Mercurial > dovecot > original-hg > dovecot-1.2
changeset 1907:190f1d315ce6 HEAD
Added setting ssl_ca_file, patch by Zach Bagnall
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 19 Jan 2004 19:07:21 +0200 |
parents | 956232f5706c |
children | 0615c22cbda5 |
files | src/login-common/ssl-proxy-openssl.c src/master/login-process.c src/master/master-settings.c src/master/master-settings.h |
diffstat | 4 files changed, 22 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c Tue Jan 06 08:14:48 2004 +0200 +++ b/src/login-common/ssl-proxy-openssl.c Mon Jan 19 19:07:21 2004 +0200 @@ -403,9 +403,10 @@ void ssl_proxy_init(void) { - const char *certfile, *keyfile, *paramfile; + const char *cafile, *certfile, *keyfile, *paramfile; char buf; + cafile = getenv("SSL_CA_FILE"); certfile = getenv("SSL_CERT_FILE"); keyfile = getenv("SSL_KEY_FILE"); paramfile = getenv("SSL_PARAM_FILE"); @@ -428,6 +429,13 @@ SSL_CIPHER_LIST, ssl_last_error()); } + if (cafile != NULL) { + if (SSL_CTX_load_verify_locations(ssl_ctx, cafile, NULL) != 1) { + i_fatal("Can't load CA file %s: %s", + cafile, ssl_last_error()); + } + } + if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) { i_fatal("Can't load certificate file %s: %s", certfile, ssl_last_error());
--- a/src/master/login-process.c Tue Jan 06 08:14:48 2004 +0200 +++ b/src/master/login-process.c Mon Jan 19 19:07:21 2004 +0200 @@ -382,6 +382,10 @@ env_put("DOVECOT_MASTER=1"); if (!set->ssl_disable) { + if (set->ssl_ca_file != NULL) { + env_put(t_strconcat("SSL_CA_FILE=", + set->ssl_ca_file, NULL)); + } env_put(t_strconcat("SSL_CERT_FILE=", set->ssl_cert_file, NULL)); env_put(t_strconcat("SSL_KEY_FILE=",
--- a/src/master/master-settings.c Tue Jan 06 08:14:48 2004 +0200 +++ b/src/master/master-settings.c Mon Jan 19 19:07:21 2004 +0200 @@ -46,6 +46,7 @@ DEF(SET_STR, ssl_listen), DEF(SET_BOOL, ssl_disable), + DEF(SET_STR, ssl_ca_file), DEF(SET_STR, ssl_cert_file), DEF(SET_STR, ssl_key_file), DEF(SET_STR, ssl_parameters_file), @@ -164,6 +165,7 @@ MEMBER(ssl_listen) NULL, MEMBER(ssl_disable) FALSE, + MEMBER(ssl_ca_file) NULL, MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem", MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem", MEMBER(ssl_parameters_file) "ssl-parameters.dat", @@ -418,6 +420,12 @@ #ifdef HAVE_SSL if (!set->ssl_disable) { + if (set->ssl_ca_file != NULL && + access(set->ssl_ca_file, R_OK) < 0) { + i_fatal("Can't use SSL CA file %s: %m", + set->ssl_ca_file); + } + if (access(set->ssl_cert_file, R_OK) < 0) { i_error("Can't use SSL certificate %s: %m", set->ssl_cert_file);
--- a/src/master/master-settings.h Tue Jan 06 08:14:48 2004 +0200 +++ b/src/master/master-settings.h Mon Jan 19 19:07:21 2004 +0200 @@ -23,6 +23,7 @@ const char *ssl_listen; int ssl_disable; + const char *ssl_ca_file; const char *ssl_cert_file; const char *ssl_key_file; const char *ssl_parameters_file;