if (ssl_iostream_check_cert_validity(conn->ssl_iostream, host, &error) == 0)
http_client_connection_debug(conn, "SSL handshake successful");
- else if (conn->client->set.ssl_allow_invalid_cert) {
+ else if (!conn->client->set.ssl->require_valid_cert) {
http_client_connection_debug(conn, "SSL handshake successful, "
"ignoring invalid certificate: %s", error);
} else {
i_assert(conn->client->ssl_ctx != NULL);
memset(&ssl_set, 0, sizeof(ssl_set));
- if (!conn->client->set.ssl_allow_invalid_cert) {
+ if (conn->client->set.ssl->require_valid_cert) {
ssl_set.verbose_invalid_cert = TRUE;
ssl_set.verify_remote_cert = TRUE;
ssl_set.require_valid_cert = TRUE;
pool = pool_alloconly_create("http client", 1024);
client = p_new(pool, struct http_client, 1);
client->pool = pool;
+
client->set.dns_client = set->dns_client;
client->set.dns_client_socket_path =
p_strdup_empty(pool, set->dns_client_socket_path);
client->set.user_agent = p_strdup_empty(pool, set->user_agent);
client->set.rawlog_dir = p_strdup_empty(pool, set->rawlog_dir);
- client->set.ssl_ca_dir = p_strdup(pool, set->ssl_ca_dir);
- client->set.ssl_ca_file = p_strdup(pool, set->ssl_ca_file);
- client->set.ssl_ca = p_strdup(pool, set->ssl_ca);
- client->set.ssl_crypto_device = p_strdup(pool, set->ssl_crypto_device);
- client->set.ssl_allow_invalid_cert = set->ssl_allow_invalid_cert;
- client->set.ssl_cert = p_strdup(pool, set->ssl_cert);
- client->set.ssl_key = p_strdup(pool, set->ssl_key);
- client->set.ssl_key_password = p_strdup(pool, set->ssl_key_password);
+
+ client->set.ssl = ssl_iostream_settings_dup(client->pool, set->ssl);
if (set->proxy_socket_path != NULL && *set->proxy_socket_path != '\0') {
client->set.proxy_socket_path = p_strdup(pool, set->proxy_socket_path);
int http_client_init_ssl_ctx(struct http_client *client, const char **error_r)
{
- struct ssl_iostream_settings ssl_set;
const char *error;
if (client->ssl_ctx != NULL)
return 0;
- memset(&ssl_set, 0, sizeof(ssl_set));
- ssl_set.ca_dir = client->set.ssl_ca_dir;
- ssl_set.ca_file = client->set.ssl_ca_file;
- ssl_set.ca = client->set.ssl_ca;
- ssl_set.verify_remote_cert = TRUE;
- ssl_set.crypto_device = client->set.ssl_crypto_device;
- ssl_set.cert = client->set.ssl_cert;
- ssl_set.key = client->set.ssl_key;
- ssl_set.key_password = client->set.ssl_key_password;
- ssl_set.verbose = client->set.debug;
- ssl_set.verbose_invalid_cert = client->set.debug;
-
- if (ssl_iostream_context_init_client(&ssl_set, &client->ssl_ctx, &error) < 0) {
+ if (ssl_iostream_context_init_client(client->set.ssl, &client->ssl_ctx, &error) < 0) {
*error_r = t_strdup_printf("Couldn't initialize SSL context: %s",
error);
return -1;
struct http_client;
struct http_client_request;
+struct ssl_iostream_settings;
+
/*
* Client settings
*/
struct dns_client *dns_client;
const char *dns_client_socket_path;
- /* ssl configuration */
- const char *ssl_ca_dir, *ssl_ca_file, *ssl_ca;
- const char *ssl_crypto_device;
- bool ssl_allow_invalid_cert;
- /* user cert */
- const char *ssl_cert, *ssl_key, *ssl_key_password;
+ const struct ssl_iostream_settings *ssl;
/* User-Agent: header (default: none) */
const char *user_agent;
#include "http-url.h"
#include "http-client.h"
#include "dns-lookup.h"
+#include "iostream-ssl.h"
struct http_test_request {
struct io *io;
struct dns_lookup_settings dns_set;
struct http_client_settings http_set;
struct http_client *http_client;
+ struct ssl_iostream_settings ssl_set;
const char *error;
struct ioloop *ioloop;
if (dns_client_connect(dns_client, &error) < 0)
i_fatal("Couldn't initialize DNS client: %s", error);
+ memset(&ssl_set, 0, sizeof(ssl_set));
+ ssl_set.require_valid_cert = FALSE;
+ ssl_set.ca_dir = "/etc/ssl/certs"; /* debian */
+ ssl_set.ca_file = "/etc/pki/tls/cert.pem"; /* redhat */
+
memset(&http_set, 0, sizeof(http_set));
+ http_set.ssl = &ssl_set;
http_set.dns_client = dns_client;
- http_set.ssl_allow_invalid_cert = TRUE;
- http_set.ssl_ca_dir = "/etc/ssl/certs"; /* debian */
- http_set.ssl_ca_file = "/etc/pki/tls/cert.pem"; /* redhat */
http_set.max_idle_time_msecs = 5*1000;
http_set.max_parallel_connections = 4;
http_set.max_pipelined_requests = 4;
projects / thirdparty / dovecot / core.git / commitdiff
