lib-master: Add new setting `ssl_client_require_valid_cert`

author Aki Tuomi <aki.tuomi@dovecot.fi>

Wed, 31 Oct 2018 12:20:36 +0000 (14:20 +0200)

committer Ville Savolainen <ville.savolainen@dovecot.fi>

Thu, 21 Mar 2019 08:02:22 +0000 (10:02 +0200)
author Aki Tuomi <aki.tuomi@dovecot.fi>
Wed, 31 Oct 2018 12:20:36 +0000 (14:20 +0200)
committer Ville Savolainen <ville.savolainen@dovecot.fi>
Thu, 21 Mar 2019 08:02:22 +0000 (10:02 +0200)
diff --git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c

index 4c3398703bffb191089d8e5c5bc093db6b86a249..ae69ea526caee6d6e6ba3f8347f77a410ca8eff3 100644 (file)
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -34,6 +34,7 @@ static const struct setting_define master_service_ssl_setting_defines[] = {
         DEF(SET_STR, ssl_cert_username_field),
         DEF(SET_STR, ssl_crypto_device),
         DEF(SET_BOOL, ssl_verify_client_cert),
+       DEF(SET_BOOL, ssl_client_require_valid_cert),
         DEF(SET_BOOL, ssl_require_crl),
         DEF(SET_BOOL, verbose_ssl),
         DEF(SET_BOOL, ssl_prefer_server_ciphers),
@@ -65,6 +66,7 @@ static const struct master_service_ssl_settings master_service_ssl_default_setti
         .ssl_cert_username_field = "commonName",
         .ssl_crypto_device = "",
         .ssl_verify_client_cert = FALSE,
+       .ssl_client_require_valid_cert = TRUE,
         .ssl_require_crl = TRUE,
         .verbose_ssl = FALSE,
         .ssl_prefer_server_ciphers = FALSE,
@@ -195,7 +197,8 @@ void master_service_ssl_settings_to_iostream_set(
                 set_r->ca_dir = p_strdup(pool, ssl_set->ssl_client_ca_dir);
                 set_r->cert.cert = p_strdup_empty(pool, ssl_set->ssl_client_cert);
                 set_r->cert.key = p_strdup_empty(pool, ssl_set->ssl_client_key);
-               set_r->verify_remote_cert = TRUE;
+               set_r->verify_remote_cert = ssl_set->ssl_client_require_valid_cert;
+               set_r->allow_invalid_cert = !set_r->verify_remote_cert;
                 break;
         }
  
diff --git a/src/lib-master/master-service-ssl-settings.h b/src/lib-master/master-service-ssl-settings.h

index e74a84584c374f30c9ae81f238fe17514fae3ef1..3d75ee4714bce190f09b4b1e856ffc19a00c0b8a 100644 (file)
--- a/src/lib-master/master-service-ssl-settings.h
+++ b/src/lib-master/master-service-ssl-settings.h
@@ -25,6 +25,7 @@ struct master_service_ssl_settings {
         const char *ssl_options;
  
         bool ssl_verify_client_cert;
+       bool ssl_client_require_valid_cert;
         bool ssl_require_crl;
         bool verbose_ssl;
         bool ssl_prefer_server_ciphers;
author	Aki Tuomi <aki.tuomi@dovecot.fi>
	Wed, 31 Oct 2018 12:20:36 +0000 (14:20 +0200)
committer	Ville Savolainen <ville.savolainen@dovecot.fi>
	Thu, 21 Mar 2019 08:02:22 +0000 (10:02 +0200)
src/lib-master/master-service-ssl-settings.c		patch \| blob \| blame \| history
src/lib-master/master-service-ssl-settings.h		patch \| blob \| blame \| history