From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 25 Feb 2019 14:40:46 +0000 (+0200)
Subject: doveadm: server-connection - Remove redundant ssl verification
X-Git-Tag: 2.3.6~54
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ba49949101253bd7c9ed029e48d5e91a91c1aeec;p=thirdparty%2Fdovecot%2Fcore.git

doveadm: server-connection - Remove redundant ssl verification

Certificate validation is done by lib-ssl-iostream already,
don't do it here again.

Fixes ssl_client_require_valid_cert=no for doveadm sync
---

diff --git a/src/doveadm/server-connection.c b/src/doveadm/server-connection.c
index c1e7bb61b4..168a38e868 100644
--- a/src/doveadm/server-connection.c
+++ b/src/doveadm/server-connection.c
@@ -488,19 +488,6 @@ static int server_connection_read_settings(struct server_connection *conn)
 	return 0;
 }
 
-static int server_connection_ssl_handshaked(const char **error_r, void *context)
-{
-	struct server_connection *conn = context;
-
-	if (ssl_iostream_check_cert_validity(conn->ssl_iostream,
-					     conn->server->hostname,
-					     error_r) < 0)
-		return -1;
-	if (doveadm_debug)
-		i_debug("%s: SSL handshake successful", conn->server->name);
-	return 0;
-}
-
 static int server_connection_init_ssl(struct server_connection *conn)
 {
 	struct ssl_iostream_settings ssl_set;
@@ -520,9 +507,6 @@ static int server_connection_init_ssl(struct server_connection *conn)
 		i_error("Couldn't initialize SSL client: %s", error);
 		return -1;
 	}
-	ssl_iostream_set_handshake_callback(conn->ssl_iostream,
-					    server_connection_ssl_handshaked,
-					    conn);
 	if (ssl_iostream_handshake(conn->ssl_iostream) < 0) {
 		i_error("SSL handshake failed: %s",
 			ssl_iostream_get_last_error(conn->ssl_iostream));