From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 8 Aug 2025 12:17:35 +0000 (+0300)
Subject: lib-ssl-iostream: Replace ssl_iostream.has_[valid_]client_cert() with new ssl_iostrea... 
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3bdd4e7dfc8ae38a9f135d176f8ec3693353ada4;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Replace ssl_iostream.has_[valid_]client_cert() with new ssl_iostream.get_cert_validity()
---

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index ea5b2d72fd..6122731072 100644
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -707,16 +707,14 @@ openssl_iostream_get_state(const struct ssl_iostream *ssl_io)
 	return ssl_io->state;
 }
 
-static bool
-openssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io)
-{
-	return ssl_io->cert_received && !ssl_io->cert_broken;
-}
-
-static bool
-openssl_iostream_has_client_cert(struct ssl_iostream *ssl_io)
+static enum ssl_iostream_cert_validity
+openssl_iostream_get_cert_validity(const struct ssl_iostream *ssl_io)
 {
-	return ssl_io->cert_received;
+	if (!ssl_io->cert_received)
+		return SSL_IOSTREAM_CERT_VALIDITY_NO_CERT;
+	if (ssl_io->cert_broken)
+		return SSL_IOSTREAM_CERT_VALIDITY_INVALID;
+	return SSL_IOSTREAM_CERT_VALIDITY_OK;
 }
 
 static bool
@@ -1098,8 +1096,7 @@ static const struct iostream_ssl_vfuncs ssl_vfuncs = {
 
 	.set_log_prefix = openssl_iostream_set_log_prefix,
 	.get_state = openssl_iostream_get_state,
-	.has_valid_client_cert = openssl_iostream_has_valid_client_cert,
-	.has_client_cert = openssl_iostream_has_client_cert,
+	.get_cert_validity = openssl_iostream_get_cert_validity,
 	.cert_match_name = openssl_iostream_cert_match_name,
 	.get_allow_invalid_cert = openssl_iostream_get_allow_invalid_cert,
 	.get_peer_username = openssl_iostream_get_peer_username,
diff --git a/src/lib-ssl-iostream/iostream-ssl-private.h b/src/lib-ssl-iostream/iostream-ssl-private.h
index d9d74b2a44..306b27cf36 100644
--- a/src/lib-ssl-iostream/iostream-ssl-private.h
+++ b/src/lib-ssl-iostream/iostream-ssl-private.h
@@ -38,8 +38,8 @@ struct iostream_ssl_vfuncs {
 	void (*set_log_prefix)(struct ssl_iostream *ssl_io, const char *prefix);
 	enum ssl_iostream_state (*get_state)(const struct ssl_iostream *ssl_io);
 	bool (*has_handshake_failed)(const struct ssl_iostream *ssl_io);
-	bool (*has_valid_client_cert)(const struct ssl_iostream *ssl_io);
-	bool (*has_client_cert)(struct ssl_iostream *ssl_io);
+	enum ssl_iostream_cert_validity
+		(*get_cert_validity)(const struct ssl_iostream *ssl_io);
 	bool (*cert_match_name)(struct ssl_iostream *ssl_io, const char *name,
 				const char **reason_r);
 	bool (*get_allow_invalid_cert)(struct ssl_iostream *ssl_io);
diff --git a/src/lib-ssl-iostream/iostream-ssl.c b/src/lib-ssl-iostream/iostream-ssl.c
index 3cd8fe9394..df5d218f23 100644
--- a/src/lib-ssl-iostream/iostream-ssl.c
+++ b/src/lib-ssl-iostream/iostream-ssl.c
@@ -271,12 +271,12 @@ bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io)
 
 bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io)
 {
-	return ssl_vfuncs->has_valid_client_cert(ssl_io);
+	return ssl_vfuncs->get_cert_validity(ssl_io) == SSL_IOSTREAM_CERT_VALIDITY_OK;
 }
 
 bool ssl_iostream_has_client_cert(struct ssl_iostream *ssl_io)
 {
-	return ssl_vfuncs->has_client_cert(ssl_io);
+	return ssl_vfuncs->get_cert_validity(ssl_io) != SSL_IOSTREAM_CERT_VALIDITY_NO_CERT;
 }
 
 bool ssl_iostream_cert_match_name(struct ssl_iostream *ssl_io, const char *name,