dovecot-2.0: *-login: Read SSL parameters using the new ssl-para...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Oct 8 00:55:18 EEST 2009
details: http://hg.dovecot.org/dovecot-2.0/rev/79917d163689
changeset: 9986:79917d163689
user: Timo Sirainen <tss at iki.fi>
date: Wed Oct 07 17:54:58 2009 -0400
description:
*-login: Read SSL parameters using the new ssl-params service.
diffstat:
1 file changed, 29 insertions(+), 63 deletions(-)
src/login-common/ssl-proxy-openssl.c | 92 ++++++++++------------------------
diffs (164 lines):
diff -r ea36bad4d9da -r 79917d163689 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Wed Oct 07 17:47:01 2009 -0400
+++ b/src/login-common/ssl-proxy-openssl.c Wed Oct 07 17:54:58 2009 -0400
@@ -29,7 +29,7 @@
/* Check every 30 minutes if parameters file has been updated */
#define SSL_PARAMFILE_CHECK_INTERVAL (60*30)
-#define SSL_PARAMETERS_FILENAME "ssl-parameters.dat"
+#define SSL_PARAMETERS_PATH "ssl-params"
enum ssl_io_action {
SSL_ADD_INPUT,
@@ -68,8 +68,8 @@ struct ssl_proxy {
};
struct ssl_parameters {
- const char *fname;
- time_t last_mtime, last_check;
+ const char *path;
+ time_t last_refresh;
int fd;
DH *dh_512, *dh_1024;
@@ -93,11 +93,10 @@ static int ssl_proxy_use_certificate(SSL
static int ssl_proxy_use_certificate(SSL *ssl, const char *cert);
static int ssl_proxy_use_key(SSL *ssl, const struct login_settings *set);
-static void ssl_params_corrupted(const char *path)
-{
- i_fatal("Corrupted SSL parameters file: %s/%s "
- "(delete it and also the one in %s)",
- getenv("LOGIN_DIR"), path, PKG_STATEDIR);
+static void ssl_params_corrupted(void)
+{
+ i_fatal("Corrupted SSL parameters file: "
+ PKG_STATEDIR"/ssl-parameters.dat");
}
static void read_next(struct ssl_parameters *params, void *data, size_t size)
@@ -105,9 +104,9 @@ static void read_next(struct ssl_paramet
int ret;
if ((ret = read_full(params->fd, data, size)) < 0)
- i_fatal("read(%s) failed: %m", params->fname);
+ i_fatal("read(%s) failed: %m", params->path);
if (ret == 0)
- ssl_params_corrupted(params->fname);
+ ssl_params_corrupted();
}
static bool read_dh_parameters_next(struct ssl_parameters *params)
@@ -126,7 +125,7 @@ static bool read_dh_parameters_next(stru
/* read data size. */
read_next(params, &len, sizeof(len));
if (len > 1024*100) /* should be enough? */
- ssl_params_corrupted(params->fname);
+ ssl_params_corrupted();
buf = i_malloc(len);
read_next(params, buf, len);
@@ -140,7 +139,7 @@ static bool read_dh_parameters_next(stru
params->dh_1024 = d2i_DHparams(NULL, &cbuf, len);
break;
default:
- ssl_params_corrupted(params->fname);
+ ssl_params_corrupted();
}
i_free(buf);
@@ -159,68 +158,35 @@ static void ssl_free_parameters(struct s
}
}
-static void ssl_read_parameters(struct ssl_parameters *params)
-{
- struct stat st;
- ssize_t ret;
+static void ssl_refresh_parameters(struct ssl_parameters *params)
+{
char c;
- bool warned = FALSE;
-
- /* we'll wait until parameter file exists */
- for (;;) {
- params->fd = open(params->fname, O_RDONLY);
- if (params->fd != -1)
- break;
-
- if (errno != ENOENT) {
- i_fatal("Can't open SSL parameter file %s: %m",
- params->fname);
- }
-
- if (!warned) {
- i_warning("Waiting for SSL parameter file %s",
- params->fname);
- warned = TRUE;
- }
- sleep(1);
- }
-
- if (fstat(params->fd, &st) < 0)
- i_error("fstat(%s) failed: %m", params->fname);
- else
- params->last_mtime = st.st_mtime;
+ int ret;
+
+ if (params->last_refresh > ioloop_time - SSL_PARAMFILE_CHECK_INTERVAL)
+ return;
+ params->last_refresh = ioloop_time;
+
+ params->fd = net_connect_unix(params->path);
+ if (params->fd == -1) {
+ i_error("connect(%s) failed: %m", params->path);
+ return;
+ }
+ net_set_nonblock(params->fd, FALSE);
ssl_free_parameters(params);
while (read_dh_parameters_next(params)) ;
if ((ret = read_full(params->fd, &c, 1)) < 0)
- i_fatal("read(%s) failed: %m", params->fname);
+ i_fatal("read(%s) failed: %m", params->path);
else if (ret != 0) {
/* more data than expected */
- ssl_params_corrupted(params->fname);
+ ssl_params_corrupted();
}
if (close(params->fd) < 0)
- i_error("close() failed: %m");
+ i_error("close(%s) failed: %m", params->path);
params->fd = -1;
-}
-
-static void ssl_refresh_parameters(struct ssl_parameters *params)
-{
- struct stat st;
-
- if (params->last_check > ioloop_time - SSL_PARAMFILE_CHECK_INTERVAL)
- return;
- params->last_check = ioloop_time;
-
- if (params->last_mtime == 0)
- ssl_read_parameters(params);
- else {
- if (stat(params->fname, &st) < 0)
- i_error("stat(%s) failed: %m", params->fname);
- else if (st.st_mtime != params->last_mtime)
- ssl_read_parameters(params);
- }
}
static void ssl_set_io(struct ssl_proxy *proxy, enum ssl_io_action action)
@@ -1077,7 +1043,7 @@ void ssl_proxy_init(void)
(void)RAND_bytes(&buf, 1);
memset(&ssl_params, 0, sizeof(ssl_params));
- ssl_params.fname = SSL_PARAMETERS_FILENAME;
+ ssl_params.path = SSL_PARAMETERS_PATH;
ssl_proxy_count = 0;
ssl_proxies = NULL;
More information about the dovecot-cvs
mailing list