global: Fix ssl_set usage

author Aki Tuomi <aki.tuomi@dovecot.fi>

Mon, 20 Feb 2017 15:49:34 +0000 (17:49 +0200)

committer GitLab <gitlab@git.dovecot.net>

Thu, 23 Feb 2017 10:19:45 +0000 (12:19 +0200)
author Aki Tuomi <aki.tuomi@dovecot.fi>
Mon, 20 Feb 2017 15:49:34 +0000 (17:49 +0200)
committer GitLab <gitlab@git.dovecot.net>
Thu, 23 Feb 2017 10:19:45 +0000 (12:19 +0200)
diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c

index bc73379ff9d3c6ad0b0a5362860f2c061a90979c..c43936a4ced3e85bcd9b091e9565eaa40e0507dc 100644 (file)
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -194,7 +194,6 @@ struct db_oauth2 *db_oauth2_init(const char *config_path)
         }
         ssl_set.prefer_server_ciphers = TRUE;
         ssl_set.allow_invalid_cert = db->set.tls_allow_invalid_cert;
-       ssl_set.verify_remote_cert = !ssl_set.allow_invalid_cert;
         ssl_set.verbose = db->set.debug;
         ssl_set.verbose_invalid_cert = db->set.debug;
         http_set.ssl = &ssl_set;
diff --git a/src/doveadm/doveadm-dsync.c b/src/doveadm/doveadm-dsync.c

index 00aeeeb62dceab7e062234a4df4cfc69316a8753..75f1229788c4e7240cdd4a3265be7054c2834074 100644 (file)
--- a/src/doveadm/doveadm-dsync.c
+++ b/src/doveadm/doveadm-dsync.c
@@ -783,7 +783,6 @@ static int dsync_init_ssl_ctx(struct dsync_cmd_context *ctx,
         i_zero(&ssl_set);
         ssl_set.ca_dir = mail_set->ssl_client_ca_dir;
         ssl_set.ca_file = mail_set->ssl_client_ca_file;
-       ssl_set.verify_remote_cert = TRUE;
         ssl_set.crypto_device = mail_set->ssl_crypto_device;
  
         return ssl_iostream_context_init_client(&ssl_set, &ctx->ssl_ctx, error_r);
diff --git a/src/doveadm/server-connection.c b/src/doveadm/server-connection.c

index 28f41254929f3273ffeb2c20795da39880e1985d..e85b502d1bb9c0b5cf09c5226c9a26751f6d49a7 100644 (file)
--- a/src/doveadm/server-connection.c
+++ b/src/doveadm/server-connection.c
@@ -462,7 +462,6 @@ static int server_connection_init_ssl(struct server_connection *conn)
                 return 0;
  
         i_zero(&ssl_set);
-       ssl_set.verify_remote_cert = TRUE;
         ssl_set.verbose_invalid_cert = TRUE;
  
         if (io_stream_create_ssl_client(conn->server->ssl_ctx,
diff --git a/src/lib-http/http-client-connection.c b/src/lib-http/http-client-connection.c

index 20b7245b0456d4f142c203c27bce507e8ccb6dae..de817923d023765c721547e2d1fae720a0fb1765 100644 (file)
--- a/src/lib-http/http-client-connection.c
+++ b/src/lib-http/http-client-connection.c
@@ -1221,7 +1221,6 @@ http_client_connection_ssl_init(struct http_client_connection *conn,
         i_zero(&ssl_set);
         if (!conn->client->set.ssl->allow_invalid_cert) {
                 ssl_set.verbose_invalid_cert = TRUE;
-               ssl_set.verify_remote_cert = TRUE;
         }
  
         if (conn->client->set.debug)
diff --git a/src/lib-imap-client/imapc-client.c b/src/lib-imap-client/imapc-client.c

index b4d7de73eab8383ae3ab676630bc4c0451657783..5ed406a30ca0ab510871e15f99f0a2d0e1ad32b5 100644 (file)
--- a/src/lib-imap-client/imapc-client.c
+++ b/src/lib-imap-client/imapc-client.c
@@ -89,7 +89,7 @@ imapc_client_init(const struct imapc_client_settings *set)
                 i_zero(&ssl_set);
                 ssl_set.ca_dir = set->ssl_ca_dir;
                 ssl_set.ca_file = set->ssl_ca_file;
-               ssl_set.verify_remote_cert = set->ssl_verify;
+               ssl_set.allow_invalid_cert = !set->ssl_verify;
                 ssl_set.crypto_device = set->ssl_crypto_device;
  
                 if (ssl_iostream_context_init_client(&ssl_set, &client->ssl_ctx,
diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c

index 80fe4c494c78edf9aa09bc6024c8357f6e8cc725..bf73e59a89c49dda17aed5f596fab88878d7e1fc 100644 (file)
--- a/src/lib-imap-client/imapc-connection.c
+++ b/src/lib-imap-client/imapc-connection.c
@@ -1538,7 +1538,8 @@ static int imapc_connection_ssl_init(struct imapc_connection *conn)
         i_zero(&ssl_set);
         if (conn->client->set.ssl_verify) {
                 ssl_set.verbose_invalid_cert = TRUE;
-               ssl_set.verify_remote_cert = TRUE;
+       } else {
+               ssl_set.allow_invalid_cert = TRUE;
         }
  
         if (conn->client->set.debug)
diff --git a/src/lib-storage/index/pop3c/pop3c-client.c b/src/lib-storage/index/pop3c/pop3c-client.c

index 9651b2ffd298620f8523f353376862fbfb237804..c7f61dddc6ee664310ea72c53aaf5591a263e893 100644 (file)
--- a/src/lib-storage/index/pop3c/pop3c-client.c
+++ b/src/lib-storage/index/pop3c/pop3c-client.c
@@ -123,7 +123,7 @@ pop3c_client_init(const struct pop3c_client_settings *set)
                 i_zero(&ssl_set);
                 ssl_set.ca_dir = set->ssl_ca_dir;
                 ssl_set.ca_file = set->ssl_ca_file;
-               ssl_set.verify_remote_cert = set->ssl_verify;
+               ssl_set.allow_invald_cert = !set->ssl_verify;
                 ssl_set.crypto_device = set->ssl_crypto_device;
  
                 if (ssl_iostream_context_init_client(&ssl_set, &client->ssl_ctx,
@@ -577,7 +577,8 @@ static int pop3c_client_ssl_init(struct pop3c_client *client)
         i_zero(&ssl_set);
         if (client->set.ssl_verify) {
                 ssl_set.verbose_invalid_cert = TRUE;
-               ssl_set.verify_remote_cert = TRUE;
+       } else {
+               ssl_set.allow_invalid_cert = TRUE;
         }
  
         if (client->set.debug)
author	Aki Tuomi <aki.tuomi@dovecot.fi>
	Mon, 20 Feb 2017 15:49:34 +0000 (17:49 +0200)
committer	GitLab <gitlab@git.dovecot.net>
	Thu, 23 Feb 2017 10:19:45 +0000 (12:19 +0200)
src/auth/db-oauth2.c		patch \| blob \| blame \| history
src/doveadm/doveadm-dsync.c		patch \| blob \| blame \| history
src/doveadm/server-connection.c		patch \| blob \| blame \| history
src/lib-http/http-client-connection.c		patch \| blob \| blame \| history
src/lib-imap-client/imapc-client.c		patch \| blob \| blame \| history
src/lib-imap-client/imapc-connection.c		patch \| blob \| blame \| history
src/lib-storage/index/pop3c/pop3c-client.c		patch \| blob \| blame \| history