Mercurial > dovecot > original-hg > dovecot-1.2
changeset 37:8b4c5ea7e6da HEAD
Some fixes to checking if SSL should be used.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 27 Aug 2002 00:20:19 +0300 |
parents | 2d6f60efa704 |
children | 2a56fca685a2 |
files | src/login/client.c src/login/main.c src/login/ssl-proxy.c src/login/ssl-proxy.h src/master/main.c |
diffstat | 5 files changed, 32 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login/client.c Tue Aug 27 00:07:27 2002 +0300 +++ b/src/login/client.c Tue Aug 27 00:20:19 2002 +0300 @@ -36,7 +36,6 @@ static int cmd_starttls(Client *client) { -#ifdef HAVE_SSL int fd_ssl; if (client->tls) { @@ -44,6 +43,11 @@ return TRUE; } + if (!ssl_initialized) { + client_send_tagline(client, "BAD TLS support isn't enabled."); + return TRUE; + } + client_send_tagline(client, "OK Begin TLS negotiation now."); io_buffer_send_flush(client->outbuf); @@ -57,9 +61,7 @@ client_send_line(client, " * BYE TLS handehake failed."); client_destroy(client, "TLS handshake failed"); } -#else - client_send_tagline(client, "BAD TLS support isn't enabled."); -#endif + return TRUE; }
--- a/src/login/main.c Tue Aug 27 00:07:27 2002 +0300 +++ b/src/login/main.c Tue Aug 27 00:20:19 2002 +0300 @@ -103,6 +103,13 @@ if (net_getsockname(LOGIN_IMAPS_LISTEN_FD, NULL, NULL) == 0) { /* we're listening for imaps */ + if (!ssl_initialized) { + /* this shouldn't happen, master should have + disabled the imaps socket.. */ + i_fatal("BUG: SSL initialization parameters not given " + "while they should have been"); + } + io_imaps = io_add(LOGIN_IMAPS_LISTEN_FD, IO_READ, login_accept_ssl, NULL); }
--- a/src/login/ssl-proxy.c Tue Aug 27 00:07:27 2002 +0300 +++ b/src/login/ssl-proxy.c Tue Aug 27 00:20:19 2002 +0300 @@ -5,6 +5,8 @@ #include "network.h" #include "ssl-proxy.h" +int ssl_initialized = FALSE; + #ifdef HAVE_SSL #include <stdlib.h> @@ -226,6 +228,9 @@ GNUTLS_STATE state; int ret, sfd[2]; + if (ssl_initialized) + return -1; + state = initialize_state(); gnutls_transport_set_ptr(state, fd); @@ -291,10 +296,14 @@ certfile = getenv("SSL_CERT_FILE"); keyfile = getenv("SSL_KEY_FILE"); - if (certfile == NULL) - i_fatal("SSL_CERT_FILE environment not set"); - if (keyfile == NULL) - i_fatal("SSL_KEY_FILE environment not set"); + if (certfile == NULL) { + i_warning("SSL certification not set, SSL/TLS is disabled"); + return; + } + if (keyfile == NULL) { + i_warning("SSL private key not set, SSL/TLS is disabled"); + return; + } if ((ret = gnutls_global_init() < 0)) { i_fatal("gnu_tls_global_init() failed: %s", @@ -315,6 +324,8 @@ generate_dh_primes(); gnutls_certificate_set_dh_params(x509_cred, dh_params); + + ssl_initialized = TRUE; } void ssl_proxy_deinit(void)
--- a/src/login/ssl-proxy.h Tue Aug 27 00:07:27 2002 +0300 +++ b/src/login/ssl-proxy.h Tue Aug 27 00:20:19 2002 +0300 @@ -1,6 +1,8 @@ #ifndef __SSL_PROXY_H #define __SSL_PROXY_H +extern int ssl_initialized; + /* establish SSL connection with the given fd, returns a new fd which you must use from now on, or -1 if error occured. Unless -1 is returned, the given fd must be simply forgotten. */
--- a/src/master/main.c Tue Aug 27 00:07:27 2002 +0300 +++ b/src/master/main.c Tue Aug 27 00:20:19 2002 +0300 @@ -145,7 +145,8 @@ i_fatal("listen(%d) failed: %ms", set_imap_port); } - imaps_fd = set_ssl_cert_file == NULL || set_ssl_key_file == NULL || + imaps_fd = set_ssl_cert_file == NULL || *set_ssl_cert_file == '\0' || + set_ssl_key_file == NULL || *set_ssl_key_file == '\0' || set_imaps_port == 0 ? dup(null_fd) : net_listen(imaps_ip, &set_imaps_port); if (imaps_fd == -1) {