From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Sun, 18 Aug 2024 00:34:46 +0000 (+0200)
Subject: lib-smtp: smtp-server-connection - Perform TLS handshake even if connection is not... 
X-Git-Tag: 2.4.0~191
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0a142ec5ceeebe72ddeb3d28cad1d42484272e03;p=thirdparty%2Fdovecot%2Fcore.git

lib-smtp: smtp-server-connection - Perform TLS handshake even if connection is not started yet
---

diff --git a/src/lib-smtp/smtp-server-connection.c b/src/lib-smtp/smtp-server-connection.c
index 3a27207136..2c79b57dad 100644
--- a/src/lib-smtp/smtp-server-connection.c
+++ b/src/lib-smtp/smtp-server-connection.c
@@ -617,10 +617,6 @@ static void smtp_server_connection_input(struct connection *_conn)
 				"SSL Initialization failed");
 			return;
 		}
-		if (conn->halted) {
-			smtp_server_connection_input_lock(conn);
-			return;
-		}
 	}
 	i_assert(!conn->halted);
 
@@ -655,6 +651,10 @@ static void smtp_server_connection_input(struct connection *_conn)
 			i_assert(ret == 0);
 			return;
 		}
+		if (conn->halted) {
+			smtp_server_connection_input_lock(conn);
+			return;
+		}
 	}
 
 	if (!conn->connect_succeeded &&
@@ -1022,6 +1022,9 @@ smtp_server_connection_alloc(struct smtp_server *server,
 
 static void smtp_server_connection_created(struct smtp_server_connection *conn)
 {
+	conn->raw_input = conn->conn.input;
+	conn->raw_output = conn->conn.output;
+
 	/* Halt input until started */
 	smtp_server_connection_halt(conn);
 
@@ -1320,9 +1323,6 @@ void smtp_server_connection_start_pending(struct smtp_server_connection *conn)
 	i_assert(!conn->started);
 	conn->started = TRUE;
 
-	conn->raw_input = conn->conn.input;
-	conn->raw_output = conn->conn.output;
-
 	if (!conn->ssl_start)
 		smtp_server_connection_ready(conn);
 	else if (conn->ssl_iostream == NULL)
@@ -1364,8 +1364,12 @@ void smtp_server_connection_halt(struct smtp_server_connection *conn)
 {
 	conn->halted = TRUE;
 	smtp_server_connection_timeout_stop(conn);
-	if (!conn->started || !conn->ssl_start || conn->ssl_iostream != NULL)
-		smtp_server_connection_input_lock(conn);
+	if (conn->ssl_start &&
+	    (conn->ssl_iostream == NULL ||
+	     !ssl_iostream_is_handshaked(conn->ssl_iostream)))
+		return;
+
+	smtp_server_connection_input_lock(conn);
 }
 
 void smtp_server_connection_resume(struct smtp_server_connection *conn)