lib-ssl-iostream: Convert ssl_client_cert/key setting to ssl_client_cert/key_file

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index d9ddbf8b45aad75bc0531bad119555cafa180fe6..80da8c7ad3f90c91ec22394b422d0bcbe1e51720 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -593,7 +593,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx,
                SSL_CTX_set_min_proto_version(ctx->ssl_ctx, min_protocol);
        }
 
-       /* Client can ignore an empty ssl_client_cert, but server will fail
+       /* Client can ignore an empty ssl_client_cert_file, but server will fail
           if ssl_cert_file is empty. */
        if (set->cert.cert.content != NULL &&
            (set->cert.cert.content[0] != '\0' || !ctx->client_ctx) &&

diff --git a/src/lib-ssl-iostream/ssl-settings.c b/src/lib-ssl-iostream/ssl-settings.c
index fddb2506542321957866949c77d1d0848854928b..cb3c55fc4f2225b3874a9e614ecfc18440da823d 100644 (file)
--- a/src/lib-ssl-iostream/ssl-settings.c
+++ b/src/lib-ssl-iostream/ssl-settings.c
@@ -17,8 +17,8 @@ static const struct setting_define ssl_setting_defines[] = {
        DEF(STR, ssl_client_ca),
        DEF(STR, ssl_client_ca_file),
        DEF(STR, ssl_client_ca_dir),
-       DEF(STR, ssl_client_cert),
-       DEF(STR, ssl_client_key),
+       DEF(FILE, ssl_client_cert_file),
+       DEF(FILE, ssl_client_key_file),
 
        DEF(STR, ssl_cipher_list),
        DEF(STR, ssl_cipher_suites),
@@ -36,8 +36,8 @@ static const struct ssl_settings ssl_default_settings = {
        .ssl_client_ca = "",
        .ssl_client_ca_file = "",
        .ssl_client_ca_dir = "",
-       .ssl_client_cert = "",
-       .ssl_client_key = "",
+       .ssl_client_cert_file = "",
+       .ssl_client_key_file = "",
 
        .ssl_cipher_list = "ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH",
        .ssl_cipher_suites = "", /* Use TLS library provided value */
@@ -193,8 +193,10 @@ void ssl_client_settings_to_iostream_set(
        set->ca = ssl_set->ssl_client_ca;
        set->ca_file = ssl_set->ssl_client_ca_file;
        set->ca_dir = ssl_set->ssl_client_ca_dir;
-       set->cert.cert.content = ssl_set->ssl_client_cert;
-       set->cert.key.content = ssl_set->ssl_client_key;
+       settings_file_get(ssl_set->ssl_client_cert_file,
+                         set->pool, &set->cert.cert);
+       settings_file_get(ssl_set->ssl_client_key_file,
+                         set->pool, &set->cert.key);
        set->verify_remote_cert = ssl_set->ssl_client_require_valid_cert;
        set->allow_invalid_cert = !set->verify_remote_cert;
        /* client-side CRL checking not supported currently */

diff --git a/src/lib-ssl-iostream/ssl-settings.h b/src/lib-ssl-iostream/ssl-settings.h
index 072ce9c4186064facbee726cd0640171d24f020b..777c2ef89b750062173623a97ed55a7cdaa5d0a2 100644 (file)
--- a/src/lib-ssl-iostream/ssl-settings.h
+++ b/src/lib-ssl-iostream/ssl-settings.h
@@ -9,8 +9,8 @@ struct ssl_settings {
        const char *ssl_client_ca;
        const char *ssl_client_ca_file;
        const char *ssl_client_ca_dir;
-       const char *ssl_client_cert;
-       const char *ssl_client_key;
+       const char *ssl_client_cert_file;
+       const char *ssl_client_key_file;
 
        const char *ssl_cipher_list;
        const char *ssl_cipher_suites;