imapc: Added imapc_ssl_verify setting.

author Timo Sirainen <tss@iki.fi>

Mon, 17 Oct 2011 12:35:54 +0000 (15:35 +0300)

committer Timo Sirainen <tss@iki.fi>

Mon, 17 Oct 2011 12:35:54 +0000 (15:35 +0300)
author Timo Sirainen <tss@iki.fi>
Mon, 17 Oct 2011 12:35:54 +0000 (15:35 +0300)
committer Timo Sirainen <tss@iki.fi>
Mon, 17 Oct 2011 12:35:54 +0000 (15:35 +0300)
diff --git a/src/lib-imap-client/imapc-client.c b/src/lib-imap-client/imapc-client.c

index 343e84a8a2c4dc4e1583ecf5e649e5f7d96d7d81..c9585f763a5a19910e277dd14a89b670cdb8a20f 100644 (file)
--- a/src/lib-imap-client/imapc-client.c
+++ b/src/lib-imap-client/imapc-client.c
@@ -59,10 +59,11 @@ imapc_client_init(const struct imapc_client_settings *set)
         if (set->ssl_mode != IMAPC_CLIENT_SSL_MODE_NONE) {
                 client->set.ssl_mode = set->ssl_mode;
                 client->set.ssl_ca_dir = p_strdup(pool, set->ssl_ca_dir);
+               client->set.ssl_verify = set->ssl_verify;
  
                 memset(&ssl_set, 0, sizeof(ssl_set));
                 ssl_set.ca_dir = set->ssl_ca_dir;
-               ssl_set.verify_remote_cert = TRUE;
+               ssl_set.verify_remote_cert = set->ssl_verify;
  
                 source = t_strdup_printf("%s:%u", set->host, set->port);
                 if (ssl_iostream_context_init_client(source, &ssl_set,
diff --git a/src/lib-imap-client/imapc-client.h b/src/lib-imap-client/imapc-client.h

index 5fe6026786687dc8e0df5da59de9c441e79fdaed..297a8040c32908c9750216ba35e1133f53772cc6 100644 (file)
--- a/src/lib-imap-client/imapc-client.h
+++ b/src/lib-imap-client/imapc-client.h
@@ -56,6 +56,7 @@ struct imapc_client_settings {
  
         enum imapc_client_ssl_mode ssl_mode;
         const char *ssl_ca_dir;
+       bool ssl_verify;
  
         const char *rawlog_dir;
         bool debug;
diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c

index 891e19a6607cf5a248b2f5e42f18dd51f16c7845..655d5da159bb4040d4265810d06e63249da903e3 100644 (file)
--- a/src/lib-imap-client/imapc-connection.c
+++ b/src/lib-imap-client/imapc-connection.c
@@ -1123,7 +1123,10 @@ static int imapc_connection_ssl_handshaked(void *context)
  {
         struct imapc_connection *conn = context;
  
-       if (!ssl_iostream_has_valid_client_cert(conn->ssl_iostream)) {
+       if (!conn->client->set.ssl_verify) {
+               /* skip certificate checks */
+               return 0;
+       } else if (!ssl_iostream_has_valid_client_cert(conn->ssl_iostream)) {
                 if (!ssl_iostream_has_broken_client_cert(conn->ssl_iostream)) {
                         i_error("imapc(%s): SSL certificate not received",
                                 conn->name);
@@ -1158,9 +1161,11 @@ static int imapc_connection_ssl_init(struct imapc_connection *conn)
         }
  
         memset(&ssl_set, 0, sizeof(ssl_set));
-       ssl_set.verbose_invalid_cert = TRUE;
-       ssl_set.verify_remote_cert = TRUE;
-       ssl_set.require_valid_cert = TRUE;
+       if (conn->client->set.ssl_verify) {
+               ssl_set.verbose_invalid_cert = TRUE;
+               ssl_set.verify_remote_cert = TRUE;
+               ssl_set.require_valid_cert = TRUE;
+       }
  
         if (conn->client->set.debug)
                 i_debug("imapc(%s): Starting SSL handshake", conn->name);
diff --git a/src/lib-storage/index/imapc/imapc-settings.c b/src/lib-storage/index/imapc/imapc-settings.c

index 320b4f412a6cf2eaa992d1ad232ccad74ca48f85..0d4136f1a16c9fc8108996360de51672e7ebf7cf 100644 (file)
--- a/src/lib-storage/index/imapc/imapc-settings.c
+++ b/src/lib-storage/index/imapc/imapc-settings.c
@@ -22,6 +22,7 @@ static const struct setting_define imapc_setting_defines[] = {
  
         DEF(SET_ENUM, imapc_ssl),
         DEF(SET_STR, imapc_ssl_ca_dir),
+       DEF(SET_BOOL, imapc_ssl_verify),
  
         DEF(SET_STR, imapc_rawlog_dir),
  
@@ -37,6 +38,7 @@ static const struct imapc_settings imapc_default_settings = {
  
         .imapc_ssl = "no:imaps:starttls",
         .imapc_ssl_ca_dir = "",
+       .imapc_ssl_verify = TRUE,
  
         .imapc_rawlog_dir = ""
  };
diff --git a/src/lib-storage/index/imapc/imapc-settings.h b/src/lib-storage/index/imapc/imapc-settings.h

index 92f2b9990c8bcb39c1ef7aaefbbca36ad0b63b0e..d5a012a38128e2c7373e3276b691da7612cdc599 100644 (file)
--- a/src/lib-storage/index/imapc/imapc-settings.h
+++ b/src/lib-storage/index/imapc/imapc-settings.h
@@ -10,6 +10,7 @@ struct imapc_settings {
  
         const char *imapc_ssl;
         const char *imapc_ssl_ca_dir;
+       bool imapc_ssl_verify;
  
         const char *imapc_rawlog_dir;
  };
diff --git a/src/lib-storage/index/imapc/imapc-storage.c b/src/lib-storage/index/imapc/imapc-storage.c

index 852dd561019d7a225471b781aaa0694947ea70ff..daaf98b2b3626df8b94c05c76d35b22c773131e5 100644 (file)
--- a/src/lib-storage/index/imapc/imapc-storage.c
+++ b/src/lib-storage/index/imapc/imapc-storage.c
@@ -239,6 +239,7 @@ imapc_storage_create(struct mail_storage *_storage,
         set.temp_path_prefix = str_c(str);
  
         set.ssl_ca_dir = storage->set->imapc_ssl_ca_dir;
+       set.ssl_verify = storage->set->imapc_ssl_verify;
         if (strcmp(storage->set->imapc_ssl, "imaps") == 0)
                 set.ssl_mode = IMAPC_CLIENT_SSL_MODE_IMMEDIATE;
         else if (strcmp(storage->set->imapc_ssl, "starttls") == 0)
author	Timo Sirainen <tss@iki.fi>
	Mon, 17 Oct 2011 12:35:54 +0000 (15:35 +0300)
committer	Timo Sirainen <tss@iki.fi>
	Mon, 17 Oct 2011 12:35:54 +0000 (15:35 +0300)
src/lib-imap-client/imapc-client.c		patch \| blob \| blame \| history
src/lib-imap-client/imapc-client.h		patch \| blob \| blame \| history
src/lib-imap-client/imapc-connection.c		patch \| blob \| blame \| history
src/lib-storage/index/imapc/imapc-settings.c		patch \| blob \| blame \| history
src/lib-storage/index/imapc/imapc-settings.h		patch \| blob \| blame \| history
src/lib-storage/index/imapc/imapc-storage.c		patch \| blob \| blame \| history