ssl_set.ca_file = db->set.tls_ca_cert_file;
ssl_set.ca_dir = db->set.tls_ca_cert_dir;
if (db->set.tls_cert_file != NULL && *db->set.tls_cert_file != '\0') {
- ssl_set.cert = db->set.tls_cert_file;
- ssl_set.key = db->set.tls_key_file;
+ ssl_set.cert.cert = db->set.tls_cert_file;
+ ssl_set.cert.key = db->set.tls_key_file;
}
ssl_set.prefer_server_ciphers = TRUE;
ssl_set.allow_invalid_cert = db->set.tls_allow_invalid_cert;
if (conn->ssl_set.ca_dir != NULL)
ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CACERTDIR, conn->ssl_set.ca_dir);
- if (conn->ssl_set.cert != NULL)
- ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CERTFILE, conn->ssl_set.cert);
- if (conn->ssl_set.key != NULL)
- ldap_set_option(conn->conn, LDAP_OPT_X_TLS_KEYFILE, conn->ssl_set.key);
+ if (conn->ssl_set.cert.cert != NULL)
+ ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CERTFILE, conn->ssl_set.cert.cert);
+ if (conn->ssl_set.cert.key != NULL)
+ ldap_set_option(conn->conn, LDAP_OPT_X_TLS_KEYFILE, conn->ssl_set.cert.key);
opt = conn->set.debug;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &opt);
return FALSE;
if (null_strcmp(conn->ssl_set.ca_file, set->ssl_set->ca_file) != 0)
return FALSE;
- if (null_strcmp(conn->ssl_set.cert, set->ssl_set->cert) != 0)
+ if (null_strcmp(conn->ssl_set.cert.cert, set->ssl_set->cert.cert) != 0)
return FALSE;
- if (null_strcmp(conn->ssl_set.key, set->ssl_set->key) != 0)
+ if (null_strcmp(conn->ssl_set.cert.key, set->ssl_set->cert.key) != 0)
return FALSE;
return TRUE;
}
}
/* cannot use these */
conn->ssl_set.ca = NULL;
- conn->ssl_set.key_password = NULL;
+ conn->ssl_set.cert.key_password = NULL;
conn->ssl_set.cert_username_field = NULL;
conn->ssl_set.crypto_device = NULL;
conn->ssl_set.protocols = p_strdup(pool, set->ssl_set->protocols);
conn->ssl_set.cipher_list = p_strdup(pool, set->ssl_set->cipher_list);
conn->ssl_set.ca_file = p_strdup(pool, set->ssl_set->ca_file);
- conn->ssl_set.cert = p_strdup(pool, set->ssl_set->cert);
- conn->ssl_set.key = p_strdup(pool, set->ssl_set->key);
+ conn->ssl_set.cert.cert = p_strdup(pool, set->ssl_set->cert.cert);
+ conn->ssl_set.cert.key = p_strdup(pool, set->ssl_set->cert.key);
}
i_assert(ldap_connection_have_settings(conn, set));
ssl_set.cipher_list = set->ssl_cipher_list;
ssl_set.curve_list = set->ssl_curve_list;
ssl_set.ca = set->ssl_ca;
- ssl_set.cert = set->ssl_cert;
- ssl_set.key = set->ssl_key;
+ ssl_set.cert.cert = set->ssl_cert;
+ ssl_set.cert.key = set->ssl_key;
ssl_set.dh = set->ssl_dh;
- ssl_set.key_password = set->ssl_key_password;
+ ssl_set.cert.key_password = set->ssl_key_password;
ssl_set.cert_username_field = set->ssl_cert_username_field;
ssl_set.crypto_device = set->ssl_crypto_device;
return strlen(buf);
}
-int openssl_iostream_load_key(const struct ssl_iostream_settings *set,
+int openssl_iostream_load_key(const struct ssl_iostream_cert *set,
EVP_PKEY **pkey_r, const char **error_r)
{
struct ssl_iostream_password_context ctx;
static int
ssl_iostream_ctx_use_key(struct ssl_iostream_context *ctx,
- const struct ssl_iostream_settings *set,
+ const struct ssl_iostream_cert *set,
const char **error_r)
{
EVP_PKEY *pkey;
openssl_get_protocol_options(ctx->set->protocols));
}
- if (set->cert != NULL &&
- ssl_ctx_use_certificate_chain(ctx->ssl_ctx, set->cert) == 0) {
+ if (set->cert.cert != NULL &&
+ ssl_ctx_use_certificate_chain(ctx->ssl_ctx, set->cert.cert) == 0) {
*error_r = t_strdup_printf("Can't load SSL certificate: %s",
- openssl_iostream_use_certificate_error(set->cert, NULL));
+ openssl_iostream_use_certificate_error(set->cert.cert, NULL));
return -1;
}
- if (set->key != NULL) {
- if (ssl_iostream_ctx_use_key(ctx, set, error_r) < 0)
+ if (set->cert.key != NULL) {
+ if (ssl_iostream_ctx_use_key(ctx, &set->cert, error_r) < 0)
return -1;
}
EC_KEY *eckey;
const EC_GROUP *ecgrp;
- if (set->key != NULL) {
- if (openssl_iostream_load_key(set, &pkey, error_r) < 0)
+ if (set->cert.key != NULL) {
+ if (openssl_iostream_load_key(&set->cert, &pkey, error_r) < 0)
return -1;
if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL &&
static int
openssl_iostream_use_key(struct ssl_iostream *ssl_io,
- const struct ssl_iostream_settings *set,
+ const struct ssl_iostream_cert *set,
const char **error_r)
{
EVP_PKEY *pkey;
openssl_get_protocol_options(set->protocols));
}
- if (set->cert != NULL && strcmp(ctx_set->cert, set->cert) != 0) {
- if (openssl_iostream_use_certificate(ssl_io, set->cert, error_r) < 0)
+ if (set->cert.cert != NULL && strcmp(ctx_set->cert.cert, set->cert.cert) != 0) {
+ if (openssl_iostream_use_certificate(ssl_io, set->cert.cert, error_r) < 0)
return -1;
}
- if (set->key != NULL && strcmp(ctx_set->key, set->key) != 0) {
- if (openssl_iostream_use_key(ssl_io, set, error_r) < 0)
+ if (set->cert.key != NULL && strcmp(ctx_set->cert.key, set->cert.key) != 0) {
+ if (openssl_iostream_use_key(ssl_io, &set->cert, error_r) < 0)
return -1;
}
if (set->verify_remote_cert) {
void openssl_iostream_context_deinit(struct ssl_iostream_context *ctx);
void openssl_iostream_global_deinit(void);
-int openssl_iostream_load_key(const struct ssl_iostream_settings *set,
+int openssl_iostream_load_key(const struct ssl_iostream_cert *set,
EVP_PKEY **pkey_r, const char **error_r);
int openssl_cert_match_name(SSL *ssl, const char *verify_name);
int openssl_get_protocol_options(const char *protocols);
new_set->ca = p_strdup(pool, old_set->ca);
new_set->ca_file = p_strdup(pool, old_set->ca_file);
new_set->ca_dir = p_strdup(pool, old_set->ca_dir);
- new_set->cert = p_strdup(pool, old_set->cert);
- new_set->key = p_strdup(pool, old_set->key);
- new_set->key_password = p_strdup(pool, old_set->key_password);
+ new_set->cert.cert = p_strdup(pool, old_set->cert.cert);
+ new_set->cert.key = p_strdup(pool, old_set->cert.key);
+ new_set->cert.key_password = p_strdup(pool, old_set->cert.key_password);
new_set->cert_username_field = p_strdup(pool, old_set->cert_username_field);
new_set->crypto_device = p_strdup(pool, old_set->crypto_device);
struct ssl_iostream;
struct ssl_iostream_context;
+struct ssl_iostream_cert {
+ const char *cert;
+ const char *key;
+ const char *key_password;
+};
+
struct ssl_iostream_settings {
const char *protocols;
const char *cipher_list;
const char *curve_list;
const char *ca, *ca_file, *ca_dir; /* context-only */
- const char *cert;
- const char *key;
- const char *key_password;
+ struct ssl_iostream_cert cert; /* both */
const char *dh;
const char *cert_username_field;
const char *crypto_device; /* context-only */
projects / thirdparty / dovecot / core.git / commitdiff
