dovecot-2.2: login: Use lib-ssl-iostream code to handle ssl_prot...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Jul 28 17:56:05 EEST 2012
details: http://hg.dovecot.org/dovecot-2.2/rev/16862a69e22c
changeset: 14724:16862a69e22c
user: Timo Sirainen <tss at iki.fi>
date: Sat Jul 28 17:36:53 2012 +0300
description:
login: Use lib-ssl-iostream code to handle ssl_protocols setting.
diffstat:
src/login-common/ssl-proxy-openssl.c | 53 +-----------------------------------
1 files changed, 1 insertions(+), 52 deletions(-)
diffs (70 lines):
diff -r 69626d2ce3f0 -r 16862a69e22c src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Sat Jul 28 17:36:27 2012 +0300
+++ b/src/login-common/ssl-proxy-openssl.c Sat Jul 28 17:36:53 2012 +0300
@@ -1149,57 +1149,6 @@
}
#endif
-enum {
- DOVECOT_SSL_PROTO_SSLv2 = 0x01,
- DOVECOT_SSL_PROTO_SSLv3 = 0x02,
- DOVECOT_SSL_PROTO_TLSv1 = 0x04,
- DOVECOT_SSL_PROTO_ALL = 0x07
-};
-
-static void
-ssl_proxy_ctx_set_protocols(struct ssl_server_context *ssl_ctx,
- const char *protocols)
-{
- const char *const *tmp;
- int proto, op = 0, include = 0, exclude = 0;
- bool neg;
-
- tmp = t_strsplit_spaces(protocols, " ");
- for (; *tmp != NULL; tmp++) {
- const char *name = *tmp;
-
- if (*name != '!')
- neg = FALSE;
- else {
- name++;
- neg = TRUE;
- }
- if (strcasecmp(name, SSL_TXT_SSLV2) == 0)
- proto = DOVECOT_SSL_PROTO_SSLv2;
- else if (strcasecmp(name, SSL_TXT_SSLV3) == 0)
- proto = DOVECOT_SSL_PROTO_SSLv3;
- else if (strcasecmp(name, SSL_TXT_TLSV1) == 0)
- proto = DOVECOT_SSL_PROTO_TLSv1;
- else {
- i_fatal("Invalid ssl_protocols setting: "
- "Unknown protocol '%s'", name);
- }
- if (neg)
- exclude |= proto;
- else
- include |= proto;
- }
- if (include != 0) {
- /* exclude everything, except those that are included
- (and let excludes still override those) */
- exclude |= DOVECOT_SSL_PROTO_ALL & ~include;
- }
- if ((exclude & DOVECOT_SSL_PROTO_SSLv2) != 0) op |= SSL_OP_NO_SSLv2;
- if ((exclude & DOVECOT_SSL_PROTO_SSLv3) != 0) op |= SSL_OP_NO_SSLv3;
- if ((exclude & DOVECOT_SSL_PROTO_TLSv1) != 0) op |= SSL_OP_NO_TLSv1;
- SSL_CTX_set_options(ssl_ctx->ctx, op);
-}
-
static struct ssl_server_context *
ssl_server_context_init(const struct login_settings *set)
{
@@ -1227,7 +1176,7 @@
i_fatal("Can't set cipher list to '%s': %s",
ctx->cipher_list, ssl_last_error());
}
- ssl_proxy_ctx_set_protocols(ctx, ctx->protocols);
+ SSL_CTX_set_options(ssl_ctx, openssl_get_protocol_options(ctx->protocols));
if (ssl_proxy_ctx_use_certificate_chain(ctx->ctx, ctx->cert) != 1) {
i_fatal("Can't load ssl_cert: %s",
More information about the dovecot-cvs
mailing list