From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Thu, 29 Jul 2021 18:43:03 +0000 (+0300)
Subject: lib-master, global: Split master_service_ssl_settings_to_iostream_set() to client... 
X-Git-Tag: 2.3.17~243
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=79a210c1f7e94a1863f17db0b9f14b6d3c89e15f;p=thirdparty%2Fdovecot%2Fcore.git

lib-master, global: Split master_service_ssl_settings_to_iostream_set() to client/server functions
---

diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c
index bd4300ad85..951f85e6f8 100644
--- a/src/auth/auth-policy.c
+++ b/src/auth/auth-policy.c
@@ -170,9 +170,8 @@ void auth_policy_init(void)
 	if (global_auth_settings->debug)
 		http_client_set.debug = 1;
 
-	master_service_ssl_settings_to_iostream_set(master_ssl_set, pool_datastack_create(),
-						    MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
-						    &ssl_set);
+	master_service_ssl_client_settings_to_iostream_set(master_ssl_set,
+		pool_datastack_create(), &ssl_set);
 	http_client_set.ssl = &ssl_set;
 	http_client_set.event_parent = auth_event;
 	http_client = http_client_init(&http_client_set);
diff --git a/src/doveadm/doveadm-settings.c b/src/doveadm/doveadm-settings.c
index c363dce9b5..2c13bf0cf1 100644
--- a/src/doveadm/doveadm-settings.c
+++ b/src/doveadm/doveadm-settings.c
@@ -213,9 +213,8 @@ const struct master_service_ssl_settings *doveadm_ssl_set = NULL;
 void doveadm_get_ssl_settings(struct ssl_iostream_settings *set_r, pool_t pool)
 {
 	i_zero(set_r);
-	master_service_ssl_settings_to_iostream_set(doveadm_ssl_set, pool,
-						    MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
-						    set_r);
+	master_service_ssl_client_settings_to_iostream_set(doveadm_ssl_set,
+							   pool, set_r);
 }
 
 void doveadm_settings_expand(struct doveadm_settings *set, pool_t pool)
diff --git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c
index 5dc4a460e5..9d1f5dda47 100644
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -171,9 +171,8 @@ master_service_ssl_settings_get(struct master_service *service)
 	return sets[1];
 }
 
-void master_service_ssl_settings_to_iostream_set(
+static void master_service_ssl_common_settings_to_iostream_set(
 	const struct master_service_ssl_settings *ssl_set, pool_t pool,
-	enum master_service_ssl_settings_type type,
 	struct ssl_iostream_settings *set_r)
 {
 	i_zero(set_r);
@@ -185,29 +184,6 @@ void master_service_ssl_settings_to_iostream_set(
 	   clients. But at least for now it's needed for login-proxy. */
 	set_r->ca = p_strdup_empty(pool, ssl_set->ssl_ca);
 
-	switch (type) {
-	case MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER:
-		set_r->cert.cert = p_strdup(pool, ssl_set->ssl_cert);
-		set_r->cert.key = p_strdup(pool, ssl_set->ssl_key);
-		set_r->cert.key_password = p_strdup(pool, ssl_set->ssl_key_password);
-		if (ssl_set->ssl_alt_cert != NULL && *ssl_set->ssl_alt_cert != '\0') {
-			set_r->alt_cert.cert = p_strdup(pool, ssl_set->ssl_alt_cert);
-			set_r->alt_cert.key = p_strdup(pool, ssl_set->ssl_alt_key);
-			set_r->alt_cert.key_password = p_strdup(pool, ssl_set->ssl_key_password);
-		}
-		set_r->verify_remote_cert = ssl_set->ssl_verify_client_cert;
-		set_r->allow_invalid_cert = !set_r->verify_remote_cert;
-		break;
-	case MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT:
-		set_r->ca_file = p_strdup_empty(pool, ssl_set->ssl_client_ca_file);
-		set_r->ca_dir = p_strdup_empty(pool, ssl_set->ssl_client_ca_dir);
-		set_r->cert.cert = p_strdup_empty(pool, ssl_set->ssl_client_cert);
-		set_r->cert.key = p_strdup_empty(pool, ssl_set->ssl_client_key);
-		set_r->verify_remote_cert = ssl_set->ssl_client_require_valid_cert;
-		set_r->allow_invalid_cert = !set_r->verify_remote_cert;
-		break;
-	}
-
 	set_r->dh = p_strdup(pool, ssl_set->ssl_dh);
 	set_r->crypto_device = p_strdup(pool, ssl_set->ssl_crypto_device);
 	set_r->cert_username_field = p_strdup(pool, ssl_set->ssl_cert_username_field);
@@ -220,3 +196,36 @@ void master_service_ssl_settings_to_iostream_set(
 	set_r->tickets = ssl_set->parsed_opts.tickets;
 	set_r->curve_list = p_strdup(pool, ssl_set->ssl_curve_list);
 }
+
+void master_service_ssl_client_settings_to_iostream_set(
+	const struct master_service_ssl_settings *ssl_set, pool_t pool,
+	struct ssl_iostream_settings *set_r)
+{
+	master_service_ssl_common_settings_to_iostream_set(ssl_set, pool, set_r);
+
+	set_r->ca_file = p_strdup_empty(pool, ssl_set->ssl_client_ca_file);
+	set_r->ca_dir = p_strdup_empty(pool, ssl_set->ssl_client_ca_dir);
+	set_r->cert.cert = p_strdup_empty(pool, ssl_set->ssl_client_cert);
+	set_r->cert.key = p_strdup_empty(pool, ssl_set->ssl_client_key);
+	set_r->verify_remote_cert = ssl_set->ssl_client_require_valid_cert;
+	set_r->allow_invalid_cert = !set_r->verify_remote_cert;
+}
+
+void master_service_ssl_server_settings_to_iostream_set(
+	const struct master_service_ssl_settings *ssl_set,
+	pool_t pool, struct ssl_iostream_settings *set_r)
+{
+	master_service_ssl_common_settings_to_iostream_set(ssl_set, pool, set_r);
+
+	set_r->cert.cert = p_strdup(pool, ssl_set->ssl_cert);
+	set_r->cert.key = p_strdup(pool, ssl_set->ssl_key);
+	set_r->cert.key_password = p_strdup(pool, ssl_set->ssl_key_password);
+	if (ssl_set->ssl_alt_cert != NULL &&
+	    *ssl_set->ssl_alt_cert != '\0') {
+		set_r->alt_cert.cert = p_strdup(pool, ssl_set->ssl_alt_cert);
+		set_r->alt_cert.key = p_strdup(pool, ssl_set->ssl_alt_key);
+		set_r->alt_cert.key_password = p_strdup(pool, ssl_set->ssl_key_password);
+	}
+	set_r->verify_remote_cert = ssl_set->ssl_verify_client_cert;
+	set_r->allow_invalid_cert = !set_r->verify_remote_cert;
+}
diff --git a/src/lib-master/master-service-ssl-settings.h b/src/lib-master/master-service-ssl-settings.h
index ec79c1f1d3..523f7b6b58 100644
--- a/src/lib-master/master-service-ssl-settings.h
+++ b/src/lib-master/master-service-ssl-settings.h
@@ -38,20 +38,17 @@ struct master_service_ssl_settings {
 	} parsed_opts;
 };
 
-enum master_service_ssl_settings_type {
-	MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER,
-	MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
-};
-
 extern const struct setting_parser_info master_service_ssl_setting_parser_info;
 
 const struct master_service_ssl_settings *
 master_service_ssl_settings_get(struct master_service *service);
 
 /* Provides master service ssl settings to iostream settings */
-void master_service_ssl_settings_to_iostream_set(
+void master_service_ssl_client_settings_to_iostream_set(
+	const struct master_service_ssl_settings *ssl_set, pool_t pool,
+	struct ssl_iostream_settings *set_r);
+void master_service_ssl_server_settings_to_iostream_set(
 	const struct master_service_ssl_settings *ssl_set, pool_t pool,
-	enum master_service_ssl_settings_type type,
 	struct ssl_iostream_settings *set_r);
 
 #endif
diff --git a/src/lmtp/lmtp-proxy.c b/src/lmtp/lmtp-proxy.c
index b33d524b09..d7d416f930 100644
--- a/src/lmtp/lmtp-proxy.c
+++ b/src/lmtp/lmtp-proxy.c
@@ -196,9 +196,8 @@ lmtp_proxy_connection_init_ssl(struct lmtp_proxy_connection *conn,
 		return;
 
 	master_ssl_set = master_service_ssl_settings_get(master_service);
-	master_service_ssl_settings_to_iostream_set(
-		master_ssl_set, pool_datastack_create(),
-		MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT, ssl_set_r);
+	master_service_ssl_client_settings_to_iostream_set(
+		master_ssl_set, pool_datastack_create(), ssl_set_r);
 	if ((conn->set.ssl_flags & PROXY_SSL_FLAG_ANY_CERT) != 0)
 		ssl_set_r->allow_invalid_cert = TRUE;
 
diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index 272de90158..df11479431 100644
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -516,9 +516,8 @@ static int client_sni_callback(const char *name, const char **error_r,
 					  &client->ip, name,
 					  &client->ssl_set, &other_sets);
 
-	master_service_ssl_settings_to_iostream_set(client->ssl_set,
-		pool_datastack_create(),
-		MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER, &ssl_set);
+	master_service_ssl_server_settings_to_iostream_set(client->ssl_set,
+		pool_datastack_create(), &ssl_set);
 	if (ssl_iostream_server_context_cache_get(&ssl_set, &ssl_ctx, &error) < 0) {
 		*error_r = t_strdup_printf(
 			"Failed to initialize SSL server context: %s", error);
@@ -542,9 +541,8 @@ int client_init_ssl(struct client *client)
 		return -1;
 	}
 
-	master_service_ssl_settings_to_iostream_set(client->ssl_set,
-		pool_datastack_create(),
-		MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER, &ssl_set);
+	master_service_ssl_server_settings_to_iostream_set(client->ssl_set,
+		pool_datastack_create(), &ssl_set);
 	/* If the client cert is invalid, we'll reply NO to the login
 	   command. */
 	ssl_set.allow_invalid_cert = TRUE;
diff --git a/src/login-common/login-proxy.c b/src/login-common/login-proxy.c
index 35d5cb3ace..aae38fb9b6 100644
--- a/src/login-common/login-proxy.c
+++ b/src/login-common/login-proxy.c
@@ -760,10 +760,8 @@ int login_proxy_starttls(struct login_proxy *proxy)
 	struct ssl_iostream_settings ssl_set;
 	const char *error;
 
-	master_service_ssl_settings_to_iostream_set(proxy->client->ssl_set,
-						    pool_datastack_create(),
-						    MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
-						    &ssl_set);
+	master_service_ssl_client_settings_to_iostream_set(
+		proxy->client->ssl_set, pool_datastack_create(), &ssl_set);
 	if ((proxy->ssl_flags & PROXY_SSL_FLAG_ANY_CERT) != 0)
 		ssl_set.allow_invalid_cert = TRUE;
 	/* NOTE: We're explicitly disabling ssl_client_ca_* settings for now
diff --git a/src/login-common/main.c b/src/login-common/main.c
index 728e7b1e5d..e75f7cd618 100644
--- a/src/login-common/main.c
+++ b/src/login-common/main.c
@@ -380,9 +380,8 @@ static void login_ssl_init(void)
 	if (strcmp(global_ssl_settings->ssl, "no") == 0)
 		return;
 
-	master_service_ssl_settings_to_iostream_set(global_ssl_settings,
-		pool_datastack_create(),
-		MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER, &ssl_set);
+	master_service_ssl_server_settings_to_iostream_set(global_ssl_settings,
+		pool_datastack_create(), &ssl_set);
 	if (io_stream_ssl_global_init(&ssl_set, &error) < 0)
 		i_fatal("Failed to initialize SSL library: %s", error);
 	login_ssl_initialized = TRUE;
diff --git a/src/stats/event-exporter-transport-http-post.c b/src/stats/event-exporter-transport-http-post.c
index 22240fbead..dd3809a95a 100644
--- a/src/stats/event-exporter-transport-http-post.c
+++ b/src/stats/event-exporter-transport-http-post.c
@@ -54,9 +54,8 @@ void event_export_transport_http_post(const struct exporter *exporter,
 		struct ssl_iostream_settings ssl_set;
 		i_zero(&ssl_set);
 		if (master_ssl_set != NULL) {
-			master_service_ssl_settings_to_iostream_set(master_ssl_set,
-				pool_datastack_create(),
-				MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
+			master_service_ssl_client_settings_to_iostream_set(
+				master_ssl_set, pool_datastack_create(),
 				&ssl_set);
 		}
 		const struct http_client_settings set = {