From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Fri, 28 Apr 2017 17:28:23 +0000 (+0300)
Subject: passdb-imap: Add option to control certificate verification
X-Git-Tag: 2.2.30.rc1~55
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a92ae4ab16abea2d0e722078284758464980f570;p=thirdparty%2Fdovecot%2Fcore.git

passdb-imap: Add option to control certificate verification

Turn it on by default
---

diff --git a/src/auth/passdb-imap.c b/src/auth/passdb-imap.c
index b95aaeee71..cd12fa0520 100644
--- a/src/auth/passdb-imap.c
+++ b/src/auth/passdb-imap.c
@@ -136,6 +136,7 @@ passdb_imap_preinit(pool_t pool, const char *args)
 	module->set.ssl_mode = IMAPC_CLIENT_SSL_MODE_NONE;
 	module->set.username = "%u";
 	module->set.rawlog_dir = "";
+	module->set.ssl_verify = TRUE;
 
 	for (tmp = p_strsplit(pool, args, " "); *tmp != NULL; tmp++) {
 		key = *tmp;
@@ -169,6 +170,15 @@ passdb_imap_preinit(pool_t pool, const char *args)
 				i_fatal("passdb imap: Invalid ssl mode: %s",
 					value);
 			}
+		} else if (strcmp(key, "allow_invalid_cert") == 0) {
+			if (strcmp(value, "yes") == 0) {
+				module->set.ssl_verify = FALSE;
+			} else if (strcmp(value, "no") == 0) {
+				module->set.ssl_verify = TRUE;
+			} else {
+				i_fatal("passdb imap: Invalid allow_invalid_cert value: %s",
+					value);
+			}
 		} else {
 			i_fatal("passdb imap: Unknown parameter: %s", key);
 		}