From: Aki Tuomi Date: Mon, 20 Feb 2017 15:49:34 +0000 (+0200) Subject: global: Fix ssl_set usage X-Git-Tag: 2.3.0.rc1~2001 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b3c095d1fb0bb86695d92c2045eb09e985623934;p=thirdparty%2Fdovecot%2Fcore.git global: Fix ssl_set usage Remove verify_remote_cert, as it's always TRUE now. Set allow_invalid_cert to TRUE if verification is not required. --- diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c index bc73379ff9..c43936a4ce 100644 --- a/src/auth/db-oauth2.c +++ b/src/auth/db-oauth2.c @@ -194,7 +194,6 @@ struct db_oauth2 *db_oauth2_init(const char *config_path) } ssl_set.prefer_server_ciphers = TRUE; ssl_set.allow_invalid_cert = db->set.tls_allow_invalid_cert; - ssl_set.verify_remote_cert = !ssl_set.allow_invalid_cert; ssl_set.verbose = db->set.debug; ssl_set.verbose_invalid_cert = db->set.debug; http_set.ssl = &ssl_set; diff --git a/src/doveadm/doveadm-dsync.c b/src/doveadm/doveadm-dsync.c index 00aeeeb62d..75f1229788 100644 --- a/src/doveadm/doveadm-dsync.c +++ b/src/doveadm/doveadm-dsync.c @@ -783,7 +783,6 @@ static int dsync_init_ssl_ctx(struct dsync_cmd_context *ctx, i_zero(&ssl_set); ssl_set.ca_dir = mail_set->ssl_client_ca_dir; ssl_set.ca_file = mail_set->ssl_client_ca_file; - ssl_set.verify_remote_cert = TRUE; ssl_set.crypto_device = mail_set->ssl_crypto_device; return ssl_iostream_context_init_client(&ssl_set, &ctx->ssl_ctx, error_r); diff --git a/src/doveadm/server-connection.c b/src/doveadm/server-connection.c index 28f4125492..e85b502d1b 100644 --- a/src/doveadm/server-connection.c +++ b/src/doveadm/server-connection.c @@ -462,7 +462,6 @@ static int server_connection_init_ssl(struct server_connection *conn) return 0; i_zero(&ssl_set); - ssl_set.verify_remote_cert = TRUE; ssl_set.verbose_invalid_cert = TRUE; if (io_stream_create_ssl_client(conn->server->ssl_ctx, diff --git a/src/lib-http/http-client-connection.c b/src/lib-http/http-client-connection.c index 20b7245b04..de817923d0 100644 --- a/src/lib-http/http-client-connection.c +++ b/src/lib-http/http-client-connection.c @@ -1221,7 +1221,6 @@ http_client_connection_ssl_init(struct http_client_connection *conn, i_zero(&ssl_set); if (!conn->client->set.ssl->allow_invalid_cert) { ssl_set.verbose_invalid_cert = TRUE; - ssl_set.verify_remote_cert = TRUE; } if (conn->client->set.debug) diff --git a/src/lib-imap-client/imapc-client.c b/src/lib-imap-client/imapc-client.c index b4d7de73ea..5ed406a30c 100644 --- a/src/lib-imap-client/imapc-client.c +++ b/src/lib-imap-client/imapc-client.c @@ -89,7 +89,7 @@ imapc_client_init(const struct imapc_client_settings *set) i_zero(&ssl_set); ssl_set.ca_dir = set->ssl_ca_dir; ssl_set.ca_file = set->ssl_ca_file; - ssl_set.verify_remote_cert = set->ssl_verify; + ssl_set.allow_invalid_cert = !set->ssl_verify; ssl_set.crypto_device = set->ssl_crypto_device; if (ssl_iostream_context_init_client(&ssl_set, &client->ssl_ctx, diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c index 80fe4c494c..bf73e59a89 100644 --- a/src/lib-imap-client/imapc-connection.c +++ b/src/lib-imap-client/imapc-connection.c @@ -1538,7 +1538,8 @@ static int imapc_connection_ssl_init(struct imapc_connection *conn) i_zero(&ssl_set); if (conn->client->set.ssl_verify) { ssl_set.verbose_invalid_cert = TRUE; - ssl_set.verify_remote_cert = TRUE; + } else { + ssl_set.allow_invalid_cert = TRUE; } if (conn->client->set.debug) diff --git a/src/lib-storage/index/pop3c/pop3c-client.c b/src/lib-storage/index/pop3c/pop3c-client.c index 9651b2ffd2..c7f61dddc6 100644 --- a/src/lib-storage/index/pop3c/pop3c-client.c +++ b/src/lib-storage/index/pop3c/pop3c-client.c @@ -123,7 +123,7 @@ pop3c_client_init(const struct pop3c_client_settings *set) i_zero(&ssl_set); ssl_set.ca_dir = set->ssl_ca_dir; ssl_set.ca_file = set->ssl_ca_file; - ssl_set.verify_remote_cert = set->ssl_verify; + ssl_set.allow_invald_cert = !set->ssl_verify; ssl_set.crypto_device = set->ssl_crypto_device; if (ssl_iostream_context_init_client(&ssl_set, &client->ssl_ctx, @@ -577,7 +577,8 @@ static int pop3c_client_ssl_init(struct pop3c_client *client) i_zero(&ssl_set); if (client->set.ssl_verify) { ssl_set.verbose_invalid_cert = TRUE; - ssl_set.verify_remote_cert = TRUE; + } else { + ssl_set.allow_invalid_cert = TRUE; } if (client->set.debug)