DEF(SET_STR, ssl_cert_username_field),
DEF(SET_STR, ssl_client_cert),
DEF(SET_STR, ssl_client_key),
+ DEF(SET_STR, ssl_crypto_device),
DEF(SET_BOOL, ssl_verify_client_cert),
DEF(SET_BOOL, auth_ssl_require_client_cert),
DEF(SET_BOOL, auth_ssl_username_from_cert),
.ssl_cert_username_field = "commonName",
.ssl_client_cert = "",
.ssl_client_key = "",
+ .ssl_crypto_device = "",
.ssl_verify_client_cert = FALSE,
.auth_ssl_require_client_cert = FALSE,
.auth_ssl_username_from_cert = FALSE,
const char *ssl_cert_username_field;
const char *ssl_client_cert;
const char *ssl_client_key;
+ const char *ssl_crypto_device;
bool ssl_verify_client_cert;
bool auth_ssl_require_client_cert;
bool auth_ssl_username_from_cert;
#include "iostream-openssl.h"
#include <openssl/crypto.h>
+#include <openssl/engine.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
static struct ssl_proxy *ssl_proxies;
static struct ssl_parameters ssl_params;
static int ssl_username_nid;
+static ENGINE *ssl_engine;
static void plain_read(struct ssl_proxy *proxy);
static void ssl_read(struct ssl_proxy *proxy);
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
+ if (*set->ssl_crypto_device != '\0') {
+ ENGINE_load_builtin_engines();
+ ssl_engine = ENGINE_by_id(set->ssl_crypto_device);
+ if (ssl_engine == NULL) {
+ i_fatal("Unknown ssl_crypto_device: %s",
+ set->ssl_crypto_device);
+ }
+ ENGINE_init(ssl_engine);
+ ENGINE_set_default_RSA(ssl_engine);
+ ENGINE_set_default_DSA(ssl_engine);
+ ENGINE_set_default_ciphers(ssl_engine);
+ }
+
extdata_index = SSL_get_ex_new_index(0, dovecot, NULL, NULL, NULL);
ssl_servers = hash_table_create(default_pool, default_pool, 0,
ssl_free_parameters(&ssl_params);
SSL_CTX_free(ssl_client_ctx);
+ if (ssl_engine != NULL) {
+ ENGINE_cleanup();
+ ENGINE_finish(ssl_engine);
+ }
EVP_cleanup();
ERR_free_strings();
}
projects / thirdparty / dovecot / core.git / commitdiff
