From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Fri, 15 Nov 2024 09:51:21 +0000 (+0200)
Subject: lib-smtp: Set application protocol for TLS
X-Git-Tag: 2.4.0~186
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2dcfe9176c8e9cca3b9ca7182fc04376663d8471;p=thirdparty%2Fdovecot%2Fcore.git

lib-smtp: Set application protocol for TLS
---

diff --git a/src/lib-smtp/smtp-client-connection.c b/src/lib-smtp/smtp-client-connection.c
index 19e067773d..7685c3107f 100644
--- a/src/lib-smtp/smtp-client-connection.c
+++ b/src/lib-smtp/smtp-client-connection.c
@@ -1590,8 +1590,16 @@ smtp_client_connection_init_ssl_ctx(struct smtp_client_connection *conn,
 			"Requested SSL connection, but no SSL settings given";
 		return -1;
 	}
-	return ssl_iostream_client_context_cache_get(conn->set.ssl,
-						     &conn->ssl_ctx, error_r);
+	if (ssl_iostream_client_context_cache_get(conn->set.ssl, &conn->ssl_ctx,
+						  error_r) < 0)
+		return -1;
+	const char *application_protocol = smtp_protocol_name(conn->protocol);
+	const char *const names[] = {
+		application_protocol,
+		NULL
+	};
+	ssl_iostream_context_set_application_protocols(conn->ssl_ctx, names);
+	return 0;
 }
 
 static int
diff --git a/src/lib-smtp/smtp-server-connection.c b/src/lib-smtp/smtp-server-connection.c
index b7cd7ad141..1a3dae1c66 100644
--- a/src/lib-smtp/smtp-server-connection.c
+++ b/src/lib-smtp/smtp-server-connection.c
@@ -388,6 +388,12 @@ smtp_server_connection_sni_callback(const char *name, const char **error_r,
 	}
 	settings_free(ssl_set);
 	settings_free(ssl_server_set);
+	const char *application_protocol = smtp_protocol_name(conn->set.protocol);
+	const char *const names[] = {
+		application_protocol,
+		NULL
+	};
+	ssl_iostream_context_set_application_protocols(ssl_ctx, names);
 	ssl_iostream_change_context(conn->ssl_iostream, ssl_ctx);
 	ssl_iostream_context_unref(&ssl_ctx);
 	return 0;