"Couldn't initialize SSL context: %s", error);
return -1;
}
+ server->ssl_flags = PROXY_SSL_FLAG_YES;
server->ssl_ctx = ctx->ssl_ctx;
}
p_array_init(&server->connections, ctx->ctx.pool, 1);
extern struct client_connection *doveadm_client;
extern struct doveadm_print_vfuncs doveadm_print_server_vfuncs;
+enum doveadm_proxy_ssl_flags {
+ /* Use SSL/TLS enabled */
+ PROXY_SSL_FLAG_YES = 0x01,
+ /* Don't do SSL handshake immediately after connected */
+ PROXY_SSL_FLAG_STARTTLS = 0x02,
+ /* Don't require that the received certificate is valid */
+ PROXY_SSL_FLAG_ANY_CERT = 0x04
+};
+
struct doveadm_server {
/* host:port */
const char *name;
/* host only */
const char *hostname;
+
+ /* ssl related settings */
+ enum doveadm_proxy_ssl_flags ssl_flags;
struct ssl_iostream_context *ssl_ctx;
ARRAY(struct server_connection *) connections;
struct ssl_iostream_settings ssl_set;
const char *error;
- if (conn->server->ssl_ctx == NULL)
+ if (conn->server->ssl_flags == 0)
return 0;
- doveadm_get_ssl_settings(&ssl_set, conn->pool);
+ doveadm_get_ssl_settings(&ssl_set, pool_datastack_create());
+
+ if ((conn->server->ssl_flags & PROXY_SSL_FLAG_ANY_CERT) != 0)
+ ssl_set.allow_invalid_cert = TRUE;
if (ssl_set.allow_invalid_cert)
ssl_set.verbose_invalid_cert = TRUE;
+ if (conn->server->ssl_ctx == NULL &&
+ ssl_iostream_client_context_cache_get(&ssl_set,
+ &conn->server->ssl_ctx,
+ &error) < 0) {
+ *error_r = t_strdup_printf(
+ "Couldn't initialize SSL client: %s", error);
+ return -1;
+ }
+
if (io_stream_create_ssl_client(conn->server->ssl_ctx,
conn->server->hostname, &ssl_set,
&conn->input, &conn->output,
projects / thirdparty / dovecot / core.git / commitdiff
