lib-smtp: Trigger SNI callback on TLS handshake

author Karl Fleischmann <karl.fleischmann@open-xchange.com>

Thu, 12 Oct 2023 13:38:21 +0000 (15:38 +0200)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Wed, 12 Feb 2025 10:34:10 +0000 (12:34 +0200)
author Karl Fleischmann <karl.fleischmann@open-xchange.com>
Thu, 12 Oct 2023 13:38:21 +0000 (15:38 +0200)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Wed, 12 Feb 2025 10:34:10 +0000 (12:34 +0200)
diff --git a/src/lib-smtp/smtp-server-connection.c b/src/lib-smtp/smtp-server-connection.c

index 031700926741ce95d4768829a8ef1cb4f85fc1f3..ebd96d2b5df82c9814ee09fd7af4db71c77ae127 100644 (file)
--- a/src/lib-smtp/smtp-server-connection.c
+++ b/src/lib-smtp/smtp-server-connection.c
@@ -342,6 +342,26 @@ smtp_server_connection_handle_command(struct smtp_server_connection *conn,
         return (!smtp_server_command_unref(&cmd) || finished);
  }
  
+static int
+smtp_server_connection_sni_callback(const char *name, const char **error_r,
+                                   void *context)
+{
+       struct smtp_server_connection *conn = context;
+       struct ssl_iostream_context *ssl_ctx;
+
+       if (conn->callbacks->conn_tls_sni_callback != NULL &&
+           conn->callbacks->conn_tls_sni_callback(name, error_r, conn) < 0)
+               return -1;
+
+       if (ssl_iostream_server_context_cache_get(conn->set.ssl, &ssl_ctx,
+                                                 error_r) < 0)
+               return -1;
+
+       ssl_iostream_change_context(conn->ssl_iostream, ssl_ctx);
+       ssl_iostream_context_unref(&ssl_ctx);
+       return 0;
+}
+
  int smtp_server_connection_ssl_init(struct smtp_server_connection *conn)
  {
         struct ssl_iostream_context *ssl_ctx;
@@ -380,6 +400,8 @@ int smtp_server_connection_ssl_init(struct smtp_server_connection *conn)
                         conn->conn.name, error);
                 return -1;
         }
+       ssl_iostream_set_sni_callback(
+               conn->ssl_iostream, smtp_server_connection_sni_callback, conn);
         smtp_server_connection_input_resume(conn);
  
         conn->ssl_secured = TRUE;
diff --git a/src/lib-smtp/smtp-server.h b/src/lib-smtp/smtp-server.h

index ab040780325c72499b21657187761d87b7381f8f..a153f648a0937d48a9c2030af06e6f8c43fc9cbe 100644 (file)
--- a/src/lib-smtp/smtp-server.h
+++ b/src/lib-smtp/smtp-server.h
@@ -298,6 +298,8 @@ struct smtp_server_callbacks {
         void (*conn_proxy_data_updated)(void *conn_ctx,
                                         const struct smtp_proxy_data *data);
  
+       /* TLS SNI Callback. */
+       int (*conn_tls_sni_callback)(const char *name, const char **error_r, void *context);
         /* Connection */
         int (*conn_start_tls)(void *conn_ctx,
                               struct istream **input, struct ostream **output);
author	Karl Fleischmann <karl.fleischmann@open-xchange.com>
	Thu, 12 Oct 2023 13:38:21 +0000 (15:38 +0200)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Wed, 12 Feb 2025 10:34:10 +0000 (12:34 +0200)
src/lib-smtp/smtp-server-connection.c		patch \| blob \| blame \| history
src/lib-smtp/smtp-server.h		patch \| blob \| blame \| history