From: Timo Sirainen Date: Thu, 29 Jul 2021 19:20:17 +0000 (+0300) Subject: lib-master: Use ssl-server settings only when necessary X-Git-Tag: 2.3.17~240 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=36ff43f1a9aff8594d08f791e77ea13390fd569f;p=thirdparty%2Fdovecot%2Fcore.git lib-master: Use ssl-server settings only when necessary --- diff --git a/src/lib-master/master-service-private.h b/src/lib-master/master-service-private.h index e881a090dc..d886c9d4c4 100644 --- a/src/lib-master/master-service-private.h +++ b/src/lib-master/master-service-private.h @@ -82,7 +82,6 @@ struct master_service { bool die_with_master:1; bool call_avail_overflow:1; bool config_path_changed_with_param:1; - bool want_ssl_settings:1; bool want_ssl_server:1; bool ssl_ctx_initialized:1; bool config_path_from_master:1; diff --git a/src/lib-master/master-service-settings.c b/src/lib-master/master-service-settings.c index b3b1bbeb6b..4e408c9dea 100644 --- a/src/lib-master/master-service-settings.c +++ b/src/lib-master/master-service-settings.c @@ -223,10 +223,12 @@ master_service_exec_config(struct master_service *service, strarr_push(&conf_argv, input->extra_modules[i]); } } - if (service->want_ssl_settings && - (input->module != NULL || input->extra_modules != NULL)) { + if (input->module != NULL || input->extra_modules != NULL) { strarr_push(&conf_argv, "-m"); - strarr_push(&conf_argv, "ssl-server"); + if (service->want_ssl_server) + strarr_push(&conf_argv, "ssl-server"); + else + strarr_push(&conf_argv, "ssl"); } if (input->parse_full_config) strarr_push(&conf_argv, "-p"); @@ -357,9 +359,10 @@ config_build_request(struct master_service *service, string_t *str, for (unsigned int i = 0; input->extra_modules[i] != NULL; i++) str_printfa(str, "\tmodule=%s", input->extra_modules[i]); } - if (service->want_ssl_settings && - (input->module != NULL || input->extra_modules != NULL)) - str_append(str, "\tmodule=ssl-server"); + if (input->module != NULL || input->extra_modules != NULL) { + str_printfa(str, "\tmodule=%s", + service->want_ssl_server ? "ssl-server" : "ssl"); + } if (input->service != NULL) str_printfa(str, "\tservice=%s", input->service); if (input->username != NULL) @@ -606,9 +609,9 @@ int master_service_settings_read(struct master_service *service, p_array_init(&all_roots, service->set_pool, 8); tmp_root = &master_service_setting_parser_info; array_push_back(&all_roots, &tmp_root); - if (service->want_ssl_settings) { - tmp_root = &master_service_ssl_setting_parser_info; - array_push_back(&all_roots, &tmp_root); + tmp_root = &master_service_ssl_setting_parser_info; + array_push_back(&all_roots, &tmp_root); + if (service->want_ssl_server) { tmp_root = &master_service_ssl_server_setting_parser_info; array_push_back(&all_roots, &tmp_root); } @@ -758,8 +761,8 @@ void **master_service_settings_get_others(struct master_service *service) void **master_service_settings_parser_get_others(struct master_service *service, const struct setting_parser_context *set_parser) { - return settings_parser_get_list(set_parser) + 1 + - (service->want_ssl_settings ? 2 : 0); + return settings_parser_get_list(set_parser) + 2 + + (service->want_ssl_server ? 1 : 0); } struct setting_parser_context * diff --git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c index a7f5216114..04bf38ddab 100644 --- a/src/lib-master/master-service-ssl-settings.c +++ b/src/lib-master/master-service-ssl-settings.c @@ -195,7 +195,6 @@ master_service_ssl_settings_get(struct master_service *service) { void **sets; - i_assert(service->want_ssl_settings); sets = settings_parser_get_list(service->set_parser); return sets[1]; } @@ -205,7 +204,7 @@ master_service_ssl_server_settings_get(struct master_service *service) { void **sets; - i_assert(service->want_ssl_settings); + i_assert(service->want_ssl_server); sets = settings_parser_get_list(service->set_parser); return sets[2]; } diff --git a/src/lib-master/master-service.c b/src/lib-master/master-service.c index 58360d5678..f7dde166c4 100644 --- a/src/lib-master/master-service.c +++ b/src/lib-master/master-service.c @@ -304,12 +304,11 @@ master_service_init(const char *name, enum master_service_flags flags, T_BEGIN { master_service_init_socket_listeners(service); } T_END; - service->want_ssl_settings = service->want_ssl_server || - (service->flags & MASTER_SERVICE_FLAG_USE_SSL_SETTINGS) != 0; #ifdef HAVE_SSL - /* load SSL module if necessary */ - if (service->want_ssl_settings) { + /* Load the SSL module if we already know it is necessary. It can also + get loaded later on-demand. */ + if (service->want_ssl_server) { const char *error; if (ssl_module_load(&error) < 0) i_fatal("Cannot load SSL module: %s", error);