[dovecot-cvs] dovecot/src/login-common ssl-proxy-openssl.c, 1.38,
1.39
cras at dovecot.org
cras at dovecot.org
Sun Jul 2 00:15:19 EEST 2006
Update of /var/lib/cvs/dovecot/src/login-common
In directory talvi:/tmp/cvs-serv13135
Modified Files:
ssl-proxy-openssl.c
Log Message:
If verbose_ssl=yes set ssl_info_callback and print any alerts and BIO
errors.
Index: ssl-proxy-openssl.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -d -r1.38 -r1.39
--- ssl-proxy-openssl.c 16 Jun 2006 09:41:20 -0000 1.38
+++ ssl-proxy-openssl.c 1 Jul 2006 21:15:16 -0000 1.39
@@ -575,6 +575,24 @@
return ssl_params.dh_1024;
}
+static void ssl_info_callback(const SSL *ssl, int where, int ret)
+{
+ struct ssl_proxy *proxy;
+
+ proxy = SSL_get_ex_data(ssl, extdata_index);
+
+ if ((where & SSL_CB_ALERT) != 0) {
+ i_warning("SSL alert: where=0x%x, ret=%d: %s %s [%s]",
+ where, ret, SSL_alert_type_string_long(ret),
+ SSL_alert_desc_string_long(ret),
+ net_ip2addr(&proxy->ip));
+ } else {
+ i_warning("SSL BIO failed: where=0x%x, ret=%d: %s [%s]",
+ where, ret, SSL_state_string_long(ssl),
+ net_ip2addr(&proxy->ip));
+ }
+}
+
static int ssl_verify_client_cert(int preverify_ok, X509_STORE_CTX *ctx)
{
SSL *ssl;
@@ -681,6 +699,9 @@
SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback);
+ if (verbose_ssl)
+ SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
+
if (getenv("SSL_VERIFY_CLIENT_CERT") != NULL) {
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
X509_STORE *store;
More information about the dovecot-cvs
mailing list