainout_buf, |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
141 proxy->plainout_size); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
142 if (ret < 0) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
143 ssl_proxy_destroy(proxy); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
144 else { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
145 proxy->plainout_size -= ret; |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
146 memmove(proxy->plainout_buf, proxy->plainout_buf + ret, |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
147 proxy->plainout_size); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 if (proxy->plainout_size > 0) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 if (proxy->io_plain_write == NULL) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 proxy->io_plain_write = |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 io_add(proxy->fd_plain, IO_WRITE, |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
153 plain_write, proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 } else { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
156 if (proxy->io_plain_write != NULL) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
157 io_remove(proxy->io_plain_write); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 proxy->io_plain_write = NULL; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 } |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
161 |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
162 ssl_set_io(proxy, SSL_ADD_INPUT); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 |
1490 | 165 ssl_proxy_unref(proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 static const char *ssl_last_error(void) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
170 unsigned long err; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
171 char *buf; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
172 size_t err_size = 256; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
174 err = ERR_get_error(); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
175 if (err == 0) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 return strerror(errno); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
177 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
178 buf = t_malloc(err_size); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
179 buf[err_size-1] = '\0'; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
180 ERR_error_string_n(err, buf, err_size-1); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 return buf; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 |
1235 | 184 static void ssl_handle_error(struct ssl_proxy *proxy, int ret, const char *func) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
185 { |
1235 | 186 const char *errstr; |
187 int err; | |
188 | |
189 err = SSL_get_error(proxy->ssl, ret); | |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
190 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 switch (err) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 case SSL_ERROR_WANT_READ: |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
193 ssl_set_io(proxy, SSL_ADD_INPUT); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 case SSL_ERROR_WANT_WRITE: |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
196 ssl_set_io(proxy, SSL_ADD_OUTPUT); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 case SSL_ERROR_SYSCALL: |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 /* eat up the error queue */ |
1235 | 200 if (verbose_ssl) { |
201 if (ERR_peek_error() != 0) | |
202 errstr = ssl_last_error(); | |
203 else { | |
204 if (ret == 0) | |
205 errstr = "EOF"; | |
206 else | |
207 errstr = strerror(errno); | |
208 } | |
209 | |
210 i_warning("%s syscall failed: %s [%s]", | |
1485
8c28289a15a1
s/host/addr/ in a few network functions
Timo Sirainen <tss@iki.fi>
parents:
1458
diff
changeset
|
211 func, errstr, net_ip2addr(&proxy->ip)); |
1235 | 212 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 ssl_proxy_destroy(proxy); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
214 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
215 case SSL_ERROR_ZERO_RETURN: |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
216 /* clean connection closing */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
217 ssl_proxy_destroy(proxy); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
218 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
219 case SSL_ERROR_SSL: |
1235 | 220 if (verbose_ssl) { |
221 i_warning("%s failed: %s [%s]", func, ssl_last_error(), | |
1485
8c28289a15a1
s/host/addr/ in a few network functions
Timo Sirainen <tss@iki.fi>
parents:
1458
diff
changeset
|
222 net_ip2addr(&proxy->ip)); |
1235 | 223 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 ssl_proxy_destroy(proxy); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 default: |
1235 | 227 i_warning("%s failed: unknown failure %d (%s) [%s]", |
1485
8c28289a15a1
s/host/addr/ in a few network functions
Timo Sirainen <tss@iki.fi>
parents:
1458
diff
changeset
|
228 func, err, ssl_last_error(), net_ip2addr(&proxy->ip)); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 ssl_proxy_destroy(proxy); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
234 static void ssl_handshake(struct ssl_proxy *proxy) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 int ret; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 ret = SSL_accept(proxy->ssl); |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
239 if (ret != 1) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 ssl_handle_error(proxy, ret, "SSL_accept()"); |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
241 else { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
242 proxy->handshaked = TRUE; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
243 |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
244 ssl_set_io(proxy, SSL_ADD_INPUT); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 plain_block_input(proxy, FALSE); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
246 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
247 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
248 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
249 static void ssl_read(struct ssl_proxy *proxy) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
250 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 int ret; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
252 |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
253 while (proxy->plainout_size < sizeof(proxy->plainout_buf) && |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
254 !proxy->destroyed) { |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
255 ret = SSL_read(proxy->ssl, |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
256 proxy->plainout_buf + proxy->plainout_size, |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
257 sizeof(proxy->plainout_buf) - |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
258 proxy->plainout_size); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
259 if (ret <= 0) { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
260 ssl_handle_error(proxy, ret, "SSL_read()"); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
261 break; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
262 } else { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
263 proxy->plainout_size += ret; |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
264 plain_write(proxy); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
265 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
266 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
269 static void ssl_write(struct ssl_proxy *proxy) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
270 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
271 int ret; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
272 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
273 ret = SSL_write(proxy->ssl, proxy->sslout_buf, proxy->sslout_size); |
1215 | 274 if (ret <= 0) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
275 ssl_handle_error(proxy, ret, "SSL_write()"); |
1215 | 276 else { |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
277 proxy->sslout_size -= ret; |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
278 memmove(proxy->sslout_buf, proxy->sslout_buf + ret, |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
279 proxy->sslout_size); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
280 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
281 ssl_set_io(proxy, proxy->sslout_size > 0 ? |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
282 SSL_ADD_OUTPUT : SSL_REMOVE_OUTPUT); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
283 plain_block_input(proxy, FALSE); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
284 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
285 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
286 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
287 static void ssl_step(void *context) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
288 { |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
289 struct ssl_proxy *proxy = context; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
290 |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
291 proxy->refcount++; |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
292 |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
293 if (!proxy->handshaked) |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
294 ssl_handshake(proxy); |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
295 |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
296 if (proxy->handshaked) { |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
297 if (proxy->plainout_size == sizeof(proxy->plainout_buf)) |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
298 ssl_set_io(proxy, SSL_REMOVE_INPUT); |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
299 else |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
300 ssl_read(proxy); |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
301 |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
302 if (proxy->sslout_size == 0) |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
303 ssl_set_io(proxy, SSL_REMOVE_OUTPUT); |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
304 else |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
305 ssl_write(proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
306 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
307 |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
308 ssl_proxy_unref(proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
309 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
310 |
1235 | 311 int ssl_proxy_new(int fd, struct ip_addr *ip) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
312 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
313 struct ssl_proxy *proxy; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
314 SSL *ssl; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
315 int sfd[2]; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
316 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
317 if (!ssl_initialized) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
318 return -1; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
319 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
320 ssl = SSL_new(ssl_ctx); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
321 if (ssl == NULL) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
322 i_error("SSL_new() failed: %s", ssl_last_error()); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
323 return -1; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
324 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
325 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
326 if (SSL_set_fd(ssl, fd) != 1) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
327 i_error("SSL_set_fd() failed: %s", ssl_last_error()); |
1457 | 328 SSL_free(ssl); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
329 return -1; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
330 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
331 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
332 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sfd) == -1) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
333 i_error("socketpair() failed: %m"); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
334 SSL_free(ssl); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
335 return -1; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
336 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
337 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
338 net_set_nonblock(sfd[0], TRUE); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
339 net_set_nonblock(sfd[1], TRUE); |
1268
0d9f0e617a1a
net_* functions don't anymore set sockets to non-blocking by default.
Timo Sirainen <tss@iki.fi>
parents:
1235
diff
changeset
|
340 net_set_nonblock(fd, TRUE); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
341 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
342 proxy = i_new(struct ssl_proxy, 1); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
343 proxy->refcount = 1; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
344 proxy->ssl = ssl; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
345 proxy->fd_ssl = fd; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
346 proxy->fd_plain = sfd[0]; |
1235 | 347 proxy->ip = *ip; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
348 |
1544
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
349 hash_insert(ssl_proxies, proxy, proxy); |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
350 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
351 proxy->refcount++; |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
352 ssl_handshake(proxy); |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
353 if (!ssl_proxy_unref(proxy)) { |
1117
71c438e6a40f
STARTTLS handshake failure fixes.
Timo Sirainen <tss@iki.fi>
parents:
1049
diff
changeset
|
354 /* handshake failed. return the disconnected socket anyway |
71c438e6a40f
STARTTLS handshake failure fixes.
Timo Sirainen <tss@iki.fi>
parents:
1049
diff
changeset
|
355 so the caller doesn't try to use the old closed fd */ |
71c438e6a40f
STARTTLS handshake failure fixes.
Timo Sirainen <tss@iki.fi>
parents:
1049
diff
changeset
|
356 return sfd[1]; |
71c438e6a40f
STARTTLS handshake failure fixes.
Timo Sirainen <tss@iki.fi>
parents:
1049
diff
changeset
|
357 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
358 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
359 main_ref(); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
360 return sfd[1]; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
361 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
362 |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
363 static int ssl_proxy_unref(struct ssl_proxy *proxy) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
364 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
365 if (--proxy->refcount > 0) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
366 return TRUE; |
1490 | 367 i_assert(proxy->refcount == 0); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
368 |
1230
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
369 hash_remove(ssl_proxies, proxy); |
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
370 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
371 (void)net_disconnect(proxy->fd_ssl); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
372 (void)net_disconnect(proxy->fd_plain); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
373 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
374 if (proxy->io_ssl_read != NULL) |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
375 io_remove(proxy->io_ssl_read); |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
376 if (proxy->io_ssl_write != NULL) |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
377 io_remove(proxy->io_ssl_write); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
378 if (proxy->io_plain_read != NULL) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
379 io_remove(proxy->io_plain_read); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
380 if (proxy->io_plain_write != NULL) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
381 io_remove(proxy->io_plain_write); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
382 |
1457 | 383 SSL_free(proxy->ssl); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
384 i_free(proxy); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
385 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
386 main_unref(); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
387 return FALSE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
388 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
389 |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
390 static void ssl_proxy_destroy(struct ssl_proxy *proxy) |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
391 { |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
392 if (!proxy->destroyed) { |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
393 proxy->destroyed = TRUE; |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
394 ssl_proxy_unref(proxy); |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
395 } |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
396 } |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
397 |
1492
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
398 static RSA *ssl_gen_rsa_key(SSL *ssl __attr_unused__, |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
399 int is_export __attr_unused__, int keylength) |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
400 { |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
401 return RSA_generate_key(keylength, RSA_F4, NULL, NULL); |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
402 } |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
403 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
404 void ssl_proxy_init(void) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
405 { |
1907
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
406 const char *cafile, *certfile, *keyfile, *paramfile; |
1556
545f6b150e2c
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents:
1544
diff
changeset
|
407 char buf; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
408 |
1907
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
409 cafile = getenv("SSL_CA_FILE"); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
410 certfile = getenv("SSL_CERT_FILE"); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
411 keyfile = getenv("SSL_KEY_FILE"); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
412 paramfile = getenv("SSL_PARAM_FILE"); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
413 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
414 if (certfile == NULL || keyfile == NULL || paramfile == NULL) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
415 /* SSL support is disabled */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
416 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
417 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
418 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
419 SSL_library_init(); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
420 SSL_load_error_strings(); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
421 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
422 if ((ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
423 i_fatal("SSL_CTX_new() failed"); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
424 |
1544
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
425 SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
426 |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
427 if (SSL_CTX_set_cipher_list(ssl_ctx, SSL_CIPHER_LIST) != 1) { |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
428 i_fatal("Can't set cipher list to '%s': %s", |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
429 SSL_CIPHER_LIST, ssl_last_error()); |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
430 } |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
431 |
1907
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
432 if (cafile != NULL) { |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
433 if (SSL_CTX_load_verify_locations(ssl_ctx, cafile, NULL) != 1) { |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
434 i_fatal("Can't load CA file %s: %s", |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
435 cafile, ssl_last_error()); |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
436 } |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
437 } |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
438 |
1544
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
439 if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) { |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
440 i_fatal("Can't load certificate file %s: %s", |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
441 certfile, ssl_last_error()); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
442 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
443 |
1544
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
444 if (SSL_CTX_use_RSAPrivateKey_file(ssl_ctx, keyfile, |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
445 SSL_FILETYPE_PEM) != 1) { |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
446 i_fatal("Can't load private key file %s: %s", |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
447 keyfile, ssl_last_error()); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
448 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
449 |
1492
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
450 if (SSL_CTX_need_tmp_RSA(ssl_ctx)) |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
451 SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
452 |
1556
545f6b150e2c
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents:
1544
diff
changeset
|
453 /* PRNG initialization might want to use /dev/urandom, make sure it |
545f6b150e2c
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents:
1544
diff
changeset
|
454 does it before chrooting. */ |
545f6b150e2c
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents:
1544
diff
changeset
|
455 if (RAND_bytes(&buf, 1) != 1) |
545f6b150e2c
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents:
1544
diff
changeset
|
456 i_fatal("RAND_bytes() failed: %s\n", ssl_last_error()); |
545f6b150e2c
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents:
1544
diff
changeset
|
457 |
1230
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
458 ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
459 ssl_initialized = TRUE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
460 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
461 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
462 void ssl_proxy_deinit(void) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
463 { |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
464 struct hash_iterate_context *iter; |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
465 void *key, *value; |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
466 |
1230
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
467 if (!ssl_initialized) |
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
468 return; |
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
469 |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
470 iter = hash_iterate_init(ssl_proxies); |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
471 while (hash_iterate(iter, &key, &value)) |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
472 ssl_proxy_destroy(value); |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
473 hash_iterate_deinit(iter); |
1230
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
474 hash_destroy(ssl_proxies); |
1232
f7da7d46e3f2
destroy proxies before destroying ssl context
Timo Sirainen <tss@iki.fi>
parents:
1231
diff
changeset
|
475 |
f7da7d46e3f2
destroy proxies before destroying ssl context
Timo Sirainen <tss@iki.fi>
parents:
1231
diff
changeset
|
476 SSL_CTX_free(ssl_ctx); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
477 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
478 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
479 #endif |