dovecot-2.0: master: Removed all SSL related code. It doesn't be...

dovecot at dovecot.org dovecot at dovecot.org
Thu Oct 8 00:55:17 EEST 2009 

details:   http://hg.dovecot.org/dovecot-2.0/rev/9716b5a4b14a
changeset: 9983:9716b5a4b14a
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Oct 07 17:44:38 2009 -0400
description:
master: Removed all SSL related code. It doesn't belong there.

diffstat:

6 files changed, 431 deletions(-)
src/master/Makefile.am        |    1 
src/master/ssl-init-gnutls.c  |   86 -------------------
src/master/ssl-init-main.c    |   82 ------------------
src/master/ssl-init-openssl.c |   71 ----------------
src/master/ssl-init.c         |  179 -----------------------------------------
src/master/ssl-init.h         |   12 --

diffs (truncated from 461 to 300 lines):

diff -r 9e28fcdc74ab -r 9716b5a4b14a src/master/Makefile.am
--- a/src/master/Makefile.am	Wed Oct 07 17:44:01 2009 -0400
+++ b/src/master/Makefile.am	Wed Oct 07 17:44:38 2009 -0400
@@ -1,7 +1,6 @@ pkglibexecdir = $(libexecdir)/dovecot
 pkglibexecdir = $(libexecdir)/dovecot
 
 sbin_PROGRAMS = dovecot
-#pkglibexec_PROGRAMS = ssl-build-param
 
 AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/lib \
diff -r 9e28fcdc74ab -r 9716b5a4b14a src/master/ssl-init-gnutls.c
--- a/src/master/ssl-init-gnutls.c	Wed Oct 07 17:44:01 2009 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,86 +0,0 @@
-/* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */
-
-#include "common.h"
-#include "write-full.h"
-#include "ssl-init.h"
-
-#ifdef HAVE_GNUTLS
-
-#include <stdlib.h>
-#include <gnutls/gnutls.h>
-
-static int prime_nums[] = { 768, 1024, 0 };
-
-static void write_datum(int fd, const char *fname, gnutls_datum *dbits)
-{
-	if (write_full(fd, &dbits->size, sizeof(dbits->size)) < 0)
-		i_fatal("write_full() failed for file %s: %m", fname);
-
-	if (write_full(fd, dbits->data, dbits->size) < 0)
-		i_fatal("write_full() failed for file %s: %m", fname);
-}
-
-static void generate_dh_parameters(int fd, const char *fname)
-{
-	gnutls_datum dbits, prime, generator;
-	int ret, bits, i;
-
-	dbits.size = sizeof(bits);
-	dbits.data = (unsigned char *) &bits;
-
-	for (i = 0; prime_nums[i] != 0; i++) {
-		bits = prime_nums[i];
-
-		ret = gnutls_dh_params_generate(&prime, &generator, bits);
-		if (ret < 0) {
-			i_fatal("gnutls_dh_params_generate(%d) failed: %s",
-				bits, gnutls_strerror(ret));
-		}
-
-		write_datum(fd, fname, &dbits);
-		write_datum(fd, fname, &prime);
-		write_datum(fd, fname, &generator);
-
-		free(prime.data);
-		free(generator.data);
-	}
-
-	bits = 0;
-	write_datum(fd, fname, &dbits);
-}
-
-static void generate_rsa_parameters(int fd, const char *fname)
-{
-	gnutls_datum m, e, d, p, q, u;
-	int ret;
-
-        ret = gnutls_rsa_params_generate(&m, &e, &d, &p, &q, &u, 512);
-	if (ret < 0) {
-		i_fatal("gnutls_rsa_params_generate() faile: %s",
-			strerror(ret));
-	}
-
-	write_datum(fd, fname, &m);
-	write_datum(fd, fname, &e);
-	write_datum(fd, fname, &d);
-	write_datum(fd, fname, &p);
-	write_datum(fd, fname, &q);
-	write_datum(fd, fname, &u);
-}
-
-void ssl_generate_parameters(int fd, const char *fname)
-{
-	int ret;
-
-	if ((ret = gnutls_global_init() < 0)) {
-		i_fatal("gnu_tls_global_init() failed: %s",
-			gnutls_strerror(ret));
-	}
-
-	generate_dh_parameters(fd, fname);
-	generate_rsa_parameters(fd, fname);
-
-	gnutls_global_deinit();
-}
-
-#endif
diff -r 9e28fcdc74ab -r 9716b5a4b14a src/master/ssl-init-main.c
--- a/src/master/ssl-init-main.c	Wed Oct 07 17:44:01 2009 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,82 +0,0 @@
-/* Copyright (c) 2006-2009 Dovecot authors, see the included COPYING file */
-
-#include "lib.h"
-#include "lib-signals.h"
-#include "file-lock.h"
-#include "randgen.h"
-#include "ssl-init.h"
-
-#include <stdio.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/stat.h>
-
-#ifdef HAVE_SSL
-static int generate_parameters_file(const char *fname)
-{
-	const char *temp_fname;
-	struct file_lock *lock;
-	mode_t old_mask;
-	int fd, ret;
-
-	temp_fname = t_strconcat(fname, ".tmp", NULL);
-
-	old_mask = umask(0);
-	fd = open(temp_fname, O_WRONLY | O_CREAT, 0644);
-	umask(old_mask);
-
-	if (fd == -1) {
-		i_fatal("Can't create temporary SSL parameters file %s: %m",
-			temp_fname);
-	}
-
-	/* If multiple dovecot instances are running, only one of them needs
-	   to regenerate this file. */
-	ret = file_try_lock(fd, temp_fname, F_WRLCK,
-			    FILE_LOCK_METHOD_FCNTL, &lock);
-	if (ret < 0)
-		i_fatal("file_try_lock(%s) failed: %m", temp_fname);
-	if (ret == 0) {
-		/* someone else is writing this */
-		return -1;
-	}
-	if (ftruncate(fd, 0) < 0)
-		i_fatal("ftruncate(%s) failed: %m", temp_fname);
-
-	ssl_generate_parameters(fd, temp_fname);
-
-	if (rename(temp_fname, fname) < 0)
-		i_fatal("rename(%s, %s) failed: %m", temp_fname, fname);
-	if (close(fd) < 0)
-		i_fatal("close(%s) failed: %m", temp_fname);
-	file_lock_free(&lock);
-
-	i_info("SSL parameters regeneration completed");
-	return 0;
-}
-#else
-static int generate_parameters_file(const char *fname ATTR_UNUSED)
-{
-	i_fatal("Dovecot built without SSL support");
-	return -1;
-}
-#endif
-
-int main(int argc, char *argv[])
-{
-	int ret = 0;
-
-	lib_init();
-	i_set_failure_internal();
-
-	if (argc < 2)
-		i_fatal("Usage: ssl-build-param <path>");
-
-	random_init();
-	if (generate_parameters_file(argv[1]) < 0)
-		ret = 1;
-
-	random_deinit();
-	lib_deinit();
-	return ret;
-}
diff -r 9e28fcdc74ab -r 9716b5a4b14a src/master/ssl-init-openssl.c
--- a/src/master/ssl-init-openssl.c	Wed Oct 07 17:44:01 2009 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-/* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */
-
-#include "common.h"
-#include "write-full.h"
-#include "ssl-init.h"
-
-#ifdef HAVE_OPENSSL
-
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-/* 2 or 5. Haven't seen their difference explained anywhere, but 2 is the
-   default.. */
-#define DH_GENERATOR 2
-
-static int dh_param_bitsizes[] = { 512, 1024 };
-
-static const char *ssl_last_error(void)
-{
-	unsigned long err;
-	char *buf;
-	size_t err_size = 256;
-
-	err = ERR_get_error();
-	if (err == 0)
-		return strerror(errno);
-
-	buf = t_malloc(err_size);
-	buf[err_size-1] = '\0';
-	ERR_error_string_n(err, buf, err_size-1);
-	return buf;
-}
-
-static void generate_dh_parameters(int bitsize, int fd, const char *fname)
-{
-        DH *dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL);
-	unsigned char *buf, *p;
-	int len;
-
-	if (dh == NULL) {
-		i_fatal("DH_generate_parameters(bits=%d, gen=%d) failed: %s",
-			bitsize, DH_GENERATOR, ssl_last_error());
-	}
-
-	len = i2d_DHparams(dh, NULL);
-	if (len < 0)
-		i_fatal("i2d_DHparams() failed: %s", ssl_last_error());
-
-	buf = p = i_malloc(len);
-	len = i2d_DHparams(dh, &p);
-
-	if (write_full(fd, &bitsize, sizeof(bitsize)) < 0 ||
-	    write_full(fd, &len, sizeof(len)) < 0 ||
-	    write_full(fd, buf, len) < 0)
-		i_fatal("write_full() failed for file %s: %m", fname);
-	i_free(buf);
-}
-
-void ssl_generate_parameters(int fd, const char *fname)
-{
-	unsigned int i;
-	int bits;
-
-	for (i = 0; i < N_ELEMENTS(dh_param_bitsizes); i++)
-		generate_dh_parameters(dh_param_bitsizes[i], fd, fname);
-	bits = 0;
-	if (write_full(fd, &bits, sizeof(bits)) < 0)
-		i_fatal("write_full() failed for file %s: %m", fname);
-}
-
-#endif
diff -r 9e28fcdc74ab -r 9716b5a4b14a src/master/ssl-init.c
--- a/src/master/ssl-init.c	Wed Oct 07 17:44:01 2009 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,179 +0,0 @@
-/* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */
-
-#include "common.h"
-#include "ioloop.h"
-#include "env-util.h"
-#include "file-copy.h"
-#include "log.h"
-#include "child-process.h"
-#include "ssl-init.h"
-
-#ifdef HAVE_SSL
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <utime.h>
-#include <sys/stat.h>
-
-static struct child_process ssl_param_child_process =
-	{ MEMBER(type) PROCESS_TYPE_SSL_PARAM };
-
-static struct timeout *to;
-static char *generating_path = NULL;
-
-#define SSL_PARAMETERS_PERM_PATH PKG_STATEDIR"/"SSL_PARAMETERS_FILENAME
-
-static void start_generate_process(const char *fname)
-{
-	const char *binpath = PKG_LIBEXECDIR"/ssl-build-param";
-	struct log_io *log;
-	pid_t pid;
-	int log_fd;
-

More information about the dovecot-cvs mailing list