From e3f629cc690d16a18bd57e5d2213fff7dbd15cda Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Mon, 1 Nov 2021 08:33:14 -0400 Subject: [PATCH] lib-master: Add MASTER_SERVICE_FLAG_DISABLE_SSL_SET --- src/lib-master/master-service-settings.c | 6 ++++-- src/lib-master/master-service.h | 6 ++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/lib-master/master-service-settings.c b/src/lib-master/master-service-settings.c index 6c1f259548..06025f1fcb 100644 --- a/src/lib-master/master-service-settings.c +++ b/src/lib-master/master-service-settings.c @@ -223,7 +223,8 @@ master_service_exec_config(struct master_service *service, strarr_push(&conf_argv, input->extra_modules[i]); } } - if (input->module != NULL || input->extra_modules != NULL) { + if ((service->flags & MASTER_SERVICE_FLAG_DISABLE_SSL_SET) == 0 && + (input->module != NULL || input->extra_modules != NULL)) { strarr_push(&conf_argv, "-m"); if (service->want_ssl_server) strarr_push(&conf_argv, "ssl-server"); @@ -359,7 +360,8 @@ config_build_request(struct master_service *service, string_t *str, for (unsigned int i = 0; input->extra_modules[i] != NULL; i++) str_printfa(str, "\tmodule=%s", input->extra_modules[i]); } - if (input->module != NULL || input->extra_modules != NULL) { + if ((service->flags & MASTER_SERVICE_FLAG_DISABLE_SSL_SET) == 0 && + (input->module != NULL || input->extra_modules != NULL)) { str_printfa(str, "\tmodule=%s", service->want_ssl_server ? "ssl-server" : "ssl"); } diff --git a/src/lib-master/master-service.h b/src/lib-master/master-service.h index 1138f24b50..192f7e641c 100644 --- a/src/lib-master/master-service.h +++ b/src/lib-master/master-service.h @@ -27,6 +27,12 @@ enum master_service_flags { /* Show number of connections in process title (only if verbose_proctitle setting is enabled) */ MASTER_SERVICE_FLAG_UPDATE_PROCTITLE = 0x100, + /* Don't read any SSL settings. This is mainly needed to prevent master + process from trying to pass through huge list of SSL CA certificates + through environment for ssl_ca setting, which could fail. Although + the same problem can still happen with standalone doveadm if it + reads settings via doveconf instead of config socket. */ + MASTER_SERVICE_FLAG_DISABLE_SSL_SET = 0x200, /* Don't initialize SSL context automatically. */ MASTER_SERVICE_FLAG_NO_SSL_INIT = 0x400, /* Don't create a data stack frame between master_service_init() and -- 2.47.3