dovecot-2.1: imapc: Added imapc_ssl_verify setting.

dovecot at dovecot.org dovecot at dovecot.org
Mon Oct 17 15:27:37 EEST 2011 

details:   http://hg.dovecot.org/dovecot-2.1/rev/63ac3b1c2950
changeset: 13635:63ac3b1c2950
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Oct 17 15:35:54 2011 +0300
description:
imapc: Added imapc_ssl_verify setting.

diffstat:

 src/lib-imap-client/imapc-client.c           |   3 ++-
 src/lib-imap-client/imapc-client.h           |   1 +
 src/lib-imap-client/imapc-connection.c       |  13 +++++++++----
 src/lib-storage/index/imapc/imapc-settings.c |   2 ++
 src/lib-storage/index/imapc/imapc-settings.h |   1 +
 src/lib-storage/index/imapc/imapc-storage.c  |   1 +
 6 files changed, 16 insertions(+), 5 deletions(-)

diffs (98 lines):

diff -r 381555875651 -r 63ac3b1c2950 src/lib-imap-client/imapc-client.c
--- a/src/lib-imap-client/imapc-client.c	Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-imap-client/imapc-client.c	Mon Oct 17 15:35:54 2011 +0300
@@ -59,10 +59,11 @@
 	if (set->ssl_mode != IMAPC_CLIENT_SSL_MODE_NONE) {
 		client->set.ssl_mode = set->ssl_mode;
 		client->set.ssl_ca_dir = p_strdup(pool, set->ssl_ca_dir);
+		client->set.ssl_verify = set->ssl_verify;
 
 		memset(&ssl_set, 0, sizeof(ssl_set));
 		ssl_set.ca_dir = set->ssl_ca_dir;
-		ssl_set.verify_remote_cert = TRUE;
+		ssl_set.verify_remote_cert = set->ssl_verify;
 
 		source = t_strdup_printf("%s:%u", set->host, set->port);
 		if (ssl_iostream_context_init_client(source, &ssl_set,
diff -r 381555875651 -r 63ac3b1c2950 src/lib-imap-client/imapc-client.h
--- a/src/lib-imap-client/imapc-client.h	Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-imap-client/imapc-client.h	Mon Oct 17 15:35:54 2011 +0300
@@ -56,6 +56,7 @@
 
 	enum imapc_client_ssl_mode ssl_mode;
 	const char *ssl_ca_dir;
+	bool ssl_verify;
 
 	const char *rawlog_dir;
 	bool debug;
diff -r 381555875651 -r 63ac3b1c2950 src/lib-imap-client/imapc-connection.c
--- a/src/lib-imap-client/imapc-connection.c	Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-imap-client/imapc-connection.c	Mon Oct 17 15:35:54 2011 +0300
@@ -1123,7 +1123,10 @@
 {
 	struct imapc_connection *conn = context;
 
-	if (!ssl_iostream_has_valid_client_cert(conn->ssl_iostream)) {
+	if (!conn->client->set.ssl_verify) {
+		/* skip certificate checks */
+		return 0;
+	} else if (!ssl_iostream_has_valid_client_cert(conn->ssl_iostream)) {
 		if (!ssl_iostream_has_broken_client_cert(conn->ssl_iostream)) {
 			i_error("imapc(%s): SSL certificate not received",
 				conn->name);
@@ -1158,9 +1161,11 @@
 	}
 
 	memset(&ssl_set, 0, sizeof(ssl_set));
-	ssl_set.verbose_invalid_cert = TRUE;
-	ssl_set.verify_remote_cert = TRUE;
-	ssl_set.require_valid_cert = TRUE;
+	if (conn->client->set.ssl_verify) {
+		ssl_set.verbose_invalid_cert = TRUE;
+		ssl_set.verify_remote_cert = TRUE;
+		ssl_set.require_valid_cert = TRUE;
+	}
 
 	if (conn->client->set.debug)
 		i_debug("imapc(%s): Starting SSL handshake", conn->name);
diff -r 381555875651 -r 63ac3b1c2950 src/lib-storage/index/imapc/imapc-settings.c
--- a/src/lib-storage/index/imapc/imapc-settings.c	Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-storage/index/imapc/imapc-settings.c	Mon Oct 17 15:35:54 2011 +0300
@@ -22,6 +22,7 @@
 
 	DEF(SET_ENUM, imapc_ssl),
 	DEF(SET_STR, imapc_ssl_ca_dir),
+	DEF(SET_BOOL, imapc_ssl_verify),
 
 	DEF(SET_STR, imapc_rawlog_dir),
 
@@ -37,6 +38,7 @@
 
 	.imapc_ssl = "no:imaps:starttls",
 	.imapc_ssl_ca_dir = "",
+	.imapc_ssl_verify = TRUE,
 
 	.imapc_rawlog_dir = ""
 };
diff -r 381555875651 -r 63ac3b1c2950 src/lib-storage/index/imapc/imapc-settings.h
--- a/src/lib-storage/index/imapc/imapc-settings.h	Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-storage/index/imapc/imapc-settings.h	Mon Oct 17 15:35:54 2011 +0300
@@ -10,6 +10,7 @@
 
 	const char *imapc_ssl;
 	const char *imapc_ssl_ca_dir;
+	bool imapc_ssl_verify;
 
 	const char *imapc_rawlog_dir;
 };
diff -r 381555875651 -r 63ac3b1c2950 src/lib-storage/index/imapc/imapc-storage.c
--- a/src/lib-storage/index/imapc/imapc-storage.c	Wed Oct 12 19:09:02 2011 +0300
+++ b/src/lib-storage/index/imapc/imapc-storage.c	Mon Oct 17 15:35:54 2011 +0300
@@ -239,6 +239,7 @@
 	set.temp_path_prefix = str_c(str);
 
 	set.ssl_ca_dir = storage->set->imapc_ssl_ca_dir;
+	set.ssl_verify = storage->set->imapc_ssl_verify;
 	if (strcmp(storage->set->imapc_ssl, "imaps") == 0)
 		set.ssl_mode = IMAPC_CLIENT_SSL_MODE_IMMEDIATE;
 	else if (strcmp(storage->set->imapc_ssl, "starttls") == 0)

More information about the dovecot-cvs mailing list