doveconf: Fix ssl_dh parameter handling some more

Move empty check to master-service ssl settings,
also handle ENOENT in read as well. Do not touch
the setting if it could not be composed due to
no such file.

diff --git a/src/config/config-request.c b/src/config/config-request.c
index 94de90e1568a17b735cabec5997810e05da6542e..10c4aada553134e2caabb710d9a4bbe98649fdd7 100644 (file)
--- a/src/config/config-request.c
+++ b/src/config/config-request.c
@@ -454,7 +454,8 @@ int config_export_finish(struct config_export_context **_ctx)
                                if (value == NULL || **value == '\0') {
                                        const char *newval;
                                        if (old_settings_ssl_dh_load(&newval, &error)) {
-                                               settings_parse_line(parser->parser, t_strdup_printf("%s=%s", "ssl_dh", newval));
+                                               if (newval != NULL)
+                                                       settings_parse_line(parser->parser, t_strdup_printf("%s=%s", "ssl_dh", newval));
                                        } else {
                                                i_error("%s", error);
                                                ret = -1;

diff --git a/src/config/old-set-parser.c b/src/config/old-set-parser.c
index 4e216ec31a71b9aea36ef5360c8b062aff14bcc3..f17e5738a14385ee8bcf35b3cf04dae7a8194c11 100644 (file)
--- a/src/config/old-set-parser.c
+++ b/src/config/old-set-parser.c
@@ -82,13 +82,15 @@ bool old_settings_ssl_dh_load(const char **value, const char **error_r)
 
        /* try read it */
        struct istream *is = i_stream_create_file(fn, IO_BLOCK_SIZE);
+
        if (is->stream_errno == ENOENT) {
                /* this is given because the ssl-parameters.dat file is no more there
                 and we don't want to to make go searching for the file
                 this code is only ever reached if ssl_dh_parameters is empty anyways
                 */
-               *error_r = "ssl enabled, but ssl_dh not set";
-               return FALSE;
+               /* check moved to correct place from here */
+               *value = NULL;
+               return TRUE;
        } else if (is->stream_errno != 0) {
                *error_r = t_strdup(i_stream_get_error(is));
                return FALSE;
@@ -130,6 +132,10 @@ bool old_settings_ssl_dh_load(const char **value, const char **error_r)
                        i_warning("You can generate it with: dd if=%s bs=1 skip=%u | openssl dh -inform der > %s", fn, off, SYSCONFDIR"/dh.pem");
                        seen_ssl_parameters_dat = TRUE;
                }
+       } else if (is->stream_errno == ENOENT) {
+               /* check for empty ssl_dh elsewhere */
+               *value = NULL;
+               return TRUE;
        } else {
                *error_r = "ssl enabled, but ssl_dh not set";
                return FALSE;

diff --git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c
index f99e0055cf0ba142a956c606fc9a1fa270ee1b70..28eae74dd9a833bb023fd4ca4bd89d073479f991 100644 (file)
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -97,6 +97,10 @@ master_service_ssl_settings_check(void *_set, pool_t pool ATTR_UNUSED,
                *error_r = "ssl enabled, but ssl_key not set";
                return FALSE;
        }
+       if (*set->ssl_dh == '\0') {
+               *error_r = "ssl enabled, but ssl_dh not set";
+               return FALSE;
+       }
 #endif
        if (set->ssl_verify_client_cert && *set->ssl_ca == '\0') {
                *error_r = "ssl_verify_client_cert set, but ssl_ca not";