lib-master: Use ssl-server settings only when necessary

diff --git a/src/lib-master/master-service-private.h b/src/lib-master/master-service-private.h
index e881a090dc86b84ff9be972d8be806acf11bd061..d886c9d4c4bf39723d264ebd44a52d6a9e1fbe47 100644 (file)
--- a/src/lib-master/master-service-private.h
+++ b/src/lib-master/master-service-private.h
@@ -82,7 +82,6 @@ struct master_service {
        bool die_with_master:1;
        bool call_avail_overflow:1;
        bool config_path_changed_with_param:1;
-       bool want_ssl_settings:1;
        bool want_ssl_server:1;
        bool ssl_ctx_initialized:1;
        bool config_path_from_master:1;

diff --git a/src/lib-master/master-service-settings.c b/src/lib-master/master-service-settings.c
index b3b1bbeb6b24d16baea966c3692f1d1991fd8316..4e408c9deab8e28a86462eac4beac5e1c5433f04 100644 (file)
--- a/src/lib-master/master-service-settings.c
+++ b/src/lib-master/master-service-settings.c
@@ -223,10 +223,12 @@ master_service_exec_config(struct master_service *service,
                        strarr_push(&conf_argv, input->extra_modules[i]);
                }
        }
-       if (service->want_ssl_settings &&
-           (input->module != NULL || input->extra_modules != NULL)) {
+       if (input->module != NULL || input->extra_modules != NULL) {
                strarr_push(&conf_argv, "-m");
-               strarr_push(&conf_argv, "ssl-server");
+               if (service->want_ssl_server)
+                       strarr_push(&conf_argv, "ssl-server");
+               else
+                       strarr_push(&conf_argv, "ssl");
        }
        if (input->parse_full_config)
                strarr_push(&conf_argv, "-p");
@@ -357,9 +359,10 @@ config_build_request(struct master_service *service, string_t *str,
                for (unsigned int i = 0; input->extra_modules[i] != NULL; i++)
                        str_printfa(str, "\tmodule=%s", input->extra_modules[i]);
        }
-       if (service->want_ssl_settings &&
-           (input->module != NULL || input->extra_modules != NULL))
-               str_append(str, "\tmodule=ssl-server");
+       if (input->module != NULL || input->extra_modules != NULL) {
+               str_printfa(str, "\tmodule=%s",
+                           service->want_ssl_server ? "ssl-server" : "ssl");
+       }
        if (input->service != NULL)
                str_printfa(str, "\tservice=%s", input->service);
        if (input->username != NULL)
@@ -606,9 +609,9 @@ int master_service_settings_read(struct master_service *service,
        p_array_init(&all_roots, service->set_pool, 8);
        tmp_root = &master_service_setting_parser_info;
        array_push_back(&all_roots, &tmp_root);
-       if (service->want_ssl_settings) {
-               tmp_root = &master_service_ssl_setting_parser_info;
-               array_push_back(&all_roots, &tmp_root);
+       tmp_root = &master_service_ssl_setting_parser_info;
+       array_push_back(&all_roots, &tmp_root);
+       if (service->want_ssl_server) {
                tmp_root = &master_service_ssl_server_setting_parser_info;
                array_push_back(&all_roots, &tmp_root);
        }
@@ -758,8 +761,8 @@ void **master_service_settings_get_others(struct master_service *service)
 void **master_service_settings_parser_get_others(struct master_service *service,
                                                 const struct setting_parser_context *set_parser)
 {
-       return settings_parser_get_list(set_parser) + 1 +
-               (service->want_ssl_settings ? 2 : 0);
+       return settings_parser_get_list(set_parser) + 2 +
+               (service->want_ssl_server ? 1 : 0);
 }
 
 struct setting_parser_context *

diff --git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c
index a7f52161142fb36a4a5ef25af3551534368bcf04..04bf38ddab4dc4ed15b3aa2d0238480600a53017 100644 (file)
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -195,7 +195,6 @@ master_service_ssl_settings_get(struct master_service *service)
 {
        void **sets;
 
-       i_assert(service->want_ssl_settings);
        sets = settings_parser_get_list(service->set_parser);
        return sets[1];
 }
@@ -205,7 +204,7 @@ master_service_ssl_server_settings_get(struct master_service *service)
 {
        void **sets;
 
-       i_assert(service->want_ssl_settings);
+       i_assert(service->want_ssl_server);
        sets = settings_parser_get_list(service->set_parser);
        return sets[2];
 }

diff --git a/src/lib-master/master-service.c b/src/lib-master/master-service.c
index 58360d567843e97ad0ae2da353e78a1730e8aefd..f7dde166c45341e5c25653bc397e93cd58909228 100644 (file)
--- a/src/lib-master/master-service.c
+++ b/src/lib-master/master-service.c
@@ -304,12 +304,11 @@ master_service_init(const char *name, enum master_service_flags flags,
        T_BEGIN {
                master_service_init_socket_listeners(service);
        } T_END;
-       service->want_ssl_settings = service->want_ssl_server ||
-               (service->flags & MASTER_SERVICE_FLAG_USE_SSL_SETTINGS) != 0;
 
 #ifdef HAVE_SSL
-       /* load SSL module if necessary */
-       if (service->want_ssl_settings) {
+       /* Load the SSL module if we already know it is necessary. It can also
+          get loaded later on-demand. */
+       if (service->want_ssl_server) {
                const char *error;
                if (ssl_module_load(&error) < 0)
                        i_fatal("Cannot load SSL module: %s", error);