auth-policy: Enable SSL connections

diff --git a/src/auth/Makefile.am b/src/auth/Makefile.am
index 836f9007fe35e5bbd3257780ae92c923a7a4b285..b49b9e0d41b60b1504f5c481fd13b062dc30d2db 100644 (file)
--- a/src/auth/Makefile.am
+++ b/src/auth/Makefile.am
@@ -58,7 +58,8 @@ auth_libs = \
        ../lib-otp/libotp.la \
        $(LIBDOVECOT_SQL)
 
-auth_CPPFLAGS = $(AM_CPPFLAGS) $(BINARY_CFLAGS)
+auth_CPPFLAGS = $(AM_CPPFLAGS) $(BINARY_CFLAGS) \
+       -I$(top_srcdir)/src/lib-ssl-iostream
 auth_LDADD = $(auth_libs) $(LIBDOVECOT) $(AUTH_LIBS) $(BINARY_LDFLAGS)
 auth_DEPENDENCIES = $(auth_libs) $(LIBDOVECOT_DEPS)
 

diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c
index 2849b35808219441b59f825068fd57fa0f43b4e2..796950170b302275e424f000424c3ee3be26a3b9 100755 (executable)
--- a/src/auth/auth-policy.c
+++ b/src/auth/auth-policy.c
@@ -15,6 +15,7 @@
 #include "auth-penalty.h"
 #include "auth-settings.h"
 #include "auth-policy.h"
+#include "iostream-ssl.h"
 
 #define AUTH_POLICY_DNS_SOCKET_PATH "dns-client"
 
@@ -156,9 +157,19 @@ void auth_policy_open_and_close_to_key(const char *fromkey, const char *tokey, s
 
 void auth_policy_init(void)
 {
+       struct ssl_iostream_settings ssl_set;
+       i_zero(&ssl_set);
+
        http_client_set.request_absolute_timeout_msecs = global_auth_settings->policy_server_timeout_msecs;
        if (global_auth_settings->debug)
                http_client_set.debug = 1;
+       ssl_set.ca_dir = global_auth_settings->ssl_client_ca_dir;
+       ssl_set.ca_file = global_auth_settings->ssl_client_ca_file;
+       if (*ssl_set.ca_dir == '\0' &&
+           *ssl_set.ca_file == '\0')
+               ssl_set.allow_invalid_cert = TRUE;
+
+       http_client_set.ssl = &ssl_set;
        http_client = http_client_init(&http_client_set);
 
        /* prepare template */