Mercurial > dovecot > original-hg > dovecot-1.2

--- a/src/login/client.c	Tue Aug 27 00:07:27 2002 +0300
+++ b/src/login/client.c	Tue Aug 27 00:20:19 2002 +0300
@@ -36,7 +36,6 @@

 static int cmd_starttls(Client *client)
 {
-#ifdef HAVE_SSL
 	int fd_ssl;

 	if (client->tls) {
@@ -44,6 +43,11 @@
 		return TRUE;
 	}

+	if (!ssl_initialized) {
+		client_send_tagline(client, "BAD TLS support isn't enabled.");
+		return TRUE;
+	}
+
 	client_send_tagline(client, "OK Begin TLS negotiation now.");
 	io_buffer_send_flush(client->outbuf);

@@ -57,9 +61,7 @@
 		client_send_line(client, " * BYE TLS handehake failed.");
 		client_destroy(client, "TLS handshake failed");
 	}
-#else
-	client_send_tagline(client, "BAD TLS support isn't enabled.");
-#endif
+
 	return TRUE;
 }
--- a/src/login/main.c	Tue Aug 27 00:07:27 2002 +0300
+++ b/src/login/main.c	Tue Aug 27 00:20:19 2002 +0300
@@ -103,6 +103,13 @@

 	if (net_getsockname(LOGIN_IMAPS_LISTEN_FD, NULL, NULL) == 0) {
 		/* we're listening for imaps */
+		if (!ssl_initialized) {
+			/* this shouldn't happen, master should have
+			   disabled the imaps socket.. */
+			i_fatal("BUG: SSL initialization parameters not given "
+				"while they should have been");
+		}
+
 		io_imaps = io_add(LOGIN_IMAPS_LISTEN_FD, IO_READ,
 				  login_accept_ssl, NULL);
 	}
--- a/src/login/ssl-proxy.c	Tue Aug 27 00:07:27 2002 +0300
+++ b/src/login/ssl-proxy.c	Tue Aug 27 00:20:19 2002 +0300
@@ -5,6 +5,8 @@
 #include "network.h"
 #include "ssl-proxy.h"

+int ssl_initialized = FALSE;
+
 #ifdef HAVE_SSL

 #include <stdlib.h>
@@ -226,6 +228,9 @@
 	GNUTLS_STATE state;
 	int ret, sfd[2];

+	if (ssl_initialized)
+		return -1;
+
 	state = initialize_state();
 	gnutls_transport_set_ptr(state, fd);

@@ -291,10 +296,14 @@
 	certfile = getenv("SSL_CERT_FILE");
 	keyfile = getenv("SSL_KEY_FILE");

-	if (certfile == NULL)
-		i_fatal("SSL_CERT_FILE environment not set");
-	if (keyfile == NULL)
-		i_fatal("SSL_KEY_FILE environment not set");
+	if (certfile == NULL) {
+		i_warning("SSL certification not set, SSL/TLS is disabled");
+		return;
+	}
+	if (keyfile == NULL) {
+		i_warning("SSL private key not set, SSL/TLS is disabled");
+		return;
+	}

 	if ((ret = gnutls_global_init() < 0)) {
 		i_fatal("gnu_tls_global_init() failed: %s",
@@ -315,6 +324,8 @@

 	generate_dh_primes();
 	gnutls_certificate_set_dh_params(x509_cred, dh_params);
+
+	ssl_initialized = TRUE;
 }

 void ssl_proxy_deinit(void)
--- a/src/login/ssl-proxy.h	Tue Aug 27 00:07:27 2002 +0300
+++ b/src/login/ssl-proxy.h	Tue Aug 27 00:20:19 2002 +0300
@@ -1,6 +1,8 @@
 #ifndef __SSL_PROXY_H
 #define __SSL_PROXY_H

+extern int ssl_initialized;
+
 /* establish SSL connection with the given fd, returns a new fd which you
    must use from now on, or -1 if error occured. Unless -1 is returned,
    the given fd must be simply forgotten. */
--- a/src/master/main.c	Tue Aug 27 00:07:27 2002 +0300
+++ b/src/master/main.c	Tue Aug 27 00:20:19 2002 +0300
@@ -145,7 +145,8 @@
 		i_fatal("listen(%d) failed: %ms", set_imap_port);
 	}

-	imaps_fd = set_ssl_cert_file == NULL || set_ssl_key_file == NULL ||
+	imaps_fd = set_ssl_cert_file == NULL || *set_ssl_cert_file == '\0' ||
+		set_ssl_key_file == NULL || *set_ssl_key_file == '\0' ||
 		set_imaps_port == 0 ? dup(null_fd) :
 		net_listen(imaps_ip, &set_imaps_port);
 	if (imaps_fd == -1) {