]> git.ipfire.org Git - thirdparty/dovecot/core.git/log
thirdparty/dovecot/core.git
7 years agovirtual: Fix crash when saving to virtual mailbox whose physical box doesn't exist
Timo Sirainen [Fri, 17 Nov 2017 22:44:12 +0000 (00:44 +0200)] 
virtual: Fix crash when saving to virtual mailbox whose physical box doesn't exist

For example if using "!foo" in dovecot-virtual and "foo" doesn't exist, it crashed.
Now it gives a nice error message instead.

7 years agolib: path-util: Made assertions in path_normalize() more reliable and less confusing...
Stephan Bosch [Sat, 18 Nov 2017 18:06:55 +0000 (19:06 +0100)] 
lib: path-util: Made assertions in path_normalize() more reliable and less confusing to static analyzer.

7 years agolib: path-util - Add more code paths to test in path_normalize()
Timo Sirainen [Fri, 17 Nov 2017 20:37:00 +0000 (22:37 +0200)] 
lib: path-util - Add more code paths to test in path_normalize()

7 years agovirtual: Wrap mail.get_binary_stream() to fix it
Timo Sirainen [Fri, 17 Nov 2017 19:44:50 +0000 (21:44 +0200)] 
virtual: Wrap mail.get_binary_stream() to fix it

Fixes using FETCH BINARY[..] with virtual mailboxes crashing with:

Panic: file index-mail-binary.c: line 585 (index_mail_get_binary_stream): assertion failed: (mail->data.stream != NULL)

7 years agoquota: Fix error handling if maildirsize rewrite fails after recalculation
Timo Sirainen [Fri, 17 Nov 2017 18:56:28 +0000 (20:56 +0200)] 
quota: Fix error handling if maildirsize rewrite fails after recalculation

error could have been left uninitialized, potentially causing a crash.

7 years agofts-lucene: Fix potential memory leak
Timo Sirainen [Fri, 17 Nov 2017 18:55:55 +0000 (20:55 +0200)] 
fts-lucene: Fix potential memory leak

7 years agolib-dcrypt: test-stream - Make static analyzer happier
Timo Sirainen [Fri, 17 Nov 2017 18:53:41 +0000 (20:53 +0200)] 
lib-dcrypt: test-stream - Make static analyzer happier

Without this clang thinks it's possible that siz>sizeof(payload).

7 years agodoveadm-auth-server: Further fix json problems
Aki Tuomi [Wed, 15 Nov 2017 12:29:59 +0000 (14:29 +0200)] 
doveadm-auth-server: Further fix json problems

Remove excess comma from start, forgotten in 3e06a782584ea2c4ae2a8cb0451e9952f05f9dc8

7 years agolib-charset: Compile charset-utf8-only code always
Timo Sirainen [Thu, 9 Nov 2017 13:33:52 +0000 (15:33 +0200)] 
lib-charset: Compile charset-utf8-only code always

Mainly so that this code always gets compiled, so any bugs are found.

7 years agolib-charset: Allow plugins to replace charset_* functions
Timo Sirainen [Thu, 9 Nov 2017 13:18:29 +0000 (15:18 +0200)] 
lib-charset: Allow plugins to replace charset_* functions

They just need to point charset_utf8_vfuncs to their own implementation.

7 years agolib-charset: Move non-iconv UTF-8 only translation code to its own file
Timo Sirainen [Thu, 9 Nov 2017 13:12:05 +0000 (15:12 +0200)] 
lib-charset: Move non-iconv UTF-8 only translation code to its own file

7 years agomail-crypt: Do not free global keys if no error has occured
Aki Tuomi [Thu, 16 Nov 2017 11:27:23 +0000 (13:27 +0200)] 
mail-crypt: Do not free global keys if no error has occured

7 years agodirector: Make sure a missing right-side connection is always reconnected
Timo Sirainen [Wed, 15 Nov 2017 22:53:34 +0000 (00:53 +0200)] 
director: Make sure a missing right-side connection is always reconnected

This code shouldn't be needed, but add it just to be sure.

7 years agodirector: Reconnect after detecting a write failure to director
Timo Sirainen [Wed, 15 Nov 2017 22:44:17 +0000 (00:44 +0200)] 
director: Reconnect after detecting a write failure to director

If disconnection is detected during write failure, or "Output buffer full"
occurs, the connection is disconnected. However, if this was the right side
connection, it wasn't automatically reconnected to. This left the ring
nonworking.

7 years agoglobal: Replace o_stream_ignore_last_errors() with o_stream_abort() wherever possible
Timo Sirainen [Wed, 15 Nov 2017 10:57:34 +0000 (12:57 +0200)] 
global: Replace o_stream_ignore_last_errors() with o_stream_abort() wherever possible

7 years agolib: Add o_stream_abort()
Timo Sirainen [Wed, 15 Nov 2017 10:49:48 +0000 (12:49 +0200)] 
lib: Add o_stream_abort()

7 years agolib-smtp: Remove unnecessary o_stream_ignore_last_errors() call
Timo Sirainen [Wed, 15 Nov 2017 10:51:12 +0000 (12:51 +0200)] 
lib-smtp: Remove unnecessary o_stream_ignore_last_errors() call

The stream is already marked with o_stream_set_no_error_handling(TRUE).

7 years agolib-storage: Fix MAILBOX_LIST_INDEX_HIERARHCY_SEP spelling
Josef 'Jeff' Sipek [Thu, 2 Nov 2017 14:07:39 +0000 (10:07 -0400)] 
lib-storage: Fix MAILBOX_LIST_INDEX_HIERARHCY_SEP spelling

Original work by @jsoref

7 years agodoveadm: client - Cleanup: Simplify the input loop
Timo Sirainen [Wed, 8 Nov 2017 12:40:14 +0000 (14:40 +0200)] 
doveadm: client - Cleanup: Simplify the input loop

7 years agodoveadm: client - Cleanup: Remove unnecessary stream_errno check
Timo Sirainen [Wed, 8 Nov 2017 12:39:06 +0000 (14:39 +0200)] 
doveadm: client - Cleanup: Remove unnecessary stream_errno check

7 years agodoveadm: client - Cleanup: Remove unnecessary code indentation
Timo Sirainen [Thu, 9 Nov 2017 14:17:26 +0000 (16:17 +0200)] 
doveadm: client - Cleanup: Remove unnecessary code indentation

7 years agodoveadm: client - Cleanup: Handle input NULL first
Timo Sirainen [Wed, 8 Nov 2017 12:35:31 +0000 (14:35 +0200)] 
doveadm: client - Cleanup: Handle input NULL first

7 years agodoveadm: client - Cleanup: Set authenticate_sent in a more proper location
Timo Sirainen [Thu, 9 Nov 2017 14:18:13 +0000 (16:18 +0200)] 
doveadm: client - Cleanup: Set authenticate_sent in a more proper location

7 years agodoveadm: client - Cleanup: Don't check authenticate_sent twice
Timo Sirainen [Wed, 8 Nov 2017 12:32:25 +0000 (14:32 +0200)] 
doveadm: client - Cleanup: Don't check authenticate_sent twice

7 years agodoveadm: client - Read any pipelined replies after authentication reply
Timo Sirainen [Wed, 8 Nov 2017 12:20:49 +0000 (14:20 +0200)] 
doveadm: client - Read any pipelined replies after authentication reply

This practically shouldn't happen.

7 years agodoveadm: client - Cleanup: Read server input only once in the input handler
Timo Sirainen [Wed, 8 Nov 2017 12:17:04 +0000 (14:17 +0200)] 
doveadm: client - Cleanup: Read server input only once in the input handler

7 years agodoveadm: client - Fail if server sends more than one VERSION reply in handshake
Timo Sirainen [Wed, 8 Nov 2017 12:11:51 +0000 (14:11 +0200)] 
doveadm: client - Fail if server sends more than one VERSION reply in handshake

7 years ago*-login: Close SSL connections cleanly
Timo Sirainen [Wed, 15 Nov 2017 14:12:15 +0000 (16:12 +0200)] 
*-login: Close SSL connections cleanly

Don't close the socket before SSL "close notify" is sent.

7 years agolib-imap: imap_envelope_parse() - remove unnecessary data stack frame
Timo Sirainen [Wed, 15 Nov 2017 13:53:03 +0000 (15:53 +0200)] 
lib-imap: imap_envelope_parse() - remove unnecessary data stack frame

imap_envelope_parse_args() isn't using data stack at all, so this
unnecessarily complicates the code. It also prevents using datastack-pool
as the pool parameter.

7 years agolib-storage: mailbox-list-index - disable if MAILBOX_LIST_PROP_NO_LIST_INDEX set
Aki Tuomi [Wed, 15 Nov 2017 07:22:34 +0000 (09:22 +0200)] 
lib-storage: mailbox-list-index - disable if MAILBOX_LIST_PROP_NO_LIST_INDEX set

7 years agolib-storage: imapc - use MAILBOX_LIST_PROP_NO_LIST_INDEX
Aki Tuomi [Mon, 13 Nov 2017 13:28:08 +0000 (15:28 +0200)] 
lib-storage: imapc - use MAILBOX_LIST_PROP_NO_LIST_INDEX

mailbox list index does not work with imapc, so disable it.

Panic: file mail-storage.c: line 1858 (mailbox_get_metadata): assertion failed: ((items & MAILBOX_METADATA_GUID) == 0 || !guid_128_is_empty(metadata_r->guid))

7 years agolib-storage: mailbox-list-none - use MAILBOX_LIST_PROP_NO_LIST_INDEX flag
Aki Tuomi [Wed, 15 Nov 2017 07:16:12 +0000 (09:16 +0200)] 
lib-storage: mailbox-list-none - use MAILBOX_LIST_PROP_NO_LIST_INDEX flag

7 years agolib-storage: Add MAILBOX_LIST_PROP_NO_LIST_INDEX
Aki Tuomi [Mon, 13 Nov 2017 13:27:07 +0000 (15:27 +0200)] 
lib-storage: Add MAILBOX_LIST_PROP_NO_LIST_INDEX

If set, disables mailbox list index for the given list.

7 years agodoveadm-auth-server: Send comma only if we are sending field too
Aki Tuomi [Wed, 15 Nov 2017 08:28:37 +0000 (10:28 +0200)] 
doveadm-auth-server: Send comma only if we are sending field too

Fixes json output

7 years agolib-master: Drop support for SSL_TXT_SSLV2 in master-service-ssl-settings.c
Martti Rannanjärvi [Tue, 14 Nov 2017 11:49:22 +0000 (13:49 +0200)] 
lib-master: Drop support for SSL_TXT_SSLV2 in master-service-ssl-settings.c

OpenSSL headers are not included in master-service-ssl-settings.c, so
the check for SSL_TXT_SSLV2 is broken at the moment, and the feature is
not worth supporting since SSLv2 is obsolete.

7 years agom4: Refuse to build with OpenSSL version < 1.0.1
Martti Rannanjärvi [Wed, 15 Nov 2017 04:13:30 +0000 (06:13 +0200)] 
m4: Refuse to build with OpenSSL version < 1.0.1

7 years agolib: Add unit test for dec2str_buf()
Timo Sirainen [Tue, 14 Nov 2017 18:14:09 +0000 (20:14 +0200)] 
lib: Add unit test for dec2str_buf()

7 years agoauth: Remove userdb nss
Timo Sirainen [Tue, 14 Nov 2017 14:51:37 +0000 (16:51 +0200)] 
auth: Remove userdb nss

Its original purpose was because getpwnam() couldn't differentiate between
"user doesn't exist" and "temporary error", but this was solved by using
getpwnam_r() instead.

So all userdb nss users should be able to safely switch to userdb passwd.

7 years agoimap: SELECT/EXAMINE - Send * OK [CLOSED] before tagged BAD parameters reply
Timo Sirainen [Mon, 13 Nov 2017 22:09:10 +0000 (00:09 +0200)] 
imap: SELECT/EXAMINE - Send * OK [CLOSED] before tagged BAD parameters reply

7 years agoman: doveadm proxy -a parameter doesn't support TCP sockets
Timo Sirainen [Thu, 9 Nov 2017 14:30:34 +0000 (16:30 +0200)] 
man: doveadm proxy -a parameter doesn't support TCP sockets

7 years agofts-solr: Explicitly ask for XML responses
Simon Frankenberger [Thu, 9 Nov 2017 06:08:24 +0000 (07:08 +0100)] 
fts-solr: Explicitly ask for XML responses

With recent solr versions (7.0+) the default response
writer changed from XML to JSON. This commit sets the
"wt" query parameter for all requests, so that the right
response type is written.

7 years agolib: fix illumos build issue
Josef 'Jeff' Sipek [Thu, 9 Nov 2017 15:52:12 +0000 (10:52 -0500)] 
lib: fix illumos build issue

The recent performance improvements to the net_addr2ip() code broke
build on illumos which has a 's_addr' #define in netinit/in.h.

7 years agoquota: Exit with EX_TEMPFAIL when doveadm quota get encounters an error
Martti Rannanjärvi [Fri, 10 Nov 2017 08:34:09 +0000 (10:34 +0200)] 
quota: Exit with EX_TEMPFAIL when doveadm quota get encounters an error

7 years agolib: use temp var in i_stream_unref for clarity
Josef 'Jeff' Sipek [Fri, 3 Nov 2017 12:38:39 +0000 (08:38 -0400)] 
lib: use temp var in i_stream_unref for clarity

7 years agodirector: Fix director_max_parallel_moves/kicks type
Timo Sirainen [Thu, 9 Nov 2017 10:24:16 +0000 (12:24 +0200)] 
director: Fix director_max_parallel_moves/kicks type

Should be uint, not time.

7 years agodoveadm: client - Fix connecting to UNIX sockets that don't need authentication
Timo Sirainen [Wed, 8 Nov 2017 14:03:17 +0000 (16:03 +0200)] 
doveadm: client - Fix connecting to UNIX sockets that don't need authentication

Trying to access doveadm UNIX socket that didn't require authentication
failed with:

Error: doveadm server sent invalid handshake: ...

7 years agodoveadm: client - Cleanup: Rename handshaked to authenticate_sent
Timo Sirainen [Wed, 8 Nov 2017 14:01:11 +0000 (16:01 +0200)] 
doveadm: client - Cleanup: Rename handshaked to authenticate_sent

This better describes what it does.

7 years agoquota: Include mailbox name in quota_transaction_set_limits() error_r
Martti Rannanjärvi [Fri, 3 Nov 2017 15:29:37 +0000 (17:29 +0200)] 
quota: Include mailbox name in quota_transaction_set_limits() error_r

7 years agoquota: Prefix quota errors with backend name in quota_get_resource()
Martti Rannanjärvi [Fri, 3 Nov 2017 14:17:44 +0000 (16:17 +0200)] 
quota: Prefix quota errors with backend name in quota_get_resource()

Remove quota backend name error_r prefixing from get_resource() vfuncs.

7 years agoquota: Add error_result_r parameter to quota_count()
Martti Rannanjärvi [Thu, 2 Nov 2017 12:02:15 +0000 (14:02 +0200)] 
quota: Add error_result_r parameter to quota_count()

7 years agoquota: Add QUOTA_GET_RESULT_BACKGROUND_CALC enum value
Martti Rannanjärvi [Thu, 2 Nov 2017 10:11:20 +0000 (12:11 +0200)] 
quota: Add QUOTA_GET_RESULT_BACKGROUND_CALC enum value

7 years agoquota: Add QUOTA_ALLOC_RESULT_BACKGROUND_CALC enum value
Martti Rannanjärvi [Thu, 2 Nov 2017 10:04:46 +0000 (12:04 +0200)] 
quota: Add QUOTA_ALLOC_RESULT_BACKGROUND_CALC enum value

7 years agoquota: Return quota_get_result from quota_backend_vfuncs.get_resource()
Martti Rannanjärvi [Thu, 2 Nov 2017 09:37:08 +0000 (11:37 +0200)] 
quota: Return quota_get_result from quota_backend_vfuncs.get_resource()

Add a QUOTA_UNKNOWN_RESOURCE_ERROR_STRING for returning error_r with
QUOTA_GET_RESULT_UNKNOWN_RESOURCE.

Forbid backends from returning QUOTA_GET_RESULT_UNLIMITED in
quota_get_resource() with an i_panic().

7 years agoquota: Add error_result_r parameter to quota_transaction_set_limits()
Martti Rannanjärvi [Thu, 2 Nov 2017 08:39:18 +0000 (10:39 +0200)] 
quota: Add error_result_r parameter to quota_transaction_set_limits()

7 years agoquota: Make quota_get_result errors <= QUOTA_GET_RESULT_INTERNAL_ERROR
Martti Rannanjärvi [Thu, 2 Nov 2017 14:20:39 +0000 (16:20 +0200)] 
quota: Make quota_get_result errors <= QUOTA_GET_RESULT_INTERNAL_ERROR

Reorder the enum to make a shortcut for distinguishing errors.

7 years agoquota-dict: Cleanup dict_quota_get_resource() whitespace
Martti Rannanjärvi [Thu, 2 Nov 2017 14:30:31 +0000 (16:30 +0200)] 
quota-dict: Cleanup dict_quota_get_resource() whitespace

7 years agoquota-clone: Rename ret_bytes and ret_count to bytes_res and count_res
Martti Rannanjärvi [Wed, 20 Sep 2017 09:32:40 +0000 (12:32 +0300)] 
quota-clone: Rename ret_bytes and ret_count to bytes_res and count_res

This is because the variables do not contain the actual quota resource
values but whether the lookup was successful.

7 years agolib: test-istream-jsonstr - Improve unit test
Timo Sirainen [Mon, 6 Nov 2017 19:00:57 +0000 (21:00 +0200)] 
lib: test-istream-jsonstr - Improve unit test

7 years agodoveadm-server: Fix protocol handshake order
Timo Sirainen [Wed, 8 Nov 2017 12:06:00 +0000 (14:06 +0200)] 
doveadm-server: Fix protocol handshake order

With version 1.1 protocol, server sent the authentication "+" or "-" line
before the VERSION. doveadm client accepts the VERSION reply either before
or after, so this change doesn't break it. It makes the protocol cleaner
though.

Based on patch by Manuel Mausz

7 years agodoveadm-server: Add client_connection_tcp.preauthenticated
Timo Sirainen [Wed, 8 Nov 2017 12:04:12 +0000 (14:04 +0200)] 
doveadm-server: Add client_connection_tcp.preauthenticated

7 years agolib-ssl-iostream: Simplify ssl_iostream_settings_equals()
Timo Sirainen [Wed, 8 Nov 2017 00:31:03 +0000 (02:31 +0200)] 
lib-ssl-iostream: Simplify ssl_iostream_settings_equals()

7 years agodirector: Add director_max_parallel_moves/kicks settings
Timo Sirainen [Tue, 7 Nov 2017 15:36:05 +0000 (17:36 +0200)] 
director: Add director_max_parallel_moves/kicks settings

The director_max_parallel_moves setting controls the default limit, which
can still be increased by explicitly using the doveadm director flush
--max-parallel" parameter.

7 years agolib: istream-jsonstr - Properly handle unicode input
Aki Tuomi [Fri, 3 Nov 2017 11:26:52 +0000 (13:26 +0200)] 
lib: istream-jsonstr - Properly handle unicode input

Treat surrogates correctly, do not accept invalid codepoints

7 years agolib: istream-jsonstr - Move length check to unescape
Aki Tuomi [Fri, 3 Nov 2017 11:23:15 +0000 (13:23 +0200)] 
lib: istream-jsonstr - Move length check to unescape

7 years agolib: json-parser - check for valid hex in unicode escape
Aki Tuomi [Mon, 6 Nov 2017 12:40:08 +0000 (14:40 +0200)] 
lib: json-parser - check for valid hex in unicode escape

7 years agolib: json-parser - Insert properly escaped unicode
Aki Tuomi [Fri, 3 Nov 2017 07:50:40 +0000 (09:50 +0200)] 
lib: json-parser - Insert properly escaped unicode

7 years agoconfigure: Fix writing LIBDOVECOT[_DEPS] in dovecot-config
Timo Sirainen [Tue, 7 Nov 2017 16:28:37 +0000 (18:28 +0200)] 
configure: Fix writing LIBDOVECOT[_DEPS] in dovecot-config

It needs to be in a single line or DC_DOVECOT's greping doesn't work
correctly.

7 years agodirector: Limit max kicking count
Aki Tuomi [Mon, 6 Nov 2017 08:36:07 +0000 (10:36 +0200)] 
director: Limit max kicking count

7 years agodirector: Add kick_callback to director
Aki Tuomi [Tue, 7 Nov 2017 12:34:32 +0000 (14:34 +0200)] 
director: Add kick_callback to director

This callback gets called whenever director has performed
a kick.

7 years ago*-login: Add login_proxy_notify_path setting to configure proxy-notify path
Timo Sirainen [Fri, 27 Oct 2017 13:45:16 +0000 (16:45 +0300)] 
*-login: Add login_proxy_notify_path setting to configure proxy-notify path

A single FIFO can be a bottleneck, so this could be set to e.g.:

login_proxy_notify_path = proxy-notify%1R{pid}

or:

login_proxy_notify_path = proxy-notify%10N{pid}

7 years agodirector: Allow proxy-notify to optionally be a socket
Timo Sirainen [Fri, 27 Oct 2017 13:24:54 +0000 (16:24 +0300)] 
director: Allow proxy-notify to optionally be a socket

Dovecot isn't using this currently, but it can be useful if external
services want to send notifications.

7 years agodirector: Support multiple proxy-notify connections
Timo Sirainen [Fri, 27 Oct 2017 13:20:15 +0000 (16:20 +0300)] 
director: Support multiple proxy-notify connections

7 years agoquota-fs: Make it possible to set the mount= parameter
Martti Rannanjärvi [Tue, 7 Nov 2017 01:57:49 +0000 (03:57 +0200)] 
quota-fs: Make it possible to set the mount= parameter

Also free root->storage_mount_path before copying the given parameter in
order not to leak memory when there are duplicate mount= parameters.

7 years agolog: Fix log reopening on SIGUSR1
Timo Sirainen [Mon, 6 Nov 2017 23:33:57 +0000 (01:33 +0200)] 
log: Fix log reopening on SIGUSR1

7 years agolib-ssl-iostream: Remove obsolete ssl_iostream_context_deinit()
Timo Sirainen [Mon, 6 Nov 2017 23:11:33 +0000 (01:11 +0200)] 
lib-ssl-iostream: Remove obsolete ssl_iostream_context_deinit()

7 years agoglobal: Replace ssl_iostream_context_init_client() with ssl_iostream_client_context_c...
Timo Sirainen [Sun, 5 Nov 2017 16:35:57 +0000 (18:35 +0200)] 
global: Replace ssl_iostream_context_init_client() with ssl_iostream_client_context_cache_get()

7 years agolib-ssl-iostream: Call ssl_iostream_context_cache_free() automatically at exit
Timo Sirainen [Sun, 5 Nov 2017 16:34:48 +0000 (18:34 +0200)] 
lib-ssl-iostream: Call ssl_iostream_context_cache_free() automatically at exit

7 years agolib: Remove net_transmit()
Timo Sirainen [Thu, 2 Nov 2017 21:36:57 +0000 (23:36 +0200)] 
lib: Remove net_transmit()

Its API was confusing, and it's no longer used anywhere.

7 years agologin-common: Remove ssl-proxy code
Timo Sirainen [Tue, 31 Oct 2017 23:51:14 +0000 (01:51 +0200)] 
login-common: Remove ssl-proxy code

7 years agologin-common: Stop using ssl-proxy entirely
Timo Sirainen [Tue, 31 Oct 2017 23:49:57 +0000 (01:49 +0200)] 
login-common: Stop using ssl-proxy entirely

7 years ago*-login: Remove unnecessary ssl-proxy.h include
Timo Sirainen [Tue, 31 Oct 2017 23:49:04 +0000 (01:49 +0200)] 
*-login: Remove unnecessary ssl-proxy.h include

7 years agologin-common: Call io_stream_ssl_global_init() early
Timo Sirainen [Tue, 31 Oct 2017 23:47:54 +0000 (01:47 +0200)] 
login-common: Call io_stream_ssl_global_init() early

7 years agologin-common: Use lib-ssl-iostream for incoming SSL/TLS connections
Timo Sirainen [Tue, 31 Oct 2017 23:27:36 +0000 (01:27 +0200)] 
login-common: Use lib-ssl-iostream for incoming SSL/TLS connections

7 years agolib-ssl-iostream: Add io_stream_ssl_global_init()
Timo Sirainen [Tue, 31 Oct 2017 23:40:23 +0000 (01:40 +0200)] 
lib-ssl-iostream: Add io_stream_ssl_global_init()

7 years agolib-ssl-iostream: io_stream_create_ssl_client() - Move code to set verify_remote_cert...
Timo Sirainen [Tue, 31 Oct 2017 23:38:19 +0000 (01:38 +0200)] 
lib-ssl-iostream: io_stream_create_ssl_client() - Move code to set verify_remote_cert=TRUE

Enable it in the generic SSL code instead of OpenSSL-specific code.

7 years ago*-login: Use io_add_istream() instead of io_add()
Timo Sirainen [Tue, 31 Oct 2017 23:21:38 +0000 (01:21 +0200)] 
*-login: Use io_add_istream() instead of io_add()

7 years agologin-common: Change process title to show different connection types
Timo Sirainen [Wed, 1 Nov 2017 20:48:55 +0000 (22:48 +0200)] 
login-common: Change process title to show different connection types

Separate pre-login connections, proxy connections and post-login TLS
proxies.

7 years agologin-common: Destroy all fd proxies at deinit.
Timo Sirainen [Wed, 1 Nov 2017 20:40:58 +0000 (22:40 +0200)] 
login-common: Destroy all fd proxies at deinit.

7 years agologin-common: Implement post-login proxying and use it with SSL connections
Timo Sirainen [Wed, 1 Nov 2017 00:19:51 +0000 (02:19 +0200)] 
login-common: Implement post-login proxying and use it with SSL connections

Note: This temporarily breaks the SSL connections a bit. If post-login
process disconnects the client, it's not noticed by the login process.
Client connections are noticed by the post-login though.

7 years agologin-common: client_alloc() - remove unnecessary ssl parameter
Timo Sirainen [Tue, 31 Oct 2017 23:06:05 +0000 (01:06 +0200)] 
login-common: client_alloc() - remove unnecessary ssl parameter

7 years agologin-common: Use client_init_ssl() to initialize all SSL connections
Timo Sirainen [Tue, 31 Oct 2017 23:03:31 +0000 (01:03 +0200)] 
login-common: Use client_init_ssl() to initialize all SSL connections

7 years agologin-common: Extract SSL/TLS initialization into client_init_ssl()
Timo Sirainen [Tue, 31 Oct 2017 22:59:54 +0000 (00:59 +0200)] 
login-common: Extract SSL/TLS initialization into client_init_ssl()

7 years agologin-common: Split client_create() to client_alloc() and client_init()
Timo Sirainen [Tue, 31 Oct 2017 22:49:53 +0000 (00:49 +0200)] 
login-common: Split client_create() to client_alloc() and client_init()

client_unref() can be used to free an allocated client that hasn't been
fully created.

7 years agolib-ssl-iostream: Add TLS SNI callback and a way to change SSL context
Timo Sirainen [Wed, 1 Nov 2017 23:05:01 +0000 (01:05 +0200)] 
lib-ssl-iostream: Add TLS SNI callback and a way to change SSL context

7 years agolib-ssl-iostream: ssl_iostream_cert_match_name() - add reason_r parameter
Timo Sirainen [Tue, 31 Oct 2017 22:18:23 +0000 (00:18 +0200)] 
lib-ssl-iostream: ssl_iostream_cert_match_name() - add reason_r parameter

The callers were also changed to add the reason to error messages.

7 years agolib-ssl-iostream: openssl_cert_match_name() - add reason_r parameter
Timo Sirainen [Tue, 31 Oct 2017 22:12:24 +0000 (00:12 +0200)] 
lib-ssl-iostream: openssl_cert_match_name() - add reason_r parameter

The returned string explains what exactly matched or why nothing matched.

7 years agolib-ssl-iostream: ssl_iostream_cert_match_name() - Change to return bool
Timo Sirainen [Tue, 31 Oct 2017 22:08:26 +0000 (00:08 +0200)] 
lib-ssl-iostream: ssl_iostream_cert_match_name() - Change to return bool

The return value makes much more sense as a boolean TRUE/FALSE than 0/-1.

7 years agologin-proxy: Use lib-ssl-iostream for outgoing SSL/TLS connections
Timo Sirainen [Tue, 31 Oct 2017 17:34:05 +0000 (19:34 +0200)] 
login-proxy: Use lib-ssl-iostream for outgoing SSL/TLS connections

7 years agolib-master: master_service_ssl_settings_to_iostream_set() - add client/server parameter
Timo Sirainen [Tue, 31 Oct 2017 22:35:33 +0000 (00:35 +0200)] 
lib-master: master_service_ssl_settings_to_iostream_set() - add client/server parameter

7 years agolib-master: master_service_ssl_settings_to_iostream_set() - reorder assignments
Timo Sirainen [Tue, 31 Oct 2017 21:24:17 +0000 (23:24 +0200)] 
lib-master: master_service_ssl_settings_to_iostream_set() - reorder assignments

Keep them in the same order as the fields in struct ssl_iostream_settings,
so it's easier to verify whether all fields are listed.