Mercurial > dovecot > original-hg > dovecot-1.2

changeset 1907:190f1d315ce6 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added setting ssl_ca_file, patch by Zach Bagnall
author Timo Sirainen <tss@iki.fi>
date Mon, 19 Jan 2004 19:07:21 +0200
parents 956232f5706c
children 0615c22cbda5
files src/login-common/ssl-proxy-openssl.c src/master/login-process.c src/master/master-settings.c src/master/master-settings.h
diffstat 4 files changed, 22 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c	Tue Jan 06 08:14:48 2004 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Mon Jan 19 19:07:21 2004 +0200
@@ -403,9 +403,10 @@
 
 void ssl_proxy_init(void)
 {
-	const char *certfile, *keyfile, *paramfile;
+	const char *cafile, *certfile, *keyfile, *paramfile;
 	char buf;
 
+	cafile = getenv("SSL_CA_FILE");
 	certfile = getenv("SSL_CERT_FILE");
 	keyfile = getenv("SSL_KEY_FILE");
 	paramfile = getenv("SSL_PARAM_FILE");
@@ -428,6 +429,13 @@
 			SSL_CIPHER_LIST, ssl_last_error());
 	}
 
+	if (cafile != NULL) {
+		if (SSL_CTX_load_verify_locations(ssl_ctx, cafile, NULL) != 1) {
+			i_fatal("Can't load CA file %s: %s",
+				cafile, ssl_last_error());
+		}
+	}
+
 	if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) {
 		i_fatal("Can't load certificate file %s: %s",
 			certfile, ssl_last_error());
--- a/src/master/login-process.c	Tue Jan 06 08:14:48 2004 +0200
+++ b/src/master/login-process.c	Mon Jan 19 19:07:21 2004 +0200
@@ -382,6 +382,10 @@
 	env_put("DOVECOT_MASTER=1");
 
 	if (!set->ssl_disable) {
+		if (set->ssl_ca_file != NULL) {
+			env_put(t_strconcat("SSL_CA_FILE=",
+					    set->ssl_ca_file, NULL));
+		}
 		env_put(t_strconcat("SSL_CERT_FILE=",
 				    set->ssl_cert_file, NULL));
 		env_put(t_strconcat("SSL_KEY_FILE=",
--- a/src/master/master-settings.c	Tue Jan 06 08:14:48 2004 +0200
+++ b/src/master/master-settings.c	Mon Jan 19 19:07:21 2004 +0200
@@ -46,6 +46,7 @@
 	DEF(SET_STR, ssl_listen),
 
 	DEF(SET_BOOL, ssl_disable),
+	DEF(SET_STR, ssl_ca_file),
 	DEF(SET_STR, ssl_cert_file),
 	DEF(SET_STR, ssl_key_file),
 	DEF(SET_STR, ssl_parameters_file),
@@ -164,6 +165,7 @@
 	MEMBER(ssl_listen) NULL,
 
 	MEMBER(ssl_disable) FALSE,
+	MEMBER(ssl_ca_file) NULL,
 	MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem",
 	MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem",
 	MEMBER(ssl_parameters_file) "ssl-parameters.dat",
@@ -418,6 +420,12 @@
 
 #ifdef HAVE_SSL
 	if (!set->ssl_disable) {
+		if (set->ssl_ca_file != NULL &&
+		    access(set->ssl_ca_file, R_OK) < 0) {
+			i_fatal("Can't use SSL CA file %s: %m",
+				set->ssl_ca_file);
+		}
+
 		if (access(set->ssl_cert_file, R_OK) < 0) {
 			i_error("Can't use SSL certificate %s: %m",
 				set->ssl_cert_file);
--- a/src/master/master-settings.h	Tue Jan 06 08:14:48 2004 +0200
+++ b/src/master/master-settings.h	Mon Jan 19 19:07:21 2004 +0200
@@ -23,6 +23,7 @@
 	const char *ssl_listen;
 
 	int ssl_disable;
+	const char *ssl_ca_file;
 	const char *ssl_cert_file;
 	const char *ssl_key_file;
 	const char *ssl_parameters_file;