From: Timo Sirainen Date: Fri, 8 Aug 2025 11:57:02 +0000 (+0300) Subject: lib-ssl-iostream: Remove ssl_iostream_has_handshake_failed() X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5cc7662680acc9ed6d9c651f14442fbc080bbd61;p=thirdparty%2Fdovecot%2Fcore.git lib-ssl-iostream: Remove ssl_iostream_has_handshake_failed() Its meaning is a bit too ambiguous. It's better for callers to use ssl_iostream_get_state(). --- diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c index 7d33c678fa..ea5b2d72fd 100644 --- a/src/lib-ssl-iostream/iostream-openssl.c +++ b/src/lib-ssl-iostream/iostream-openssl.c @@ -707,12 +707,6 @@ openssl_iostream_get_state(const struct ssl_iostream *ssl_io) return ssl_io->state; } -static bool -openssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io) -{ - return ssl_io->handshake_failed; -} - static bool openssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io) { @@ -1104,7 +1098,6 @@ static const struct iostream_ssl_vfuncs ssl_vfuncs = { .set_log_prefix = openssl_iostream_set_log_prefix, .get_state = openssl_iostream_get_state, - .has_handshake_failed = openssl_iostream_has_handshake_failed, .has_valid_client_cert = openssl_iostream_has_valid_client_cert, .has_client_cert = openssl_iostream_has_client_cert, .cert_match_name = openssl_iostream_cert_match_name, diff --git a/src/lib-ssl-iostream/iostream-ssl.c b/src/lib-ssl-iostream/iostream-ssl.c index 67e6b27d2b..3cd8fe9394 100644 --- a/src/lib-ssl-iostream/iostream-ssl.c +++ b/src/lib-ssl-iostream/iostream-ssl.c @@ -269,11 +269,6 @@ bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io) return ssl_iostream_get_state(ssl_io) == SSL_IOSTREAM_STATE_OK; } -bool ssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io) -{ - return ssl_vfuncs->has_handshake_failed(ssl_io); -} - bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io) { return ssl_vfuncs->has_valid_client_cert(ssl_io); diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h index 8e6068f4e6..3c5f2d616a 100644 --- a/src/lib-ssl-iostream/iostream-ssl.h +++ b/src/lib-ssl-iostream/iostream-ssl.h @@ -205,9 +205,6 @@ ssl_iostream_get_state(const struct ssl_iostream *ssl_io); /* Returns TRUE if SSL iostream handshake is finished and certificate is valid. This is the same as state being SSL_IOSTREAM_STATE_OK. */ bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io); -/* Returns TRUE if the remote cert is invalid, or handshake callback returned - failure. */ -bool ssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io); bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io); bool ssl_iostream_has_client_cert(struct ssl_iostream *ssl_io); /* Checks certificate validity based, also performs name checking. Called by diff --git a/src/lib-ssl-iostream/test-iostream-ssl.c b/src/lib-ssl-iostream/test-iostream-ssl.c index e2e20d0922..efd96d1655 100644 --- a/src/lib-ssl-iostream/test-iostream-ssl.c +++ b/src/lib-ssl-iostream/test-iostream-ssl.c @@ -239,10 +239,12 @@ static int test_iostream_ssl_handshake_real(struct ssl_iostream_settings *server if (client->failed || server->failed) ret = -1; - if (ssl_iostream_has_handshake_failed(client->iostream)) { + if (ssl_iostream_get_state(client->iostream) != SSL_IOSTREAM_STATE_OK && + ssl_iostream_get_state(client->iostream) != SSL_IOSTREAM_STATE_HANDSHAKING) { i_error("client: %s", ssl_iostream_get_last_error(client->iostream)); ret = -1; - } else if (ssl_iostream_has_handshake_failed(server->iostream)) { + } else if (ssl_iostream_get_state(server->iostream) != SSL_IOSTREAM_STATE_OK && + ssl_iostream_get_state(server->iostream) != SSL_IOSTREAM_STATE_HANDSHAKING) { i_error("server: %s", ssl_iostream_get_last_error(server->iostream)); ret = -1; /* check hostname */