From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Thu, 19 Dec 2024 12:07:24 +0000 (+0200)
Subject: lib-ssl-iostream: Change ssl_prefer_server_ciphers boolean to ssl_prefer_ciphers... 
X-Git-Tag: 2.4.0~69
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fcc058493500e144032bcbd1d4221222a18de0cf;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Change ssl_prefer_server_ciphers boolean to ssl_prefer_ciphers enum
---

diff --git a/src/lib-ssl-iostream/ssl-settings.c b/src/lib-ssl-iostream/ssl-settings.c
index fd7b39fee5..1846e857c2 100644
--- a/src/lib-ssl-iostream/ssl-settings.c
+++ b/src/lib-ssl-iostream/ssl-settings.c
@@ -83,9 +83,9 @@ static const struct setting_define ssl_server_setting_defines[] = {
 	DEF(STR, ssl_key_password),
 	DEF(FILE, ssl_dh_file),
 	DEF(STR, ssl_cert_username_field),
+	DEF(ENUM, ssl_prefer_ciphers),
 
 	DEF(BOOL, ssl_require_crl),
-	DEF(BOOL, ssl_prefer_server_ciphers),
 	DEF(BOOL, ssl_request_client_cert),
 
 	SETTING_DEFINE_LIST_END
@@ -101,9 +101,9 @@ static const struct ssl_server_settings ssl_server_default_settings = {
 	.ssl_key_password = "",
 	.ssl_dh_file = "",
 	.ssl_cert_username_field = "commonName",
+	.ssl_prefer_ciphers = "client:server",
 
 	.ssl_require_crl = TRUE,
-	.ssl_prefer_server_ciphers = FALSE,
 	.ssl_request_client_cert = FALSE,
 };
 
@@ -272,7 +272,8 @@ void ssl_server_settings_to_iostream_set(
 	settings_file_get(ssl_server_set->ssl_dh_file, set->pool, &set->dh);
 	set->cert_username_field =
 		ssl_server_set->ssl_cert_username_field;
-	set->prefer_server_ciphers = ssl_server_set->ssl_prefer_server_ciphers;
+	set->prefer_server_ciphers =
+		strcmp(ssl_server_set->ssl_prefer_ciphers, "server") == 0;
 	set->verify_remote_cert = ssl_server_set->ssl_request_client_cert;
 	set->allow_invalid_cert = !set->verify_remote_cert;
 	/* ssl_require_crl is used only for checking client-provided SSL
diff --git a/src/lib-ssl-iostream/ssl-settings.h b/src/lib-ssl-iostream/ssl-settings.h
index be54a94f85..19106cf770 100644
--- a/src/lib-ssl-iostream/ssl-settings.h
+++ b/src/lib-ssl-iostream/ssl-settings.h
@@ -40,9 +40,9 @@ struct ssl_server_settings {
 	const char *ssl_key_password;
 	const char *ssl_dh_file;
 	const char *ssl_cert_username_field;
+	const char *ssl_prefer_ciphers;
 
 	bool ssl_require_crl;
-	bool ssl_prefer_server_ciphers;
 	bool ssl_request_client_cert;
 };