Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/login-common/ssl-proxy-openssl.c @ 1907:190f1d315ce6 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added setting ssl_ca_file, patch by Zach Bagnall
author Timo Sirainen <tss@iki.fi>
date Mon, 19 Jan 2004 19:07:21 +0200
parents 1e6ed8045f2b
children d8f06a0c818e
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
1 /* Copyright (C) 2002 Timo Sirainen */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 #include "common.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
4 #include "ioloop.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 #include "network.h"
1231
6352baabd8a1 and compiler warning fixes..
Timo Sirainen <tss@iki.fi>
parents: 1230
diff changeset
6 #include "hash.h"
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7 #include "ssl-proxy.h"
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
8
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9 #ifdef HAVE_OPENSSL
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
11 #include <openssl/crypto.h>
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
12 #include <openssl/x509.h>
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
13 #include <openssl/pem.h>
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14 #include <openssl/ssl.h>
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15 #include <openssl/err.h>
1556
545f6b150e2c Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents: 1544
diff changeset
16 #include <openssl/rand.h>
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17
1544
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
18 #define SSL_CIPHER_LIST "ALL:!LOW"
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
19
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
20 enum ssl_io_action {
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
21 SSL_ADD_INPUT,
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
22 SSL_REMOVE_INPUT,
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
23 SSL_ADD_OUTPUT,
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
24 SSL_REMOVE_OUTPUT
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
25 };
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
26
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
27 struct ssl_proxy {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
28 int refcount;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
29
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
30 SSL *ssl;
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
31 struct ip_addr ip;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
32
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
33 int fd_ssl, fd_plain;
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
34 struct io *io_ssl_read, *io_ssl_write, *io_plain_read, *io_plain_write;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
35
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
36 unsigned char plainout_buf[1024];
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
37 unsigned int plainout_size;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
38
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39 unsigned char sslout_buf[1024];
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
40 unsigned int sslout_size;
1458
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
41
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
42 unsigned int handshaked:1;
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
43 unsigned int destroyed:1;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
44 };
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
45
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
46 static SSL_CTX *ssl_ctx;
1230
e6d2b8c78519 Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents: 1215
diff changeset
47 static struct hash_table *ssl_proxies;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
48
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
49 static void plain_read(void *context);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
50 static void plain_write(void *context);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
51 static void ssl_write(struct ssl_proxy *proxy);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
52 static void ssl_step(void *context);
1458
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
53 static void ssl_proxy_destroy(struct ssl_proxy *proxy);
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
54 static int ssl_proxy_unref(struct ssl_proxy *proxy);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
55
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
56 static void ssl_set_io(struct ssl_proxy *proxy, enum ssl_io_action action)
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
57 {
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
58 switch (action) {
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
59 case SSL_ADD_INPUT:
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
60 if (proxy->io_ssl_read != NULL)
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
61 break;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
62 proxy->io_ssl_read = io_add(proxy->fd_ssl, IO_READ,
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
63 ssl_step, proxy);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
64 break;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
65 case SSL_REMOVE_INPUT:
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
66 if (proxy->io_ssl_read != NULL) {
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
67 io_remove(proxy->io_ssl_read);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
68 proxy->io_ssl_read = NULL;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
69 }
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
70 break;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
71 case SSL_ADD_OUTPUT:
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
72 if (proxy->io_ssl_write != NULL)
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
73 break;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
74 proxy->io_ssl_write = io_add(proxy->fd_ssl, IO_WRITE,
1457
7dd0e88ed7ef cleanups
Timo Sirainen <tss@iki.fi>
parents: 1324
diff changeset
75 ssl_step, proxy);
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
76 break;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
77 case SSL_REMOVE_OUTPUT:
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
78 if (proxy->io_ssl_write != NULL) {
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
79 io_remove(proxy->io_ssl_write);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
80 proxy->io_ssl_write = NULL;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
81 }
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
82 break;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
83 }
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
84 }
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
85
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
86 static void plain_block_input(struct ssl_proxy *proxy, int block)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
87 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
88 if (block) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
89 if (proxy->io_plain_read != NULL) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
90 io_remove(proxy->io_plain_read);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
91 proxy->io_plain_read = NULL;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
92 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
93 } else {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
94 if (proxy->io_plain_read == NULL) {
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
95 proxy->io_plain_read = io_add(proxy->fd_plain, IO_READ,
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
96 plain_read, proxy);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
97 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
98 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
99 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
100
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
101 static void plain_read(void *context)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
102 {
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
103 struct ssl_proxy *proxy = context;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
104 ssize_t ret;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
105
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
106 if (proxy->sslout_size == sizeof(proxy->sslout_buf)) {
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
107 /* buffer full, block input until it's written */
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
108 plain_block_input(proxy, TRUE);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
109 return;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
110 }
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
111
1490
Timo Sirainen <tss@iki.fi>
parents: 1485
diff changeset
112 proxy->refcount++;
Timo Sirainen <tss@iki.fi>
parents: 1485
diff changeset
113
1458
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
114 while (proxy->sslout_size < sizeof(proxy->sslout_buf) &&
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
115 !proxy->destroyed) {
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
116 ret = net_receive(proxy->fd_plain,
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
117 proxy->sslout_buf + proxy->sslout_size,
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
118 sizeof(proxy->sslout_buf) -
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
119 proxy->sslout_size);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
120 if (ret <= 0) {
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
121 if (ret < 0)
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
122 ssl_proxy_destroy(proxy);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
123 break;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
124 } else {
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
125 proxy->sslout_size += ret;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
126 ssl_write(proxy);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
127 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
128 }
1490
Timo Sirainen <tss@iki.fi>
parents: 1485
diff changeset
129
Timo Sirainen <tss@iki.fi>
parents: 1485
diff changeset
130 ssl_proxy_unref(proxy);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
131 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
132
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
133 static void plain_write(void *context)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
134 {
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
135 struct ssl_proxy *proxy = context;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
136 ssize_t ret;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
137
1490
Timo Sirainen <tss@iki.fi>
parents: 1485
diff changeset
138 proxy->refcount++;
Timo Sirainen <tss@iki.fi>
parents: 1485
diff changeset
139
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
140 ret = net_transmit(proxy->fd_plain, proxy->plainout_buf,
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
141 proxy->plainout_size);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
142 if (ret < 0)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
143 ssl_proxy_destroy(proxy);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
144 else {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
145 proxy->plainout_size -= ret;
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
146 memmove(proxy->plainout_buf, proxy->plainout_buf + ret,
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
147 proxy->plainout_size);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
148
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
149 if (proxy->plainout_size > 0) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
150 if (proxy->io_plain_write == NULL) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
151 proxy->io_plain_write =
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
152 io_add(proxy->fd_plain, IO_WRITE,
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
153 plain_write, proxy);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
154 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
155 } else {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
156 if (proxy->io_plain_write != NULL) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
157 io_remove(proxy->io_plain_write);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
158 proxy->io_plain_write = NULL;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
159 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
160 }
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
161
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
162 ssl_set_io(proxy, SSL_ADD_INPUT);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
163 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
164
1490
Timo Sirainen <tss@iki.fi>
parents: 1485
diff changeset
165 ssl_proxy_unref(proxy);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
166 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
167
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
168 static const char *ssl_last_error(void)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
169 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
170 unsigned long err;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
171 char *buf;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
172 size_t err_size = 256;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
173
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
174 err = ERR_get_error();
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
175 if (err == 0)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
176 return strerror(errno);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
177
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
178 buf = t_malloc(err_size);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
179 buf[err_size-1] = '\0';
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
180 ERR_error_string_n(err, buf, err_size-1);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
181 return buf;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
182 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
183
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
184 static void ssl_handle_error(struct ssl_proxy *proxy, int ret, const char *func)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
185 {
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
186 const char *errstr;
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
187 int err;
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
188
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
189 err = SSL_get_error(proxy->ssl, ret);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
190
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
191 switch (err) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
192 case SSL_ERROR_WANT_READ:
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
193 ssl_set_io(proxy, SSL_ADD_INPUT);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
194 break;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
195 case SSL_ERROR_WANT_WRITE:
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
196 ssl_set_io(proxy, SSL_ADD_OUTPUT);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
197 break;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
198 case SSL_ERROR_SYSCALL:
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
199 /* eat up the error queue */
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
200 if (verbose_ssl) {
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
201 if (ERR_peek_error() != 0)
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
202 errstr = ssl_last_error();
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
203 else {
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
204 if (ret == 0)
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
205 errstr = "EOF";
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
206 else
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
207 errstr = strerror(errno);
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
208 }
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
209
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
210 i_warning("%s syscall failed: %s [%s]",
1485
8c28289a15a1 s/host/addr/ in a few network functions
Timo Sirainen <tss@iki.fi>
parents: 1458
diff changeset
211 func, errstr, net_ip2addr(&proxy->ip));
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
212 }
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
213 ssl_proxy_destroy(proxy);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
214 break;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
215 case SSL_ERROR_ZERO_RETURN:
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
216 /* clean connection closing */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
217 ssl_proxy_destroy(proxy);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
218 break;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
219 case SSL_ERROR_SSL:
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
220 if (verbose_ssl) {
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
221 i_warning("%s failed: %s [%s]", func, ssl_last_error(),
1485
8c28289a15a1 s/host/addr/ in a few network functions
Timo Sirainen <tss@iki.fi>
parents: 1458
diff changeset
222 net_ip2addr(&proxy->ip));
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
223 }
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
224 ssl_proxy_destroy(proxy);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
225 break;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
226 default:
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
227 i_warning("%s failed: unknown failure %d (%s) [%s]",
1485
8c28289a15a1 s/host/addr/ in a few network functions
Timo Sirainen <tss@iki.fi>
parents: 1458
diff changeset
228 func, err, ssl_last_error(), net_ip2addr(&proxy->ip));
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
229 ssl_proxy_destroy(proxy);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
230 break;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
231 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
232 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
233
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
234 static void ssl_handshake(struct ssl_proxy *proxy)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
235 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
236 int ret;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
237
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
238 ret = SSL_accept(proxy->ssl);
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
239 if (ret != 1)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
240 ssl_handle_error(proxy, ret, "SSL_accept()");
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
241 else {
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
242 proxy->handshaked = TRUE;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
243
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
244 ssl_set_io(proxy, SSL_ADD_INPUT);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
245 plain_block_input(proxy, FALSE);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
246 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
247 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
248
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
249 static void ssl_read(struct ssl_proxy *proxy)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
250 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
251 int ret;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
252
1458
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
253 while (proxy->plainout_size < sizeof(proxy->plainout_buf) &&
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
254 !proxy->destroyed) {
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
255 ret = SSL_read(proxy->ssl,
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
256 proxy->plainout_buf + proxy->plainout_size,
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
257 sizeof(proxy->plainout_buf) -
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
258 proxy->plainout_size);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
259 if (ret <= 0) {
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
260 ssl_handle_error(proxy, ret, "SSL_read()");
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
261 break;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
262 } else {
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
263 proxy->plainout_size += ret;
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
264 plain_write(proxy);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
265 }
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
266 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
267 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
268
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
269 static void ssl_write(struct ssl_proxy *proxy)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
270 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
271 int ret;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
272
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
273 ret = SSL_write(proxy->ssl, proxy->sslout_buf, proxy->sslout_size);
1215
69bd0ea4c718 error handling fixes
Timo Sirainen <tss@iki.fi>
parents: 1117
diff changeset
274 if (ret <= 0)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
275 ssl_handle_error(proxy, ret, "SSL_write()");
1215
69bd0ea4c718 error handling fixes
Timo Sirainen <tss@iki.fi>
parents: 1117
diff changeset
276 else {
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
277 proxy->sslout_size -= ret;
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
278 memmove(proxy->sslout_buf, proxy->sslout_buf + ret,
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
279 proxy->sslout_size);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
280
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
281 ssl_set_io(proxy, proxy->sslout_size > 0 ?
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
282 SSL_ADD_OUTPUT : SSL_REMOVE_OUTPUT);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
283 plain_block_input(proxy, FALSE);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
284 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
285 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
286
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
287 static void ssl_step(void *context)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
288 {
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
289 struct ssl_proxy *proxy = context;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
290
1458
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
291 proxy->refcount++;
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
292
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
293 if (!proxy->handshaked)
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
294 ssl_handshake(proxy);
1458
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
295
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
296 if (proxy->handshaked) {
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
297 if (proxy->plainout_size == sizeof(proxy->plainout_buf))
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
298 ssl_set_io(proxy, SSL_REMOVE_INPUT);
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
299 else
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
300 ssl_read(proxy);
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
301
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
302 if (proxy->sslout_size == 0)
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
303 ssl_set_io(proxy, SSL_REMOVE_OUTPUT);
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
304 else
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
305 ssl_write(proxy);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
306 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
307
1458
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
308 ssl_proxy_unref(proxy);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
309 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
310
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
311 int ssl_proxy_new(int fd, struct ip_addr *ip)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
312 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
313 struct ssl_proxy *proxy;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
314 SSL *ssl;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
315 int sfd[2];
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
316
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
317 if (!ssl_initialized)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
318 return -1;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
319
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
320 ssl = SSL_new(ssl_ctx);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
321 if (ssl == NULL) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
322 i_error("SSL_new() failed: %s", ssl_last_error());
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
323 return -1;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
324 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
325
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
326 if (SSL_set_fd(ssl, fd) != 1) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
327 i_error("SSL_set_fd() failed: %s", ssl_last_error());
1457
7dd0e88ed7ef cleanups
Timo Sirainen <tss@iki.fi>
parents: 1324
diff changeset
328 SSL_free(ssl);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
329 return -1;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
330 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
331
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
332 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sfd) == -1) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
333 i_error("socketpair() failed: %m");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
334 SSL_free(ssl);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
335 return -1;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
336 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
337
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
338 net_set_nonblock(sfd[0], TRUE);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
339 net_set_nonblock(sfd[1], TRUE);
1268
0d9f0e617a1a net_* functions don't anymore set sockets to non-blocking by default.
Timo Sirainen <tss@iki.fi>
parents: 1235
diff changeset
340 net_set_nonblock(fd, TRUE);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
341
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
342 proxy = i_new(struct ssl_proxy, 1);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
343 proxy->refcount = 1;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
344 proxy->ssl = ssl;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
345 proxy->fd_ssl = fd;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
346 proxy->fd_plain = sfd[0];
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1234
diff changeset
347 proxy->ip = *ip;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
348
1544
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
349 hash_insert(ssl_proxies, proxy, proxy);
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
350
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
351 proxy->refcount++;
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
352 ssl_handshake(proxy);
1458
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
353 if (!ssl_proxy_unref(proxy)) {
1117
71c438e6a40f STARTTLS handshake failure fixes.
Timo Sirainen <tss@iki.fi>
parents: 1049
diff changeset
354 /* handshake failed. return the disconnected socket anyway
71c438e6a40f STARTTLS handshake failure fixes.
Timo Sirainen <tss@iki.fi>
parents: 1049
diff changeset
355 so the caller doesn't try to use the old closed fd */
71c438e6a40f STARTTLS handshake failure fixes.
Timo Sirainen <tss@iki.fi>
parents: 1049
diff changeset
356 return sfd[1];
71c438e6a40f STARTTLS handshake failure fixes.
Timo Sirainen <tss@iki.fi>
parents: 1049
diff changeset
357 }
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
358
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
359 main_ref();
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
360 return sfd[1];
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
361 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
362
1458
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
363 static int ssl_proxy_unref(struct ssl_proxy *proxy)
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
364 {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
365 if (--proxy->refcount > 0)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
366 return TRUE;
1490
Timo Sirainen <tss@iki.fi>
parents: 1485
diff changeset
367 i_assert(proxy->refcount == 0);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
368
1230
e6d2b8c78519 Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents: 1215
diff changeset
369 hash_remove(ssl_proxies, proxy);
e6d2b8c78519 Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents: 1215
diff changeset
370
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
371 (void)net_disconnect(proxy->fd_ssl);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
372 (void)net_disconnect(proxy->fd_plain);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
373
1324
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
374 if (proxy->io_ssl_read != NULL)
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
375 io_remove(proxy->io_ssl_read);
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
376 if (proxy->io_ssl_write != NULL)
13d8f69d4f1a rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents: 1268
diff changeset
377 io_remove(proxy->io_ssl_write);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
378 if (proxy->io_plain_read != NULL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
379 io_remove(proxy->io_plain_read);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
380 if (proxy->io_plain_write != NULL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
381 io_remove(proxy->io_plain_write);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
382
1457
7dd0e88ed7ef cleanups
Timo Sirainen <tss@iki.fi>
parents: 1324
diff changeset
383 SSL_free(proxy->ssl);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
384 i_free(proxy);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
385
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
386 main_unref();
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
387 return FALSE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
388 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
389
1458
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
390 static void ssl_proxy_destroy(struct ssl_proxy *proxy)
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
391 {
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
392 if (!proxy->destroyed) {
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
393 proxy->destroyed = TRUE;
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
394 ssl_proxy_unref(proxy);
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
395 }
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
396 }
98362534b2c7 Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents: 1457
diff changeset
397
1492
383d87166963 Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents: 1490
diff changeset
398 static RSA *ssl_gen_rsa_key(SSL *ssl __attr_unused__,
383d87166963 Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents: 1490
diff changeset
399 int is_export __attr_unused__, int keylength)
383d87166963 Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents: 1490
diff changeset
400 {
383d87166963 Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents: 1490
diff changeset
401 return RSA_generate_key(keylength, RSA_F4, NULL, NULL);
383d87166963 Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents: 1490
diff changeset
402 }
383d87166963 Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents: 1490
diff changeset
403
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
404 void ssl_proxy_init(void)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
405 {
1907
190f1d315ce6 Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
406 const char *cafile, *certfile, *keyfile, *paramfile;
1556
545f6b150e2c Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents: 1544
diff changeset
407 char buf;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
408
1907
190f1d315ce6 Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
409 cafile = getenv("SSL_CA_FILE");
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
410 certfile = getenv("SSL_CERT_FILE");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
411 keyfile = getenv("SSL_KEY_FILE");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
412 paramfile = getenv("SSL_PARAM_FILE");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
413
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
414 if (certfile == NULL || keyfile == NULL || paramfile == NULL) {
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
415 /* SSL support is disabled */
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
416 return;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
417 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
418
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
419 SSL_library_init();
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
420 SSL_load_error_strings();
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
421
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
422 if ((ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
423 i_fatal("SSL_CTX_new() failed");
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
424
1544
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
425 SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
426
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
427 if (SSL_CTX_set_cipher_list(ssl_ctx, SSL_CIPHER_LIST) != 1) {
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
428 i_fatal("Can't set cipher list to '%s': %s",
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
429 SSL_CIPHER_LIST, ssl_last_error());
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
430 }
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
431
1907
190f1d315ce6 Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
432 if (cafile != NULL) {
190f1d315ce6 Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
433 if (SSL_CTX_load_verify_locations(ssl_ctx, cafile, NULL) != 1) {
190f1d315ce6 Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
434 i_fatal("Can't load CA file %s: %s",
190f1d315ce6 Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
435 cafile, ssl_last_error());
190f1d315ce6 Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
436 }
190f1d315ce6 Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
437 }
190f1d315ce6 Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
438
1544
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
439 if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) {
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
440 i_fatal("Can't load certificate file %s: %s",
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
441 certfile, ssl_last_error());
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
442 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
443
1544
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
444 if (SSL_CTX_use_RSAPrivateKey_file(ssl_ctx, keyfile,
ac6ee442376d OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents: 1492
diff changeset
445 SSL_FILETYPE_PEM) != 1) {
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
446 i_fatal("Can't load private key file %s: %s",
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
447 keyfile, ssl_last_error());
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
448 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
449
1492
383d87166963 Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents: 1490
diff changeset
450 if (SSL_CTX_need_tmp_RSA(ssl_ctx))
383d87166963 Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents: 1490
diff changeset
451 SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
383d87166963 Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents: 1490
diff changeset
452
1556
545f6b150e2c Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents: 1544
diff changeset
453 /* PRNG initialization might want to use /dev/urandom, make sure it
545f6b150e2c Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents: 1544
diff changeset
454 does it before chrooting. */
545f6b150e2c Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents: 1544
diff changeset
455 if (RAND_bytes(&buf, 1) != 1)
545f6b150e2c Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents: 1544
diff changeset
456 i_fatal("RAND_bytes() failed: %s\n", ssl_last_error());
545f6b150e2c Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents: 1544
diff changeset
457
1230
e6d2b8c78519 Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents: 1215
diff changeset
458 ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
459 ssl_initialized = TRUE;
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
460 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
461
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
462 void ssl_proxy_deinit(void)
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
463 {
1897
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1556
diff changeset
464 struct hash_iterate_context *iter;
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1556
diff changeset
465 void *key, *value;
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1556
diff changeset
466
1230
e6d2b8c78519 Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents: 1215
diff changeset
467 if (!ssl_initialized)
e6d2b8c78519 Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents: 1215
diff changeset
468 return;
e6d2b8c78519 Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents: 1215
diff changeset
469
1897
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1556
diff changeset
470 iter = hash_iterate_init(ssl_proxies);
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1556
diff changeset
471 while (hash_iterate(iter, &key, &value))
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1556
diff changeset
472 ssl_proxy_destroy(value);
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1556
diff changeset
473 hash_iterate_deinit(iter);
1230
e6d2b8c78519 Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents: 1215
diff changeset
474 hash_destroy(ssl_proxies);
1232
f7da7d46e3f2 destroy proxies before destroying ssl context
Timo Sirainen <tss@iki.fi>
parents: 1231
diff changeset
475
f7da7d46e3f2 destroy proxies before destroying ssl context
Timo Sirainen <tss@iki.fi>
parents: 1231
diff changeset
476 SSL_CTX_free(ssl_ctx);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
477 }
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
478
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
479 #endif