From: Aki Tuomi Date: Wed, 14 Nov 2018 13:44:14 +0000 (+0200) Subject: lib-storage: pop3c - Use mail_user_init_ssl_client_settings X-Git-Tag: 2.3.6~108 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6bc371f1a8eb1ae896c223481a84a508bf819921;p=thirdparty%2Fdovecot%2Fcore.git lib-storage: pop3c - Use mail_user_init_ssl_client_settings --- diff --git a/src/lib-storage/index/pop3c/pop3c-client.c b/src/lib-storage/index/pop3c/pop3c-client.c index ed5baa1e76..42a15a2fcd 100644 --- a/src/lib-storage/index/pop3c/pop3c-client.c +++ b/src/lib-storage/index/pop3c/pop3c-client.c @@ -115,17 +115,8 @@ pop3c_client_init(const struct pop3c_client_settings *set) client->set.rawlog_dir = p_strdup(pool, set->rawlog_dir); if (set->ssl_mode != POP3C_CLIENT_SSL_MODE_NONE) { - client->set.ssl_mode = set->ssl_mode; - client->set.ssl_ca_dir = p_strdup(pool, set->ssl_ca_dir); - client->set.ssl_ca_file = p_strdup(pool, set->ssl_ca_file); - client->set.ssl_verify = set->ssl_verify; - - i_zero(&ssl_set); - ssl_set.ca_dir = set->ssl_ca_dir; - ssl_set.ca_file = set->ssl_ca_file; - ssl_set.allow_invalid_cert = !set->ssl_verify; - ssl_set.crypto_device = set->ssl_crypto_device; - + ssl_iostream_settings_init_from(client->pool, &client->set.ssl_set, &set->ssl_set); + client->set.ssl_set.verbose_invalid_cert = !client->set.ssl_set.allow_invalid_cert; if (ssl_iostream_client_context_cache_get(&ssl_set, &client->ssl_ctx, &error) < 0) { @@ -544,7 +535,7 @@ static int pop3c_client_ssl_handshaked(const char **error_r, void *context) client->set.host); } return 0; - } else if (!client->set.ssl_verify) { + } else if (client->set.ssl_set.allow_invalid_cert) { if (client->set.debug) { i_debug("pop3c(%s): SSL handshake successful, " "ignoring invalid certificate: %s", @@ -559,7 +550,6 @@ static int pop3c_client_ssl_handshaked(const char **error_r, void *context) static int pop3c_client_ssl_init(struct pop3c_client *client) { - struct ssl_iostream_settings ssl_set; const char *error; if (client->ssl_ctx == NULL) { @@ -567,13 +557,6 @@ static int pop3c_client_ssl_init(struct pop3c_client *client) return -1; } - i_zero(&ssl_set); - if (client->set.ssl_verify) { - ssl_set.verbose_invalid_cert = TRUE; - } else { - ssl_set.allow_invalid_cert = TRUE; - } - if (client->set.debug) i_debug("pop3c(%s): Starting SSL handshake", client->set.host); @@ -588,8 +571,8 @@ static int pop3c_client_ssl_init(struct pop3c_client *client) } if (io_stream_create_ssl_client(client->ssl_ctx, client->set.host, - &ssl_set, &client->input, &client->output, - &client->ssl_iostream, &error) < 0) { + &client->set.ssl_set, &client->input, + &client->output, &client->ssl_iostream, &error) < 0) { i_error("pop3c(%s): Couldn't initialize SSL client: %s", client->set.host, error); return -1; diff --git a/src/lib-storage/index/pop3c/pop3c-client.h b/src/lib-storage/index/pop3c/pop3c-client.h index 57a4cb0d4f..7fb8037769 100644 --- a/src/lib-storage/index/pop3c/pop3c-client.h +++ b/src/lib-storage/index/pop3c/pop3c-client.h @@ -3,6 +3,7 @@ #include "net.h" #include "pop3c-settings.h" +#include "iostream-ssl.h" enum pop3c_capability { POP3C_CAPABILITY_PIPELINING = 0x01, @@ -35,8 +36,7 @@ struct pop3c_client_settings { enum pop3c_client_ssl_mode ssl_mode; enum pop3c_features parsed_features; - const char *ssl_ca_dir, *ssl_ca_file; - bool ssl_verify; + struct ssl_iostream_settings ssl_set; const char *rawlog_dir; const char *ssl_crypto_device; diff --git a/src/lib-storage/index/pop3c/pop3c-storage.c b/src/lib-storage/index/pop3c/pop3c-storage.c index e6a57951ca..aeebd2a4c4 100644 --- a/src/lib-storage/index/pop3c/pop3c-storage.c +++ b/src/lib-storage/index/pop3c/pop3c-storage.c @@ -73,16 +73,17 @@ pop3c_client_create_from_set(struct mail_storage *storage, client_set.rawlog_dir = mail_user_home_expand(storage->user, set->pop3c_rawlog_dir); - client_set.ssl_ca_dir = storage->set->ssl_client_ca_dir; - client_set.ssl_ca_file = storage->set->ssl_client_ca_file; - client_set.ssl_verify = set->pop3c_ssl_verify; + mail_user_init_ssl_client_settings(storage->user, &client_set.ssl_set); + + if (!set->pop3c_ssl_verify) + client_set.ssl_set.allow_invalid_cert = TRUE; + if (strcmp(set->pop3c_ssl, "pop3s") == 0) client_set.ssl_mode = POP3C_CLIENT_SSL_MODE_IMMEDIATE; else if (strcmp(set->pop3c_ssl, "starttls") == 0) client_set.ssl_mode = POP3C_CLIENT_SSL_MODE_STARTTLS; else client_set.ssl_mode = POP3C_CLIENT_SSL_MODE_NONE; - client_set.ssl_crypto_device = storage->set->ssl_crypto_device; return pop3c_client_init(&client_set); }