dovecot-2.1: imapc: Added imapc_ssl_verify setting.
dovecot at dovecot.org
dovecot at dovecot.org
Mon Oct 17 15:27:37 EEST 2011
details: http://hg.dovecot.org/dovecot-2.1/rev/63ac3b1c2950
changeset: 13635:63ac3b1c2950
user: Timo Sirainen <tss at iki.fi>
date: Mon Oct 17 15:35:54 2011 +0300
description:
imapc: Added imapc_ssl_verify setting.
diffstat:
src/lib-imap-client/imapc-client.c | 3 ++-
src/lib-imap-client/imapc-client.h | 1 +
src/lib-imap-client/imapc-connection.c | 13 +++++++++----
src/lib-storage/index/imapc/imapc-settings.c | 2 ++
src/lib-storage/index/imapc/imapc-settings.h | 1 +
src/lib-storage/index/imapc/imapc-storage.c | 1 +
6 files changed, 16 insertions(+), 5 deletions(-)
diffs (98 lines):
diff -r 381555875651 -r 63ac3b1c2950 src/lib-imap-client/imapc-client.c
--- a/src/lib-imap-client/imapc-client.c Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-imap-client/imapc-client.c Mon Oct 17 15:35:54 2011 +0300
@@ -59,10 +59,11 @@
if (set->ssl_mode != IMAPC_CLIENT_SSL_MODE_NONE) {
client->set.ssl_mode = set->ssl_mode;
client->set.ssl_ca_dir = p_strdup(pool, set->ssl_ca_dir);
+ client->set.ssl_verify = set->ssl_verify;
memset(&ssl_set, 0, sizeof(ssl_set));
ssl_set.ca_dir = set->ssl_ca_dir;
- ssl_set.verify_remote_cert = TRUE;
+ ssl_set.verify_remote_cert = set->ssl_verify;
source = t_strdup_printf("%s:%u", set->host, set->port);
if (ssl_iostream_context_init_client(source, &ssl_set,
diff -r 381555875651 -r 63ac3b1c2950 src/lib-imap-client/imapc-client.h
--- a/src/lib-imap-client/imapc-client.h Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-imap-client/imapc-client.h Mon Oct 17 15:35:54 2011 +0300
@@ -56,6 +56,7 @@
enum imapc_client_ssl_mode ssl_mode;
const char *ssl_ca_dir;
+ bool ssl_verify;
const char *rawlog_dir;
bool debug;
diff -r 381555875651 -r 63ac3b1c2950 src/lib-imap-client/imapc-connection.c
--- a/src/lib-imap-client/imapc-connection.c Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-imap-client/imapc-connection.c Mon Oct 17 15:35:54 2011 +0300
@@ -1123,7 +1123,10 @@
{
struct imapc_connection *conn = context;
- if (!ssl_iostream_has_valid_client_cert(conn->ssl_iostream)) {
+ if (!conn->client->set.ssl_verify) {
+ /* skip certificate checks */
+ return 0;
+ } else if (!ssl_iostream_has_valid_client_cert(conn->ssl_iostream)) {
if (!ssl_iostream_has_broken_client_cert(conn->ssl_iostream)) {
i_error("imapc(%s): SSL certificate not received",
conn->name);
@@ -1158,9 +1161,11 @@
}
memset(&ssl_set, 0, sizeof(ssl_set));
- ssl_set.verbose_invalid_cert = TRUE;
- ssl_set.verify_remote_cert = TRUE;
- ssl_set.require_valid_cert = TRUE;
+ if (conn->client->set.ssl_verify) {
+ ssl_set.verbose_invalid_cert = TRUE;
+ ssl_set.verify_remote_cert = TRUE;
+ ssl_set.require_valid_cert = TRUE;
+ }
if (conn->client->set.debug)
i_debug("imapc(%s): Starting SSL handshake", conn->name);
diff -r 381555875651 -r 63ac3b1c2950 src/lib-storage/index/imapc/imapc-settings.c
--- a/src/lib-storage/index/imapc/imapc-settings.c Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-storage/index/imapc/imapc-settings.c Mon Oct 17 15:35:54 2011 +0300
@@ -22,6 +22,7 @@
DEF(SET_ENUM, imapc_ssl),
DEF(SET_STR, imapc_ssl_ca_dir),
+ DEF(SET_BOOL, imapc_ssl_verify),
DEF(SET_STR, imapc_rawlog_dir),
@@ -37,6 +38,7 @@
.imapc_ssl = "no:imaps:starttls",
.imapc_ssl_ca_dir = "",
+ .imapc_ssl_verify = TRUE,
.imapc_rawlog_dir = ""
};
diff -r 381555875651 -r 63ac3b1c2950 src/lib-storage/index/imapc/imapc-settings.h
--- a/src/lib-storage/index/imapc/imapc-settings.h Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-storage/index/imapc/imapc-settings.h Mon Oct 17 15:35:54 2011 +0300
@@ -10,6 +10,7 @@
const char *imapc_ssl;
const char *imapc_ssl_ca_dir;
+ bool imapc_ssl_verify;
const char *imapc_rawlog_dir;
};
diff -r 381555875651 -r 63ac3b1c2950 src/lib-storage/index/imapc/imapc-storage.c
--- a/src/lib-storage/index/imapc/imapc-storage.c Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-storage/index/imapc/imapc-storage.c Mon Oct 17 15:35:54 2011 +0300
@@ -239,6 +239,7 @@
set.temp_path_prefix = str_c(str);
set.ssl_ca_dir = storage->set->imapc_ssl_ca_dir;
+ set.ssl_verify = storage->set->imapc_ssl_verify;
if (strcmp(storage->set->imapc_ssl, "imaps") == 0)
set.ssl_mode = IMAPC_CLIENT_SSL_MODE_IMMEDIATE;
else if (strcmp(storage->set->imapc_ssl, "starttls") == 0)
More information about the dovecot-cvs
mailing list