Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/login-common/ssl-proxy-openssl.c @ 4127:60583fb75d9e HEAD
Rewrite. Hopefully works better.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 02 Apr 2006 19:42:27 +0300 |
parents | aeb424e64f24 |
children | c12bb541f925 |
rev | line source |
---|---|
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* Copyright (C) 2002 Timo Sirainen */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "common.h" |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
4 #include "array.h" |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "ioloop.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 #include "network.h" |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
7 #include "ostream.h" |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
8 #include "read-full.h" |
1231 | 9 #include "hash.h" |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "ssl-proxy.h" |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
12 #include <fcntl.h> |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
13 #include <unistd.h> |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
14 #include <sys/stat.h> |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
15 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #ifdef HAVE_OPENSSL |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 #include <openssl/crypto.h> |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 #include <openssl/x509.h> |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 #include <openssl/pem.h> |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 #include <openssl/ssl.h> |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 #include <openssl/err.h> |
1556
545f6b150e2c
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents:
1544
diff
changeset
|
23 #include <openssl/rand.h> |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 |
1996 | 25 #define DOVECOT_SSL_DEFAULT_CIPHER_LIST "ALL:!LOW" |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
26 /* Check every 30 minutes if parameters file has been updated */ |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
27 #define SSL_PARAMFILE_CHECK_INTERVAL (60*30) |
1544
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
28 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
29 #define PLAIN_OUTPUT_OPTIMAL_SIZE 2048 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
30 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
31 enum ssl_want { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
32 WANT_INPUT, |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
33 WANT_OUTPUT |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 }; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 struct ssl_proxy { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 int refcount; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 SSL *ssl; |
1235 | 40 struct ip_addr ip; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 int fd_ssl, fd_plain; |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
43 struct io *io_ssl, *io_plain_input; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
45 enum ssl_want want; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
46 void (*step)(struct ssl_proxy *); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
47 unsigned int ssl_want_size; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
48 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
49 struct ostream *plain_output; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 unsigned char sslout_buf[1024]; |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
52 unsigned int sslout_size; |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
53 |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
54 unsigned int handshaked:1; |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
55 unsigned int destroyed:1; |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
56 unsigned int cert_received:1; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
57 unsigned int cert_broken:1; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 }; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
60 struct ssl_parameters { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
61 const char *fname; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
62 time_t last_mtime; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
63 int fd; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
64 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
65 DH *dh_512, *dh_1024; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
66 }; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
67 |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
68 static int extdata_index; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 static SSL_CTX *ssl_ctx; |
1230
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
70 static struct hash_table *ssl_proxies; |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
71 static struct ssl_parameters ssl_params; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
73 static void ssl_input(struct ssl_proxy *proxy); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
74 static void ssl_output(struct ssl_proxy *proxy); |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
75 static void ssl_step(void *context); |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
76 static void ssl_proxy_destroy(struct ssl_proxy *proxy); |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
77 static void ssl_proxy_unref(struct ssl_proxy *proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
79 static void read_next(struct ssl_parameters *params, void *data, size_t size) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
80 { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
81 int ret; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
82 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
83 if ((ret = read_full(params->fd, data, size)) < 0) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
84 i_fatal("read(%s) failed: %m", params->fname); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
85 if (ret == 0) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
86 i_fatal("read(%s) failed: Unexpected EOF", params->fname); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
87 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
88 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
89 static bool read_dh_parameters_next(struct ssl_parameters *params) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
90 { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
91 unsigned char *buf; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
92 const unsigned char *cbuf; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
93 unsigned int len; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
94 int bits; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
95 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
96 /* read bit size. 0 ends the DH parameters list. */ |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
97 read_next(params, &bits, sizeof(bits)); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
98 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
99 if (bits == 0) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
100 return FALSE; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
101 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
102 /* read data size. */ |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
103 read_next(params, &len, sizeof(len)); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
104 if (len > 1024*100) /* should be enough? */ |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
105 i_fatal("Corrupted SSL parameters file: %s", params->fname); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
106 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
107 buf = i_malloc(len); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
108 read_next(params, buf, len); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
109 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
110 cbuf = buf; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
111 switch (bits) { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
112 case 512: |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
113 params->dh_512 = d2i_DHparams(NULL, &cbuf, len); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
114 break; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
115 case 1024: |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
116 params->dh_1024 = d2i_DHparams(NULL, &cbuf, len); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
117 break; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
118 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
119 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
120 i_free(buf); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
121 return TRUE; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
122 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
123 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
124 static void ssl_free_parameters(struct ssl_parameters *params) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
125 { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
126 if (params->dh_512 != NULL) { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
127 DH_free(params->dh_512); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
128 params->dh_512 = NULL; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
129 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
130 if (params->dh_1024 != NULL) { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
131 DH_free(params->dh_1024); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
132 params->dh_1024 = NULL; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
133 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
134 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
135 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
136 static void ssl_read_parameters(struct ssl_parameters *params) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
137 { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
138 bool warned = FALSE; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
139 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
140 /* we'll wait until parameter file exists */ |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
141 for (;;) { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
142 params->fd = open(params->fname, O_RDONLY); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
143 if (params->fd != -1) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
144 break; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
145 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
146 if (errno != ENOENT) { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
147 i_fatal("Can't open SSL parameter file %s: %m", |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
148 params->fname); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
149 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
150 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
151 if (!warned) { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
152 i_warning("Waiting for SSL parameter file %s", |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
153 params->fname); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
154 warned = TRUE; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
155 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
156 sleep(1); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
157 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
158 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
159 ssl_free_parameters(params); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
160 while (read_dh_parameters_next(params)) ; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
161 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
162 if (close(params->fd) < 0) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
163 i_error("close() failed: %m"); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
164 params->fd = -1; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
165 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
166 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
167 static void ssl_refresh_parameters(struct ssl_parameters *params) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
168 { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
169 struct stat st; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
170 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
171 if (params->last_mtime > ioloop_time - SSL_PARAMFILE_CHECK_INTERVAL) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
172 return; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
173 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
174 if (params->last_mtime == 0) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
175 ssl_read_parameters(params); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
176 else { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
177 if (stat(params->fname, &st) < 0) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
178 i_error("stat(%s) failed: %m", params->fname); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
179 else if (st.st_mtime != params->last_mtime) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
180 ssl_read_parameters(params); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
181 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
182 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
183 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
184 static const char *ssl_last_error(void) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
185 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
186 unsigned long err; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
187 char *buf; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
188 size_t err_size = 256; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
189 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
190 err = ERR_get_error(); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 if (err == 0) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 return strerror(errno); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 buf = t_malloc(err_size); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 buf[err_size-1] = '\0'; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 ERR_error_string_n(err, buf, err_size-1); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 return buf; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
200 static void ssl_set_io(struct ssl_proxy *proxy, enum ssl_want want) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
201 { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
202 if (proxy->io_ssl != NULL) { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
203 if (want == proxy->want) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
204 return; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
205 io_remove(&proxy->io_ssl); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
206 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
207 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
208 proxy->want = want; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
209 switch (want) { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
210 case WANT_INPUT: |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
211 proxy->io_ssl = |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
212 io_add(proxy->fd_ssl, IO_READ, ssl_step, proxy); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
213 break; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
214 case WANT_OUTPUT: |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
215 proxy->io_ssl = |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
216 io_add(proxy->fd_ssl, IO_WRITE, ssl_step, proxy); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
217 break; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
218 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
219 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
220 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
221 static void |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
222 ssl_handle_error(struct ssl_proxy *proxy, int ret, const char *func_name, |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
223 void (*func)(struct ssl_proxy *), unsigned int want_size) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 { |
1235 | 225 const char *errstr; |
226 int err; | |
227 | |
228 err = SSL_get_error(proxy->ssl, ret); | |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 switch (err) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 case SSL_ERROR_WANT_READ: |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
232 proxy->step = func; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
233 proxy->ssl_want_size = want_size; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
234 ssl_set_io(proxy, WANT_INPUT); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 case SSL_ERROR_WANT_WRITE: |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
237 proxy->step = func; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
238 proxy->ssl_want_size = want_size; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
239 ssl_set_io(proxy, WANT_OUTPUT); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 case SSL_ERROR_SYSCALL: |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 /* eat up the error queue */ |
1235 | 243 if (verbose_ssl) { |
244 if (ERR_peek_error() != 0) | |
245 errstr = ssl_last_error(); | |
246 else { | |
247 if (ret == 0) | |
248 errstr = "EOF"; | |
249 else | |
250 errstr = strerror(errno); | |
251 } | |
252 | |
253 i_warning("%s syscall failed: %s [%s]", | |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
254 func_name, errstr, net_ip2addr(&proxy->ip)); |
1235 | 255 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
256 ssl_proxy_destroy(proxy); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
257 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
258 case SSL_ERROR_ZERO_RETURN: |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 /* clean connection closing */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
260 ssl_proxy_destroy(proxy); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
261 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
262 case SSL_ERROR_SSL: |
1235 | 263 if (verbose_ssl) { |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
264 i_warning("%s failed: %s [%s]", func_name, |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
265 ssl_last_error(), net_ip2addr(&proxy->ip)); |
1235 | 266 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 ssl_proxy_destroy(proxy); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
269 default: |
1235 | 270 i_warning("%s failed: unknown failure %d (%s) [%s]", |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
271 func_name, err, ssl_last_error(), |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
272 net_ip2addr(&proxy->ip)); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
273 ssl_proxy_destroy(proxy); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
274 break; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
275 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
276 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
277 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
278 static void plain_input(void *context) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
279 { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
280 struct ssl_proxy *proxy = context; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
281 ssize_t ret; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
282 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
283 if (proxy->sslout_size == sizeof(proxy->sslout_buf)) { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
284 /* buffer full, block input until it's written */ |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
285 io_remove(&proxy->io_plain_input); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
286 return; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
287 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
288 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
289 ret = net_receive(proxy->fd_plain, |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
290 proxy->sslout_buf + proxy->sslout_size, |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
291 sizeof(proxy->sslout_buf) - proxy->sslout_size); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
292 if (ret <= 0) { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
293 if (ret < 0) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
294 ssl_proxy_destroy(proxy); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
295 } else { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
296 proxy->sslout_size += ret; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
297 if (SSL_want(proxy->ssl) == SSL_NOTHING) { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
298 i_assert(proxy->ssl_want_size == 0); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
299 ssl_output(proxy); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
300 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
301 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
302 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
303 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
304 static int plain_output(void *context) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
305 { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
306 struct ssl_proxy *proxy = context; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
307 int ret; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
308 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
309 if (proxy->ssl_want_size != 0) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
310 return 0; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
311 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
312 if ((ret = o_stream_flush(proxy->plain_output)) < 0) { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
313 ssl_proxy_destroy(proxy); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
314 return 1; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
315 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
316 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
317 if (o_stream_get_buffer_used_size(proxy->plain_output) < |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
318 PLAIN_OUTPUT_OPTIMAL_SIZE && |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
319 proxy->want == WANT_INPUT && proxy->io_ssl == NULL) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
320 ssl_set_io(proxy, WANT_INPUT); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
321 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
322 return ret; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
323 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
324 |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
325 static void ssl_handshake(struct ssl_proxy *proxy) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
326 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
327 int ret; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
328 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
329 net_set_cork(proxy->fd_ssl, TRUE); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
330 ret = SSL_accept(proxy->ssl); |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
331 net_set_cork(proxy->fd_ssl, FALSE); |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
332 if (ret != 1) |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
333 ssl_handle_error(proxy, ret, "SSL_accept()", ssl_handshake, 0); |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
334 else { |
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
335 proxy->handshaked = TRUE; |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
336 proxy->step = ssl_input; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
337 ssl_set_io(proxy, WANT_INPUT); |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
338 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
339 proxy->io_plain_input = io_add(proxy->fd_plain, IO_READ, |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
340 plain_input, proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
341 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
342 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
343 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
344 static void ssl_input(struct ssl_proxy *proxy) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
345 { |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
346 unsigned char buf[PLAIN_OUTPUT_OPTIMAL_SIZE]; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
347 size_t size, used; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
348 ssize_t ret, ret2; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
349 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
350 used = o_stream_get_buffer_used_size(proxy->plain_output); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
351 if (used >= PLAIN_OUTPUT_OPTIMAL_SIZE) { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
352 io_remove(&proxy->io_ssl); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
353 return; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
354 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
355 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
356 size = sizeof(buf) - used; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
357 if (proxy->ssl_want_size != 0) { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
358 i_assert(proxy->ssl_want_size <= size); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
359 size = proxy->ssl_want_size; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
360 proxy->ssl_want_size = 0; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
361 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
362 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
363 ret = SSL_read(proxy->ssl, buf, size); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
364 if (ret <= 0) { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
365 ssl_handle_error(proxy, ret, "SSL_read()", ssl_input, size); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
366 return; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
367 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
368 o_stream_cork(proxy->plain_output); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
369 ret2 = o_stream_send(proxy->plain_output, buf, ret); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
370 i_assert(ret2 < 0 || ret2 == ret); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
371 o_stream_uncork(proxy->plain_output); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
372 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
373 if (proxy->sslout_size > 0) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
374 ssl_output(proxy); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
375 } |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
376 |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
377 static void ssl_output(struct ssl_proxy *proxy) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
378 { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
379 unsigned int size; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
380 int ret; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
381 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
382 if (proxy->ssl_want_size == 0) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
383 size = proxy->sslout_size; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
384 else { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
385 i_assert(proxy->ssl_want_size <= proxy->sslout_size); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
386 size = proxy->ssl_want_size; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
387 proxy->ssl_want_size = 0; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
388 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
389 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
390 net_set_cork(proxy->fd_ssl, TRUE); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
391 ret = SSL_write(proxy->ssl, proxy->sslout_buf, size); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
392 net_set_cork(proxy->fd_ssl, FALSE); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
393 if (ret <= 0) { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
394 ssl_handle_error(proxy, ret, "SSL_write()", ssl_output, size); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
395 return; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
396 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
397 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
398 proxy->sslout_size -= ret; |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
399 memmove(proxy->sslout_buf, proxy->sslout_buf + ret, proxy->sslout_size); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
400 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
401 ssl_set_io(proxy, proxy->sslout_size > 0 ? WANT_OUTPUT : WANT_INPUT); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
402 if (proxy->io_plain_input == NULL) { |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
403 proxy->io_plain_input = io_add(proxy->fd_plain, IO_READ, |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
404 plain_input, proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
405 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
406 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
407 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
408 static void ssl_step(void *context) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
409 { |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
410 struct ssl_proxy *proxy = context; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
411 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
412 proxy->step(proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
413 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
414 |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
415 int ssl_proxy_new(int fd, struct ip_addr *ip, struct ssl_proxy **proxy_r) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
416 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
417 struct ssl_proxy *proxy; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
418 SSL *ssl; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
419 int sfd[2]; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
420 |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
421 *proxy_r = NULL; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
422 |
2679
8f7b01c29bcb
Show clear error messages if --ssl is tried to be used but it's not
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
423 if (!ssl_initialized) { |
8f7b01c29bcb
Show clear error messages if --ssl is tried to be used but it's not
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
424 i_error("SSL support not enabled in configuration"); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
425 return -1; |
2679
8f7b01c29bcb
Show clear error messages if --ssl is tried to be used but it's not
Timo Sirainen <tss@iki.fi>
parents:
2629
diff
changeset
|
426 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
427 |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
428 ssl_refresh_parameters(&ssl_params); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
429 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
430 ssl = SSL_new(ssl_ctx); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
431 if (ssl == NULL) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
432 i_error("SSL_new() failed: %s", ssl_last_error()); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
433 return -1; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
434 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
435 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
436 if (SSL_set_fd(ssl, fd) != 1) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
437 i_error("SSL_set_fd() failed: %s", ssl_last_error()); |
1457 | 438 SSL_free(ssl); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
439 return -1; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
440 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
441 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
442 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sfd) == -1) { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
443 i_error("socketpair() failed: %m"); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
444 SSL_free(ssl); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
445 return -1; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
446 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
447 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
448 net_set_nonblock(sfd[0], TRUE); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
449 net_set_nonblock(sfd[1], TRUE); |
1268
0d9f0e617a1a
net_* functions don't anymore set sockets to non-blocking by default.
Timo Sirainen <tss@iki.fi>
parents:
1235
diff
changeset
|
450 net_set_nonblock(fd, TRUE); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
451 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
452 proxy = i_new(struct ssl_proxy, 1); |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
453 proxy->refcount = 2; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
454 proxy->ssl = ssl; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
455 proxy->fd_ssl = fd; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
456 proxy->fd_plain = sfd[0]; |
1235 | 457 proxy->ip = *ip; |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
458 proxy->plain_output = |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
459 o_stream_create_file(proxy->fd_plain, default_pool, |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
460 (size_t)-1, FALSE); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
461 o_stream_set_flush_callback(proxy->plain_output, plain_output, proxy); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
462 |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
463 SSL_set_ex_data(ssl, extdata_index, proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
464 |
1544
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
465 hash_insert(ssl_proxies, proxy, proxy); |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
466 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
467 proxy->step = ssl_handshake; |
1324
13d8f69d4f1a
rewrite, maybe it works properly now.
Timo Sirainen <tss@iki.fi>
parents:
1268
diff
changeset
|
468 ssl_handshake(proxy); |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
469 main_ref(); |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
470 |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
471 *proxy_r = proxy; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
472 return sfd[1]; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
473 } |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
474 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
475 bool ssl_proxy_has_valid_client_cert(struct ssl_proxy *proxy) |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
476 { |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
477 return proxy->cert_received && !proxy->cert_broken; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
478 } |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
479 |
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
480 const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy) |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
481 { |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
482 X509 *x509; |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
483 char buf[1024]; |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
484 const char *name; |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
485 |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
486 if (!ssl_proxy_has_valid_client_cert(proxy)) |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
487 return NULL; |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
488 |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
489 x509 = SSL_get_peer_certificate(proxy->ssl); |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
490 if (x509 == NULL) |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
491 return NULL; /* we should have had it.. */ |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
492 |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
493 X509_NAME_oneline(X509_get_subject_name(x509), buf, sizeof(buf)); |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
494 name = t_strndup(buf, sizeof(buf)); |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
495 X509_free(x509); |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
496 |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
497 return *name == '\0' ? NULL : name; |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
498 } |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3584
diff
changeset
|
499 |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
500 void ssl_proxy_free(struct ssl_proxy *proxy) |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
501 { |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
502 ssl_proxy_unref(proxy); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
503 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
504 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
505 static void ssl_proxy_unref(struct ssl_proxy *proxy) |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
506 { |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
507 if (--proxy->refcount > 0) |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
508 return; |
1490 | 509 i_assert(proxy->refcount == 0); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
510 |
2302
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
511 SSL_free(proxy->ssl); |
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
512 i_free(proxy); |
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
513 |
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
514 main_unref(); |
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
515 } |
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
516 |
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
517 static void ssl_proxy_destroy(struct ssl_proxy *proxy) |
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
518 { |
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
519 if (proxy->destroyed) |
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
520 return; |
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
521 proxy->destroyed = TRUE; |
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
522 |
1230
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
523 hash_remove(ssl_proxies, proxy); |
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
524 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
525 if (proxy->io_ssl != NULL) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
526 io_remove(&proxy->io_ssl); |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
527 if (proxy->io_plain_input != NULL) |
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
528 io_remove(&proxy->io_plain_input); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
529 |
4127
60583fb75d9e
Rewrite. Hopefully works better.
Timo Sirainen <tss@iki.fi>
parents:
3960
diff
changeset
|
530 o_stream_unref(&proxy->plain_output); |
3960
aeb424e64f24
Call io_remove() before closing the fd. It's required by kqueue.
Timo Sirainen <tss@iki.fi>
parents:
3889
diff
changeset
|
531 (void)net_disconnect(proxy->fd_ssl); |
aeb424e64f24
Call io_remove() before closing the fd. It's required by kqueue.
Timo Sirainen <tss@iki.fi>
parents:
3889
diff
changeset
|
532 (void)net_disconnect(proxy->fd_plain); |
aeb424e64f24
Call io_remove() before closing the fd. It's required by kqueue.
Timo Sirainen <tss@iki.fi>
parents:
3889
diff
changeset
|
533 |
2302
8438064ddf08
Refcounting fixes. Unexpectedly destroyed SSL connection could have left
Timo Sirainen <tss@iki.fi>
parents:
2027
diff
changeset
|
534 ssl_proxy_unref(proxy); |
1458
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
535 } |
98362534b2c7
Unexpected SSL connection errors sometimes crashed
Timo Sirainen <tss@iki.fi>
parents:
1457
diff
changeset
|
536 |
1492
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
537 static RSA *ssl_gen_rsa_key(SSL *ssl __attr_unused__, |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
538 int is_export __attr_unused__, int keylength) |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
539 { |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
540 return RSA_generate_key(keylength, RSA_F4, NULL, NULL); |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
541 } |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
542 |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
543 static DH *ssl_tmp_dh_callback(SSL *ssl __attr_unused__, |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
544 int is_export, int keylength) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
545 { |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
546 /* Well, I'm not exactly sure why the logic in here is this. |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
547 It's the same as in Postfix, so it can't be too wrong. */ |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
548 if (is_export && keylength == 512 && ssl_params.dh_512 != NULL) |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
549 return ssl_params.dh_512; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
550 |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
551 return ssl_params.dh_1024; |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
552 } |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
553 |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
554 static int ssl_verify_client_cert(int preverify_ok, X509_STORE_CTX *ctx) |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
555 { |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
556 SSL *ssl; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
557 struct ssl_proxy *proxy; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
558 |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
559 ssl = X509_STORE_CTX_get_ex_data(ctx, |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
560 SSL_get_ex_data_X509_STORE_CTX_idx()); |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
561 proxy = SSL_get_ex_data(ssl, extdata_index); |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
562 |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
563 proxy->cert_received = TRUE; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
564 if (!preverify_ok) |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
565 proxy->cert_broken = TRUE; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
566 |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
567 return 1; |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
568 } |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
569 |
3889
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
570 static int |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
571 pem_password_callback(char *buf, int size, int rwflag __attr_unused__, |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
572 void *userdata) |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
573 { |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
574 if (userdata == NULL) { |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
575 i_error("SSL private key file is password protected, " |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
576 "but password isn't given"); |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
577 return 0; |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
578 } |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
579 |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
580 if (strocpy(buf, userdata, size) < 0) |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
581 return 0; |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
582 return strlen(buf); |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
583 } |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
584 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
585 void ssl_proxy_init(void) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
586 { |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
587 const char *cafile, *certfile, *keyfile, *cipher_list; |
3889
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
588 char *password; |
2629
6ba9dcff11b9
Compiler warning fixes and cleanups
Timo Sirainen <tss@iki.fi>
parents:
2335
diff
changeset
|
589 unsigned char buf; |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
590 |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
591 memset(&ssl_params, 0, sizeof(ssl_params)); |
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
592 |
1907
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
593 cafile = getenv("SSL_CA_FILE"); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
594 certfile = getenv("SSL_CERT_FILE"); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
595 keyfile = getenv("SSL_KEY_FILE"); |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
596 ssl_params.fname = getenv("SSL_PARAM_FILE"); |
3889
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
597 password = getenv("SSL_KEY_PASSWORD"); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
598 |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
599 if (certfile == NULL || keyfile == NULL || ssl_params.fname == NULL) { |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
600 /* SSL support is disabled */ |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
601 return; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
602 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
603 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
604 SSL_library_init(); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
605 SSL_load_error_strings(); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
606 |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
607 extdata_index = SSL_get_ex_new_index(0, "dovecot", NULL, NULL, NULL); |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
608 |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
609 if ((ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
610 i_fatal("SSL_CTX_new() failed"); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
611 |
1544
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
612 SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
613 |
1996 | 614 cipher_list = getenv("SSL_CIPHER_LIST"); |
615 if (cipher_list == NULL) | |
616 cipher_list = DOVECOT_SSL_DEFAULT_CIPHER_LIST; | |
617 if (SSL_CTX_set_cipher_list(ssl_ctx, cipher_list) != 1) { | |
1544
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
618 i_fatal("Can't set cipher list to '%s': %s", |
1996 | 619 cipher_list, ssl_last_error()); |
1544
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
620 } |
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
621 |
1907
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
622 if (cafile != NULL) { |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
623 if (SSL_CTX_load_verify_locations(ssl_ctx, cafile, NULL) != 1) { |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
624 i_fatal("Can't load CA file %s: %s", |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
625 cafile, ssl_last_error()); |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
626 } |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
627 } |
190f1d315ce6
Added setting ssl_ca_file, patch by Zach Bagnall
Timo Sirainen <tss@iki.fi>
parents:
1897
diff
changeset
|
628 |
1544
ac6ee442376d
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
Timo Sirainen <tss@iki.fi>
parents:
1492
diff
changeset
|
629 if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) { |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
630 i_fatal("Can't load certificate file %s: %s", |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
631 certfile, ssl_last_error()); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
632 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
633 |
3889
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
634 SSL_CTX_set_default_passwd_cb(ssl_ctx, pem_password_callback); |
c7462001227b
Added support for password protected SSL private keys. The password can be
Timo Sirainen <tss@iki.fi>
parents:
3888
diff
changeset
|
635 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, password); |
3584
b686c8bbcd6f
Don't require private key to be RSA
Timo Sirainen <tss@iki.fi>
parents:
3580
diff
changeset
|
636 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, keyfile, |
b686c8bbcd6f
Don't require private key to be RSA
Timo Sirainen <tss@iki.fi>
parents:
3580
diff
changeset
|
637 SSL_FILETYPE_PEM) != 1) { |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
638 i_fatal("Can't load private key file %s: %s", |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
639 keyfile, ssl_last_error()); |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
640 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
641 |
1492
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
642 if (SSL_CTX_need_tmp_RSA(ssl_ctx)) |
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
643 SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
644 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback); |
1492
383d87166963
Generate temporary RSA key when requested. Could be slow, should do some
Timo Sirainen <tss@iki.fi>
parents:
1490
diff
changeset
|
645 |
1997
1d0985f6bdd9
Added ssl_verify_client_cert setting.
Timo Sirainen <tss@iki.fi>
parents:
1996
diff
changeset
|
646 if (getenv("SSL_VERIFY_CLIENT_CERT") != NULL) { |
1d0985f6bdd9
Added ssl_verify_client_cert setting.
Timo Sirainen <tss@iki.fi>
parents:
1996
diff
changeset
|
647 SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER | |
2027
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
648 SSL_VERIFY_CLIENT_ONCE, |
dc5d0da1abe9
Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents:
2007
diff
changeset
|
649 ssl_verify_client_cert); |
1997
1d0985f6bdd9
Added ssl_verify_client_cert setting.
Timo Sirainen <tss@iki.fi>
parents:
1996
diff
changeset
|
650 } |
1d0985f6bdd9
Added ssl_verify_client_cert setting.
Timo Sirainen <tss@iki.fi>
parents:
1996
diff
changeset
|
651 |
1556
545f6b150e2c
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents:
1544
diff
changeset
|
652 /* PRNG initialization might want to use /dev/urandom, make sure it |
2007
3dd9d3165bff
Don't require initializing RAND_bytes() to return cryptographically strong
Timo Sirainen <tss@iki.fi>
parents:
1997
diff
changeset
|
653 does it before chrooting. We might not have enough entropy at |
3dd9d3165bff
Don't require initializing RAND_bytes() to return cryptographically strong
Timo Sirainen <tss@iki.fi>
parents:
1997
diff
changeset
|
654 the first try, so this function may fail. It's still been |
3dd9d3165bff
Don't require initializing RAND_bytes() to return cryptographically strong
Timo Sirainen <tss@iki.fi>
parents:
1997
diff
changeset
|
655 initialized though. */ |
3dd9d3165bff
Don't require initializing RAND_bytes() to return cryptographically strong
Timo Sirainen <tss@iki.fi>
parents:
1997
diff
changeset
|
656 (void)RAND_bytes(&buf, 1); |
1556
545f6b150e2c
Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
Timo Sirainen <tss@iki.fi>
parents:
1544
diff
changeset
|
657 |
1230
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
658 ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
659 ssl_initialized = TRUE; |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
660 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
661 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
662 void ssl_proxy_deinit(void) |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
663 { |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
664 struct hash_iterate_context *iter; |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
665 void *key, *value; |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
666 |
1230
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
667 if (!ssl_initialized) |
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
668 return; |
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
669 |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
670 iter = hash_iterate_init(ssl_proxies); |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
671 while (hash_iterate(iter, &key, &value)) |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
672 ssl_proxy_destroy(value); |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1556
diff
changeset
|
673 hash_iterate_deinit(iter); |
1230
e6d2b8c78519
Keep list of the SSL proxies, so they're deinitialized properly if we have
Timo Sirainen <tss@iki.fi>
parents:
1215
diff
changeset
|
674 hash_destroy(ssl_proxies); |
1232
f7da7d46e3f2
destroy proxies before destroying ssl context
Timo Sirainen <tss@iki.fi>
parents:
1231
diff
changeset
|
675 |
3888
650701d41cdf
Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
676 ssl_free_parameters(&ssl_params); |
1232
f7da7d46e3f2
destroy proxies before destroying ssl context
Timo Sirainen <tss@iki.fi>
parents:
1231
diff
changeset
|
677 SSL_CTX_free(ssl_ctx); |
1049
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
678 } |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
679 |
c41787e8c3f4
Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
680 #endif |