doveadm: Send hostname without ":port" as TLS SNI name for outgoing SSL connections.

author Timo Sirainen <timo.sirainen@dovecot.fi>

Tue, 31 Oct 2017 21:51:53 +0000 (23:51 +0200)

committer Aki Tuomi <aki.tuomi@dovecot.fi>

Thu, 2 Nov 2017 11:50:36 +0000 (13:50 +0200)
author Timo Sirainen <timo.sirainen@dovecot.fi>
Tue, 31 Oct 2017 21:51:53 +0000 (23:51 +0200)
committer Aki Tuomi <aki.tuomi@dovecot.fi>
Thu, 2 Nov 2017 11:50:36 +0000 (13:50 +0200)
diff --git a/src/doveadm/doveadm-dsync.c b/src/doveadm/doveadm-dsync.c

index 4af632dc44ef241834a1054c7654cde9ce4b52de..1224052385cddb6390d998a7fae248ceae1776e6 100644 (file)
--- a/src/doveadm/doveadm-dsync.c
+++ b/src/doveadm/doveadm-dsync.c
@@ -804,10 +804,13 @@ dsync_connect_tcp(struct dsync_cmd_context *ctx,
         struct server_connection *conn;
         struct ioloop *ioloop;
         string_t *cmd;
-       const char *error;
+       const char *p, *error;
  
         server = p_new(ctx->ctx.pool, struct doveadm_server, 1);
         server->name = p_strdup(ctx->ctx.pool, target);
+       p = strrchr(server->name, ':');
+       server->hostname = p == NULL ? server->name :
+               p_strdup_until(ctx->ctx.pool, server->name, p);
         if (ssl) {
                 if (dsync_init_ssl_ctx(ctx, mail_set, &error) < 0) {
                         *error_r = t_strdup_printf(
diff --git a/src/doveadm/doveadm-mail-server.c b/src/doveadm/doveadm-mail-server.c

index b84260820fbd66989c1f23c1e84eca848df82ff4..0fb4a1e4d37a72db8a351557402b44a504d8cfd8 100644 (file)
--- a/src/doveadm/doveadm-mail-server.c
+++ b/src/doveadm/doveadm-mail-server.c
@@ -39,6 +39,7 @@ static struct doveadm_server *
  doveadm_server_get(struct doveadm_mail_cmd_context *ctx, const char *name)
  {
         struct doveadm_server *server;
+       const char *p;
         char *dup_name;
  
         if (!hash_table_is_created(servers)) {
@@ -49,6 +50,10 @@ doveadm_server_get(struct doveadm_mail_cmd_context *ctx, const char *name)
         if (server == NULL) {
                 server = p_new(server_pool, struct doveadm_server, 1);
                 server->name = dup_name = p_strdup(server_pool, name);
+               p = strrchr(server->name, ':');
+               server->hostname = p == NULL ? server->name :
+                       p_strdup_until(server_pool, server->name, p);
+
                 p_array_init(&server->connections, server_pool,
                              ctx->set->doveadm_worker_count);
                 p_array_init(&server->queue, server_pool,
diff --git a/src/doveadm/doveadm-server.h b/src/doveadm/doveadm-server.h

index ec479537f9fa8cc98b0825650ca5b644d04d29ee..170a5540520602d7c6e097aab72d8a2bb552dcd1 100644 (file)
--- a/src/doveadm/doveadm-server.h
+++ b/src/doveadm/doveadm-server.h
@@ -5,7 +5,10 @@ extern struct client_connection *doveadm_client;
  extern struct doveadm_print_vfuncs doveadm_print_server_vfuncs;
  
  struct doveadm_server {
+       /* host:port */
         const char *name;
+       /* host only */
+       const char *hostname;
         struct ssl_iostream_context *ssl_ctx;
  
         ARRAY(struct server_connection *) connections;
diff --git a/src/doveadm/server-connection.c b/src/doveadm/server-connection.c

index adc8d53b784325034b3e6bb937567a176cb1ab0b..48fc44e4567bb93ee7393fcf8289c4789a0bc633 100644 (file)
--- a/src/doveadm/server-connection.c
+++ b/src/doveadm/server-connection.c
@@ -489,14 +489,10 @@ static int server_connection_read_settings(struct server_connection *conn)
  static int server_connection_ssl_handshaked(const char **error_r, void *context)
  {
         struct server_connection *conn = context;
-       const char *host, *p;
  
-       host = conn->server->name;
-       p = strrchr(host, ':');
-       if (p != NULL)
-               host = t_strdup_until(host, p);
-
-       if (ssl_iostream_check_cert_validity(conn->ssl_iostream, host, error_r) < 0)
+       if (ssl_iostream_check_cert_validity(conn->ssl_iostream,
+                                            conn->server->hostname,
+                                            error_r) < 0)
                 return -1;
         if (doveadm_debug)
                 i_debug("%s: SSL handshake successful", conn->server->name);
@@ -515,7 +511,7 @@ static int server_connection_init_ssl(struct server_connection *conn)
         ssl_set.verbose_invalid_cert = TRUE;
  
         if (io_stream_create_ssl_client(conn->server->ssl_ctx,
-                                       conn->server->name, &ssl_set,
+                                       conn->server->hostname, &ssl_set,
                                         &conn->input, &conn->output,
                                         &conn->ssl_iostream, &error) < 0) {
                 i_error("Couldn't initialize SSL client: %s", error);
author	Timo Sirainen <timo.sirainen@dovecot.fi>
	Tue, 31 Oct 2017 21:51:53 +0000 (23:51 +0200)
committer	Aki Tuomi <aki.tuomi@dovecot.fi>
	Thu, 2 Nov 2017 11:50:36 +0000 (13:50 +0200)
src/doveadm/doveadm-dsync.c		patch \| blob \| blame \| history
src/doveadm/doveadm-mail-server.c		patch \| blob \| blame \| history
src/doveadm/doveadm-server.h		patch \| blob \| blame \| history
src/doveadm/server-connection.c		patch \| blob \| blame \| history