static bool ssl_global_initialized = FALSE;
int dovecot_ssl_extdata_index;
-static int ssl_iostream_init_global(const struct ssl_iostream_settings *set,
- const char **error_r);
-
static RSA *ssl_gen_rsa_key(SSL *ssl ATTR_UNUSED,
int is_export ATTR_UNUSED, int keylength)
{
struct ssl_iostream_context *ctx;
SSL_CTX *ssl_ctx;
- if (ssl_iostream_init_global(set, error_r) < 0)
- return -1;
if ((ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
*error_r = t_strdup_printf("SSL_CTX_new() failed: %s",
openssl_iostream_error());
struct ssl_iostream_context *ctx;
SSL_CTX *ssl_ctx;
- if (ssl_iostream_init_global(set, error_r) < 0)
- return -1;
if ((ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
*error_r = t_strdup_printf("SSL_CTX_new() failed: %s",
openssl_iostream_error());
dovecot_openssl_common_global_unref();
}
-static int ssl_iostream_init_global(const struct ssl_iostream_settings *set,
- const char **error_r)
+int openssl_iostream_global_init(const struct ssl_iostream_settings *set,
+ const char **error_r)
{
static char dovecot[] = "dovecot";
const char *error;
}
static const struct iostream_ssl_vfuncs ssl_vfuncs = {
+ .global_init = openssl_iostream_global_init,
.context_init_client = openssl_iostream_context_init_client,
.context_init_server = openssl_iostream_context_init_server,
.context_ref = openssl_iostream_context_ref,
struct istream *openssl_i_stream_create_ssl(struct ssl_iostream *ssl_io);
struct ostream *openssl_o_stream_create_ssl(struct ssl_iostream *ssl_io);
+int openssl_iostream_global_init(const struct ssl_iostream_settings *set,
+ const char **error_r);
+
int openssl_iostream_context_init_client(const struct ssl_iostream_settings *set,
struct ssl_iostream_context **ctx_r,
const char **error_r);
#include "iostream-ssl.h"
struct iostream_ssl_vfuncs {
+ int (*global_init)(const struct ssl_iostream_settings *set,
+ const char **error_r);
int (*context_init_client)(const struct ssl_iostream_settings *set,
struct ssl_iostream_context **ctx_r,
const char **error_r);
#endif
}
+int io_stream_ssl_global_init(const struct ssl_iostream_settings *set,
+ const char **error_r)
+{
+ return ssl_vfuncs->global_init(set, error_r);
+}
+
int ssl_iostream_context_init_client(const struct ssl_iostream_settings *set,
struct ssl_iostream_context **ctx_r,
const char **error_r)
if (ssl_module_load(error_r) < 0)
return -1;
}
+ if (io_stream_ssl_global_init(&set_copy, error_r) < 0)
+ return -1;
return ssl_vfuncs->context_init_client(&set_copy, ctx_r, error_r);
}
if (ssl_module_load(error_r) < 0)
return -1;
}
+ if (io_stream_ssl_global_init(set, error_r) < 0)
+ return -1;
return ssl_vfuncs->context_init_server(set, ctx_r, error_r);
}
typedef int ssl_iostream_sni_callback_t(const char *name, const char **error_r,
void *context);
+/* Explicitly initialize SSL library globally. This is also done automatically
+ when the first SSL connection is created, but it may be useful to call it
+ earlier in case of chrooting. After the initialization is successful, any
+ further calls will just be ignored. Returns 0 on success, -1 on error. */
+int io_stream_ssl_global_init(const struct ssl_iostream_settings *set,
+ const char **error_r);
+
int io_stream_create_ssl_client(struct ssl_iostream_context *ctx, const char *host,
const struct ssl_iostream_settings *set,
struct istream **input, struct ostream **output,
projects / thirdparty / dovecot / core.git / commitdiff
