lib-imap-client: Use iostream ssl settings directly

Prevents custom SSL CAs and certificate verification disabling
until fixed by subsequent commits.

diff --git a/src/lib-imap-client/imapc-client.c b/src/lib-imap-client/imapc-client.c
index 61d8e1c2ef8cf30d8a536105510d880e6b0c804a..0088083ab5df4a54d3d90b37005371f3633ea08a 100644 (file)
--- a/src/lib-imap-client/imapc-client.c
+++ b/src/lib-imap-client/imapc-client.c
@@ -50,7 +50,6 @@ struct imapc_client *
 imapc_client_init(const struct imapc_client_settings *set)
 {
        struct imapc_client *client;
-       struct ssl_iostream_settings ssl_set;
        const char *error;
        pool_t pool;
 
@@ -97,17 +96,9 @@ imapc_client_init(const struct imapc_client_settings *set)
 
        if (set->ssl_mode != IMAPC_CLIENT_SSL_MODE_NONE) {
                client->set.ssl_mode = set->ssl_mode;
-               client->set.ssl_ca_dir = p_strdup(pool, set->ssl_ca_dir);
-               client->set.ssl_ca_file = p_strdup(pool, set->ssl_ca_file);
-               client->set.ssl_verify = set->ssl_verify;
-
-               i_zero(&ssl_set);
-               ssl_set.ca_dir = set->ssl_ca_dir;
-               ssl_set.ca_file = set->ssl_ca_file;
-               ssl_set.allow_invalid_cert = !set->ssl_verify;
-               ssl_set.crypto_device = set->ssl_crypto_device;
-
-               if (ssl_iostream_client_context_cache_get(&ssl_set,
+               ssl_iostream_settings_init_from(pool, &client->set.ssl_set, &set->ssl_set);
+               client->set.ssl_set.verbose_invalid_cert = !client->set.ssl_set.allow_invalid_cert;
+               if (ssl_iostream_client_context_cache_get(&client->set.ssl_set,
                                                          &client->ssl_ctx,
                                                          &error) < 0) {
                        i_error("imapc(%s:%u): Couldn't initialize SSL context: %s",

diff --git a/src/lib-imap-client/imapc-client.h b/src/lib-imap-client/imapc-client.h
index 269e94bc55a66bea02a6d43fd77db757b63d3a18..6431c16a6b55cb7186c33aa4b38a503b1413af6d 100644 (file)
--- a/src/lib-imap-client/imapc-client.h
+++ b/src/lib-imap-client/imapc-client.h
@@ -2,6 +2,7 @@
 #define IMAPC_CLIENT_H
 
 #include "net.h"
+#include "iostream-ssl.h"
 
 /* IMAP RFC defines this to be at least 30 minutes. */
 #define IMAPC_DEFAULT_MAX_IDLE_TIME (60*29)
@@ -92,6 +93,7 @@ struct imapc_client_settings {
 
        const char *dns_client_socket_path;
        const char *temp_path_prefix;
+       struct ssl_iostream_settings ssl_set;
 
        enum imapc_client_ssl_mode ssl_mode;
        const char *ssl_ca_dir, *ssl_ca_file;

diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c
index 5ac544f5c628a89160fc3a455258a875433c8c41..c0dd46647198b067e26aa93b7003a92c7e0e7c4d 100644 (file)
--- a/src/lib-imap-client/imapc-connection.c
+++ b/src/lib-imap-client/imapc-connection.c
@@ -1624,7 +1624,7 @@ static int imapc_connection_ssl_handshaked(const char **error_r, void *context)
                                conn->name);
                }
                return 0;
-       } else if (!conn->client->set.ssl_verify) {
+       } else if (conn->client->set.ssl_set.allow_invalid_cert) {
                if (conn->client->set.debug) {
                        i_debug("imapc(%s): SSL handshake successful, "
                                "ignoring invalid certificate: %s",
@@ -1639,7 +1639,6 @@ static int imapc_connection_ssl_handshaked(const char **error_r, void *context)
 
 static int imapc_connection_ssl_init(struct imapc_connection *conn)
 {
-       struct ssl_iostream_settings ssl_set;
        const char *error;
 
        if (conn->client->ssl_ctx == NULL) {
@@ -1647,13 +1646,6 @@ static int imapc_connection_ssl_init(struct imapc_connection *conn)
                return -1;
        }
 
-       i_zero(&ssl_set);
-       if (conn->client->set.ssl_verify) {
-               ssl_set.verbose_invalid_cert = TRUE;
-       } else {
-               ssl_set.allow_invalid_cert = TRUE;
-       }
-
        if (conn->client->set.debug)
                i_debug("imapc(%s): Starting SSL handshake", conn->name);
 
@@ -1670,7 +1662,8 @@ static int imapc_connection_ssl_init(struct imapc_connection *conn)
        io_remove(&conn->io);
        if (io_stream_create_ssl_client(conn->client->ssl_ctx,
                                        conn->client->set.host,
-                                       &ssl_set, &conn->input, &conn->output,
+                                       &conn->client->set.ssl_set,
+                                       &conn->input, &conn->output,
                                        &conn->ssl_iostream, &error) < 0) {
                i_error("imapc(%s): Couldn't initialize SSL client: %s",
                        conn->name, error);

diff --git a/src/lib-storage/index/imapc/Makefile.am b/src/lib-storage/index/imapc/Makefile.am
index 6a801a5f91ac9ad16a3fd658134389073ba591d5..72ee102ff3e5d017bbbca7d9567ffeed10a120f3 100644 (file)
--- a/src/lib-storage/index/imapc/Makefile.am
+++ b/src/lib-storage/index/imapc/Makefile.am
@@ -10,7 +10,8 @@ AM_CPPFLAGS = \
        -I$(top_srcdir)/src/lib-index \
        -I$(top_srcdir)/src/lib-storage \
        -I$(top_srcdir)/src/lib-storage/list \
-       -I$(top_srcdir)/src/lib-storage/index
+       -I$(top_srcdir)/src/lib-storage/index \
+       -I$(top_srcdir)/src/lib-ssl-iostream
 
 libstorage_imapc_la_SOURCES = \
        imapc-list.c \

diff --git a/src/plugins/quota/Makefile.am b/src/plugins/quota/Makefile.am
index ffebc674046556aa3a617e2b03880b685d002d05..e8bad8c41462efcbb864483846e51f7085e9a726 100644 (file)
--- a/src/plugins/quota/Makefile.am
+++ b/src/plugins/quota/Makefile.am
@@ -14,6 +14,7 @@ AM_CPPFLAGS = \
        -I$(top_srcdir)/src/lib-imap \
        -I$(top_srcdir)/src/lib-imap-client \
        -I$(top_srcdir)/src/lib-settings \
+       -I$(top_srcdir)/src/lib-ssl-iostream \
        -I$(top_srcdir)/src/lib-storage \
        -I$(top_srcdir)/src/lib-storage/index \
        -I$(top_srcdir)/src/lib-storage/index/imapc \