openssl_iostream_cert_match_name(struct ssl_iostream *ssl_io,
const char *verify_name, const char **reason_r)
{
- if (!ssl_iostream_has_valid_client_cert(ssl_io)) {
+ if (!ssl_iostream_has_valid_cert(ssl_io)) {
*reason_r = "Invalid certificate";
return FALSE;
}
char *name;
int len;
- if (!ssl_iostream_has_valid_client_cert(ssl_io))
+ if (!ssl_iostream_has_valid_cert(ssl_io))
return NULL;
#ifdef HAVE_SSL_get1_peer_certificate
return ssl_iostream_get_state(ssl_io) == SSL_IOSTREAM_STATE_OK;
}
-bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io)
+bool ssl_iostream_has_valid_cert(const struct ssl_iostream *ssl_io)
{
return ssl_vfuncs->get_cert_validity(ssl_io) == SSL_IOSTREAM_CERT_VALIDITY_OK;
}
-bool ssl_iostream_has_client_cert(struct ssl_iostream *ssl_io)
+bool ssl_iostream_has_cert(struct ssl_iostream *ssl_io)
{
return ssl_vfuncs->get_cert_validity(ssl_io) != SSL_IOSTREAM_CERT_VALIDITY_NO_CERT;
}
{
const char *reason;
- if (!ssl_iostream_has_valid_client_cert(ssl_io)) {
- if (!ssl_iostream_has_client_cert(ssl_io)) {
+ if (!ssl_iostream_has_valid_cert(ssl_io)) {
+ if (!ssl_iostream_has_cert(ssl_io)) {
*error_r = "SSL certificate not received";
return SSL_IOSTREAM_CERT_VALIDITY_NO_CERT;
} else {
/* Returns TRUE if SSL iostream handshake is finished and certificate is valid.
This is the same as state being SSL_IOSTREAM_STATE_OK. */
bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io);
-bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io);
-bool ssl_iostream_has_client_cert(struct ssl_iostream *ssl_io);
+/* Returns TRUE if SSL (client or server) certificate was received,
+ valid or not. */
+bool ssl_iostream_has_cert(struct ssl_iostream *ssl_io);
+/* Returns TRUE if a valid SSL (client or server) certificate was received.
+ Certificate name validity isn't checked, ssl_iostream_cert_match_name() must
+ be used for that. */
+bool ssl_iostream_has_valid_cert(const struct ssl_iostream *ssl_io);
/* Checks certificate validity based, also performs name checking. Called by
default in handshake, unless handshake callback is set with
ssl_iostream_check_cert_validity().
Host should be set as the name you want to validate the certificate name(s)
against. Usually this is the host name you connected to.
- This function is same as calling ssl_iostream_has_valid_client_cert()
+ This function is same as calling ssl_iostream_has_valid_cert()
and ssl_iostream_cert_match_name().
*/
enum ssl_iostream_cert_validity
*human_reason_r = "cert required, client didn't start TLS";
return TRUE;
}
- if (!ssl_iostream_has_client_cert(client->ssl_iostream)) {
+ if (!ssl_iostream_has_cert(client->ssl_iostream)) {
*event_reason_r = "client_ssl_cert_missing";
*human_reason_r = "client didn't send a cert";
return TRUE;
}
if (client->ssl_server_set->parsed_opts.verify_client_cert &&
- !ssl_iostream_has_valid_client_cert(client->ssl_iostream)) {
+ !ssl_iostream_has_valid_cert(client->ssl_iostream)) {
*event_reason_r = "client_ssl_cert_untrusted";
*human_reason_r = "client sent an untrusted cert";
return TRUE;
enum auth_request_flags auth_flags = 0;
if (client->ssl_iostream != NULL &&
- ssl_iostream_has_valid_client_cert(client->ssl_iostream))
+ ssl_iostream_has_valid_cert(client->ssl_iostream))
auth_flags |= AUTH_REQUEST_FLAG_VALID_CLIENT_CERT;
if (client->connection_tls_secured)
auth_flags |= AUTH_REQUEST_FLAG_CONN_SECURED_TLS;
}
/* no client certificate */
- if (!ssl_iostream_has_valid_client_cert(client->ssl_iostream)) {
+ if (!ssl_iostream_has_valid_cert(client->ssl_iostream)) {
*username_r = NULL;
return TRUE;
}
projects / thirdparty / dovecot / core.git / commitdiff
