lib-ssl-iostream: Replace ssl_iostream.has_[valid_]client_cert() with new ssl_iostrea...

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index ea5b2d72fd2493e9841a92955ae1385e1976e347..6122731072dff3f6665d8457c305e65ba565e27d 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -707,16 +707,14 @@ openssl_iostream_get_state(const struct ssl_iostream *ssl_io)
        return ssl_io->state;
 }
 
-static bool
-openssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io)
-{
-       return ssl_io->cert_received && !ssl_io->cert_broken;
-}
-
-static bool
-openssl_iostream_has_client_cert(struct ssl_iostream *ssl_io)
+static enum ssl_iostream_cert_validity
+openssl_iostream_get_cert_validity(const struct ssl_iostream *ssl_io)
 {
-       return ssl_io->cert_received;
+       if (!ssl_io->cert_received)
+               return SSL_IOSTREAM_CERT_VALIDITY_NO_CERT;
+       if (ssl_io->cert_broken)
+               return SSL_IOSTREAM_CERT_VALIDITY_INVALID;
+       return SSL_IOSTREAM_CERT_VALIDITY_OK;
 }
 
 static bool
@@ -1098,8 +1096,7 @@ static const struct iostream_ssl_vfuncs ssl_vfuncs = {
 
        .set_log_prefix = openssl_iostream_set_log_prefix,
        .get_state = openssl_iostream_get_state,
-       .has_valid_client_cert = openssl_iostream_has_valid_client_cert,
-       .has_client_cert = openssl_iostream_has_client_cert,
+       .get_cert_validity = openssl_iostream_get_cert_validity,
        .cert_match_name = openssl_iostream_cert_match_name,
        .get_allow_invalid_cert = openssl_iostream_get_allow_invalid_cert,
        .get_peer_username = openssl_iostream_get_peer_username,

diff --git a/src/lib-ssl-iostream/iostream-ssl-private.h b/src/lib-ssl-iostream/iostream-ssl-private.h
index d9d74b2a44f35a4dd5f7646612f4057c746405d6..306b27cf360e0ca2c98da01c8ef2defe50a397d3 100644 (file)
--- a/src/lib-ssl-iostream/iostream-ssl-private.h
+++ b/src/lib-ssl-iostream/iostream-ssl-private.h
@@ -38,8 +38,8 @@ struct iostream_ssl_vfuncs {
        void (*set_log_prefix)(struct ssl_iostream *ssl_io, const char *prefix);
        enum ssl_iostream_state (*get_state)(const struct ssl_iostream *ssl_io);
        bool (*has_handshake_failed)(const struct ssl_iostream *ssl_io);
-       bool (*has_valid_client_cert)(const struct ssl_iostream *ssl_io);
-       bool (*has_client_cert)(struct ssl_iostream *ssl_io);
+       enum ssl_iostream_cert_validity
+               (*get_cert_validity)(const struct ssl_iostream *ssl_io);
        bool (*cert_match_name)(struct ssl_iostream *ssl_io, const char *name,
                                const char **reason_r);
        bool (*get_allow_invalid_cert)(struct ssl_iostream *ssl_io);

diff --git a/src/lib-ssl-iostream/iostream-ssl.c b/src/lib-ssl-iostream/iostream-ssl.c
index 3cd8fe93948539859303138097d1210a13ab8bd0..df5d218f2399b93929bcec9fd83d55bf6469e059 100644 (file)
--- a/src/lib-ssl-iostream/iostream-ssl.c
+++ b/src/lib-ssl-iostream/iostream-ssl.c
@@ -271,12 +271,12 @@ bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io)
 
 bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io)
 {
-       return ssl_vfuncs->has_valid_client_cert(ssl_io);
+       return ssl_vfuncs->get_cert_validity(ssl_io) == SSL_IOSTREAM_CERT_VALIDITY_OK;
 }
 
 bool ssl_iostream_has_client_cert(struct ssl_iostream *ssl_io)
 {
-       return ssl_vfuncs->has_client_cert(ssl_io);
+       return ssl_vfuncs->get_cert_validity(ssl_io) != SSL_IOSTREAM_CERT_VALIDITY_NO_CERT;
 }
 
 bool ssl_iostream_cert_match_name(struct ssl_iostream *ssl_io, const char *name,