if (global_auth_settings->debug)
http_client_set.debug = 1;
- master_service_ssl_settings_to_iostream_set(master_ssl_set, pool_datastack_create(),
- MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
- &ssl_set);
+ master_service_ssl_client_settings_to_iostream_set(master_ssl_set,
+ pool_datastack_create(), &ssl_set);
http_client_set.ssl = &ssl_set;
http_client_set.event_parent = auth_event;
http_client = http_client_init(&http_client_set);
void doveadm_get_ssl_settings(struct ssl_iostream_settings *set_r, pool_t pool)
{
i_zero(set_r);
- master_service_ssl_settings_to_iostream_set(doveadm_ssl_set, pool,
- MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
- set_r);
+ master_service_ssl_client_settings_to_iostream_set(doveadm_ssl_set,
+ pool, set_r);
}
void doveadm_settings_expand(struct doveadm_settings *set, pool_t pool)
return sets[1];
}
-void master_service_ssl_settings_to_iostream_set(
+static void master_service_ssl_common_settings_to_iostream_set(
const struct master_service_ssl_settings *ssl_set, pool_t pool,
- enum master_service_ssl_settings_type type,
struct ssl_iostream_settings *set_r)
{
i_zero(set_r);
clients. But at least for now it's needed for login-proxy. */
set_r->ca = p_strdup_empty(pool, ssl_set->ssl_ca);
- switch (type) {
- case MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER:
- set_r->cert.cert = p_strdup(pool, ssl_set->ssl_cert);
- set_r->cert.key = p_strdup(pool, ssl_set->ssl_key);
- set_r->cert.key_password = p_strdup(pool, ssl_set->ssl_key_password);
- if (ssl_set->ssl_alt_cert != NULL && *ssl_set->ssl_alt_cert != '\0') {
- set_r->alt_cert.cert = p_strdup(pool, ssl_set->ssl_alt_cert);
- set_r->alt_cert.key = p_strdup(pool, ssl_set->ssl_alt_key);
- set_r->alt_cert.key_password = p_strdup(pool, ssl_set->ssl_key_password);
- }
- set_r->verify_remote_cert = ssl_set->ssl_verify_client_cert;
- set_r->allow_invalid_cert = !set_r->verify_remote_cert;
- break;
- case MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT:
- set_r->ca_file = p_strdup_empty(pool, ssl_set->ssl_client_ca_file);
- set_r->ca_dir = p_strdup_empty(pool, ssl_set->ssl_client_ca_dir);
- set_r->cert.cert = p_strdup_empty(pool, ssl_set->ssl_client_cert);
- set_r->cert.key = p_strdup_empty(pool, ssl_set->ssl_client_key);
- set_r->verify_remote_cert = ssl_set->ssl_client_require_valid_cert;
- set_r->allow_invalid_cert = !set_r->verify_remote_cert;
- break;
- }
-
set_r->dh = p_strdup(pool, ssl_set->ssl_dh);
set_r->crypto_device = p_strdup(pool, ssl_set->ssl_crypto_device);
set_r->cert_username_field = p_strdup(pool, ssl_set->ssl_cert_username_field);
set_r->tickets = ssl_set->parsed_opts.tickets;
set_r->curve_list = p_strdup(pool, ssl_set->ssl_curve_list);
}
+
+void master_service_ssl_client_settings_to_iostream_set(
+ const struct master_service_ssl_settings *ssl_set, pool_t pool,
+ struct ssl_iostream_settings *set_r)
+{
+ master_service_ssl_common_settings_to_iostream_set(ssl_set, pool, set_r);
+
+ set_r->ca_file = p_strdup_empty(pool, ssl_set->ssl_client_ca_file);
+ set_r->ca_dir = p_strdup_empty(pool, ssl_set->ssl_client_ca_dir);
+ set_r->cert.cert = p_strdup_empty(pool, ssl_set->ssl_client_cert);
+ set_r->cert.key = p_strdup_empty(pool, ssl_set->ssl_client_key);
+ set_r->verify_remote_cert = ssl_set->ssl_client_require_valid_cert;
+ set_r->allow_invalid_cert = !set_r->verify_remote_cert;
+}
+
+void master_service_ssl_server_settings_to_iostream_set(
+ const struct master_service_ssl_settings *ssl_set,
+ pool_t pool, struct ssl_iostream_settings *set_r)
+{
+ master_service_ssl_common_settings_to_iostream_set(ssl_set, pool, set_r);
+
+ set_r->cert.cert = p_strdup(pool, ssl_set->ssl_cert);
+ set_r->cert.key = p_strdup(pool, ssl_set->ssl_key);
+ set_r->cert.key_password = p_strdup(pool, ssl_set->ssl_key_password);
+ if (ssl_set->ssl_alt_cert != NULL &&
+ *ssl_set->ssl_alt_cert != '\0') {
+ set_r->alt_cert.cert = p_strdup(pool, ssl_set->ssl_alt_cert);
+ set_r->alt_cert.key = p_strdup(pool, ssl_set->ssl_alt_key);
+ set_r->alt_cert.key_password = p_strdup(pool, ssl_set->ssl_key_password);
+ }
+ set_r->verify_remote_cert = ssl_set->ssl_verify_client_cert;
+ set_r->allow_invalid_cert = !set_r->verify_remote_cert;
+}
} parsed_opts;
};
-enum master_service_ssl_settings_type {
- MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER,
- MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
-};
-
extern const struct setting_parser_info master_service_ssl_setting_parser_info;
const struct master_service_ssl_settings *
master_service_ssl_settings_get(struct master_service *service);
/* Provides master service ssl settings to iostream settings */
-void master_service_ssl_settings_to_iostream_set(
+void master_service_ssl_client_settings_to_iostream_set(
+ const struct master_service_ssl_settings *ssl_set, pool_t pool,
+ struct ssl_iostream_settings *set_r);
+void master_service_ssl_server_settings_to_iostream_set(
const struct master_service_ssl_settings *ssl_set, pool_t pool,
- enum master_service_ssl_settings_type type,
struct ssl_iostream_settings *set_r);
#endif
return;
master_ssl_set = master_service_ssl_settings_get(master_service);
- master_service_ssl_settings_to_iostream_set(
- master_ssl_set, pool_datastack_create(),
- MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT, ssl_set_r);
+ master_service_ssl_client_settings_to_iostream_set(
+ master_ssl_set, pool_datastack_create(), ssl_set_r);
if ((conn->set.ssl_flags & PROXY_SSL_FLAG_ANY_CERT) != 0)
ssl_set_r->allow_invalid_cert = TRUE;
&client->ip, name,
&client->ssl_set, &other_sets);
- master_service_ssl_settings_to_iostream_set(client->ssl_set,
- pool_datastack_create(),
- MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER, &ssl_set);
+ master_service_ssl_server_settings_to_iostream_set(client->ssl_set,
+ pool_datastack_create(), &ssl_set);
if (ssl_iostream_server_context_cache_get(&ssl_set, &ssl_ctx, &error) < 0) {
*error_r = t_strdup_printf(
"Failed to initialize SSL server context: %s", error);
return -1;
}
- master_service_ssl_settings_to_iostream_set(client->ssl_set,
- pool_datastack_create(),
- MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER, &ssl_set);
+ master_service_ssl_server_settings_to_iostream_set(client->ssl_set,
+ pool_datastack_create(), &ssl_set);
/* If the client cert is invalid, we'll reply NO to the login
command. */
ssl_set.allow_invalid_cert = TRUE;
struct ssl_iostream_settings ssl_set;
const char *error;
- master_service_ssl_settings_to_iostream_set(proxy->client->ssl_set,
- pool_datastack_create(),
- MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
- &ssl_set);
+ master_service_ssl_client_settings_to_iostream_set(
+ proxy->client->ssl_set, pool_datastack_create(), &ssl_set);
if ((proxy->ssl_flags & PROXY_SSL_FLAG_ANY_CERT) != 0)
ssl_set.allow_invalid_cert = TRUE;
/* NOTE: We're explicitly disabling ssl_client_ca_* settings for now
if (strcmp(global_ssl_settings->ssl, "no") == 0)
return;
- master_service_ssl_settings_to_iostream_set(global_ssl_settings,
- pool_datastack_create(),
- MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER, &ssl_set);
+ master_service_ssl_server_settings_to_iostream_set(global_ssl_settings,
+ pool_datastack_create(), &ssl_set);
if (io_stream_ssl_global_init(&ssl_set, &error) < 0)
i_fatal("Failed to initialize SSL library: %s", error);
login_ssl_initialized = TRUE;
struct ssl_iostream_settings ssl_set;
i_zero(&ssl_set);
if (master_ssl_set != NULL) {
- master_service_ssl_settings_to_iostream_set(master_ssl_set,
- pool_datastack_create(),
- MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
+ master_service_ssl_client_settings_to_iostream_set(
+ master_ssl_set, pool_datastack_create(),
&ssl_set);
}
const struct http_client_settings set = {
projects / thirdparty / dovecot / core.git / commitdiff
