[dovecot-cvs] dovecot/src/login-common ssl-proxy-gnutls.c,1.6,1.7
ssl-proxy-openssl.c,1.15,1.16
cras at procontrol.fi
cras at procontrol.fi
Thu Jun 12 03:26:15 EEST 2003
Update of /home/cvs/dovecot/src/login-common
In directory danu:/tmp/cvs-serv11330
Modified Files:
ssl-proxy-gnutls.c ssl-proxy-openssl.c
Log Message:
OpenSSL proxy changes - hopefully fixes something. Also don't crash with
"key not found from hash" if SSL handshake fails.
Index: ssl-proxy-gnutls.c
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/ssl-proxy-gnutls.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- ssl-proxy-gnutls.c 18 May 2003 16:37:05 -0000 1.6
+++ ssl-proxy-gnutls.c 11 Jun 2003 23:26:13 -0000 1.7
@@ -333,6 +333,8 @@
proxy->fd_plain = sfd[0];
proxy->ip = *ip;
+ hash_insert(ssl_proxies, proxy, proxy);
+
proxy->refcount++;
ssl_handshake(proxy);
if (!ssl_proxy_destroy(proxy)) {
@@ -342,7 +344,6 @@
}
main_ref();
- hash_insert(ssl_proxies, proxy, proxy);
return sfd[1];
}
Index: ssl-proxy-openssl.c
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- ssl-proxy-openssl.c 20 May 2003 18:22:04 -0000 1.15
+++ ssl-proxy-openssl.c 11 Jun 2003 23:26:13 -0000 1.16
@@ -14,6 +14,8 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
+#define SSL_CIPHER_LIST "ALL:!LOW"
+
enum ssl_io_action {
SSL_ADD_INPUT,
SSL_REMOVE_INPUT,
@@ -320,7 +322,6 @@
return -1;
}
- SSL_set_accept_state(ssl);
if (SSL_set_fd(ssl, fd) != 1) {
i_error("SSL_set_fd() failed: %s", ssl_last_error());
SSL_free(ssl);
@@ -344,6 +345,8 @@
proxy->fd_plain = sfd[0];
proxy->ip = *ip;
+ hash_insert(ssl_proxies, proxy, proxy);
+
proxy->refcount++;
ssl_handshake(proxy);
if (!ssl_proxy_unref(proxy)) {
@@ -353,7 +356,6 @@
}
main_ref();
- hash_insert(ssl_proxies, proxy, proxy);
return sfd[1];
}
@@ -401,7 +403,6 @@
void ssl_proxy_init(void)
{
const char *certfile, *keyfile, *paramfile;
- int ret;
certfile = getenv("SSL_CERT_FILE");
keyfile = getenv("SSL_KEY_FILE");
@@ -418,14 +419,20 @@
if ((ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL)
i_fatal("SSL_CTX_new() failed");
- ret = SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile);
- if (ret != 1) {
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
+
+ if (SSL_CTX_set_cipher_list(ssl_ctx, SSL_CIPHER_LIST) != 1) {
+ i_fatal("Can't set cipher list to '%s': %s",
+ SSL_CIPHER_LIST, ssl_last_error());
+ }
+
+ if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) {
i_fatal("Can't load certificate file %s: %s",
certfile, ssl_last_error());
}
- ret = SSL_CTX_use_PrivateKey_file(ssl_ctx, keyfile, SSL_FILETYPE_PEM);
- if (ret != 1) {
+ if (SSL_CTX_use_RSAPrivateKey_file(ssl_ctx, keyfile,
+ SSL_FILETYPE_PEM) != 1) {
i_fatal("Can't load private key file %s: %s",
keyfile, ssl_last_error());
}
More information about the dovecot-cvs
mailing list