void ssl_proxy_init(void)
{
- const char *certfile, *keyfile, *paramfile;
+ const char *cafile, *certfile, *keyfile, *paramfile;
char buf;
+ cafile = getenv("SSL_CA_FILE");
certfile = getenv("SSL_CERT_FILE");
keyfile = getenv("SSL_KEY_FILE");
paramfile = getenv("SSL_PARAM_FILE");
SSL_CIPHER_LIST, ssl_last_error());
}
+ if (cafile != NULL) {
+ if (SSL_CTX_load_verify_locations(ssl_ctx, cafile, NULL) != 1) {
+ i_fatal("Can't load CA file %s: %s",
+ cafile, ssl_last_error());
+ }
+ }
+
if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) {
i_fatal("Can't load certificate file %s: %s",
certfile, ssl_last_error());
env_put("DOVECOT_MASTER=1");
if (!set->ssl_disable) {
+ if (set->ssl_ca_file != NULL) {
+ env_put(t_strconcat("SSL_CA_FILE=",
+ set->ssl_ca_file, NULL));
+ }
env_put(t_strconcat("SSL_CERT_FILE=",
set->ssl_cert_file, NULL));
env_put(t_strconcat("SSL_KEY_FILE=",
DEF(SET_STR, ssl_listen),
DEF(SET_BOOL, ssl_disable),
+ DEF(SET_STR, ssl_ca_file),
DEF(SET_STR, ssl_cert_file),
DEF(SET_STR, ssl_key_file),
DEF(SET_STR, ssl_parameters_file),
MEMBER(ssl_listen) NULL,
MEMBER(ssl_disable) FALSE,
+ MEMBER(ssl_ca_file) NULL,
MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem",
MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem",
MEMBER(ssl_parameters_file) "ssl-parameters.dat",
#ifdef HAVE_SSL
if (!set->ssl_disable) {
+ if (set->ssl_ca_file != NULL &&
+ access(set->ssl_ca_file, R_OK) < 0) {
+ i_fatal("Can't use SSL CA file %s: %m",
+ set->ssl_ca_file);
+ }
+
if (access(set->ssl_cert_file, R_OK) < 0) {
i_error("Can't use SSL certificate %s: %m",
set->ssl_cert_file);
const char *ssl_listen;
int ssl_disable;
+ const char *ssl_ca_file;
const char *ssl_cert_file;
const char *ssl_key_file;
const char *ssl_parameters_file;
projects / thirdparty / dovecot / core.git / commitdiff
