From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Fri, 15 Dec 2017 12:42:54 +0000 (+0200)
Subject: lib-master: Fix master_service_ssl_settings_to_iostream_set() for client settings
X-Git-Tag: 2.3.0.rc1~19
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=552d37ca8e4a381d6f475477380d4aee4ea3fd8f;p=thirdparty%2Fdovecot%2Fcore.git

lib-master: Fix master_service_ssl_settings_to_iostream_set() for client settings

ssl_verify_client_cert setting applies only to server side. For client side
we always verify the SSL certificate validity.
---

diff --git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c
index b153521d40..061f4b9517 100644
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -187,10 +187,13 @@ void master_service_ssl_settings_to_iostream_set(
 			set_r->alt_cert.key = p_strdup(pool, ssl_set->ssl_alt_key);
 			set_r->alt_cert.key_password = p_strdup(pool, ssl_set->ssl_key_password);
 		}
+		set_r->verify_remote_cert = ssl_set->ssl_verify_client_cert;
+		set_r->allow_invalid_cert = !set_r->verify_remote_cert;
 		break;
 	case MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT:
 		set_r->ca_file = p_strdup(pool, ssl_set->ssl_client_ca_file);
 		set_r->ca_dir = p_strdup(pool, ssl_set->ssl_client_ca_dir);
+		set_r->verify_remote_cert = TRUE;
 		break;
 	}
 
@@ -201,8 +204,6 @@ void master_service_ssl_settings_to_iostream_set(
 	set_r->verbose = ssl_set->verbose_ssl;
 	set_r->verbose_invalid_cert = ssl_set->verbose_ssl;
 	set_r->skip_crl_check = !ssl_set->ssl_require_crl;
-	set_r->verify_remote_cert = ssl_set->ssl_verify_client_cert;
-	set_r->allow_invalid_cert = !set_r->verify_remote_cert;
 	set_r->prefer_server_ciphers = ssl_set->ssl_prefer_server_ciphers;
 	set_r->compression = ssl_set->parsed_opts.compression;
 	set_r->tickets = ssl_set->parsed_opts.tickets;