passdb-imap: Add option to control certificate verification

Turn it on by default

diff --git a/src/auth/passdb-imap.c b/src/auth/passdb-imap.c
index b95aaeee714caec2aa03e42f92306ac55a82c6cd..cd12fa0520544b0d212fec55ab0c7915aead2d47 100644 (file)
--- a/src/auth/passdb-imap.c
+++ b/src/auth/passdb-imap.c
@@ -136,6 +136,7 @@ passdb_imap_preinit(pool_t pool, const char *args)
        module->set.ssl_mode = IMAPC_CLIENT_SSL_MODE_NONE;
        module->set.username = "%u";
        module->set.rawlog_dir = "";
+       module->set.ssl_verify = TRUE;
 
        for (tmp = p_strsplit(pool, args, " "); *tmp != NULL; tmp++) {
                key = *tmp;
@@ -169,6 +170,15 @@ passdb_imap_preinit(pool_t pool, const char *args)
                                i_fatal("passdb imap: Invalid ssl mode: %s",
                                        value);
                        }
+               } else if (strcmp(key, "allow_invalid_cert") == 0) {
+                       if (strcmp(value, "yes") == 0) {
+                               module->set.ssl_verify = FALSE;
+                       } else if (strcmp(value, "no") == 0) {
+                               module->set.ssl_verify = TRUE;
+                       } else {
+                               i_fatal("passdb imap: Invalid allow_invalid_cert value: %s",
+                                       value);
+                       }
                } else {
                        i_fatal("passdb imap: Unknown parameter: %s", key);
                }