io_loop_stop(current_ioloop);
}
-static int dsync_init_ssl_ctx(struct dsync_cmd_context *ctx,
- const struct master_service_ssl_settings *ssl_set,
- const char **error_r)
-{
- struct ssl_iostream_settings ssl_ctx_set;
-
- if (ctx->ssl_ctx != NULL)
- return 0;
-
- master_service_ssl_client_settings_to_iostream_set(ssl_set,
- pool_datastack_create(), &ssl_ctx_set);
- return ssl_iostream_client_context_cache_get(&ssl_ctx_set,
- &ctx->ssl_ctx, error_r);
-}
-
static void dsync_server_run_command(struct dsync_cmd_context *ctx,
struct server_connection *conn)
{
}
if (ssl) {
- if (dsync_init_ssl_ctx(ctx, ssl_set, &error) < 0) {
+ master_service_ssl_client_settings_to_iostream_set(ssl_set,
+ pool_datastack_create(), &conn_set.ssl_set);
+
+ if (ctx->ssl_ctx == NULL &&
+ ssl_iostream_client_context_cache_get(&conn_set.ssl_set,
+ &ctx->ssl_ctx,
+ &error) < 0) {
*error_r = t_strdup_printf(
"Couldn't initialize SSL context: %s", error);
return -1;
request_copy = *request;
array_pop_front(&doveadm_server_request_queue);
+ doveadm_get_ssl_settings(&request_copy.set.ssl_set,
+ pool_datastack_create());
if (server_connection_create(&request_copy.set, &conn, error_r) < 0) {
internal_failure = TRUE;
return -1;
}
if (server_connections_count() <= limit) {
+ doveadm_get_ssl_settings(&conn_set.ssl_set,
+ pool_datastack_create());
if (server_connection_create(&conn_set, &conn, error_r) < 0) {
internal_failure = TRUE;
return -1;
dest_r->password = p_strdup(pool, src->password);
dest_r->ssl_flags = src->ssl_flags;
+ dest_r->ssl_set = *ssl_iostream_settings_dup(pool, &src->ssl_set);
if (src->ssl_ctx != NULL) {
dest_r->ssl_ctx = src->ssl_ctx;
ssl_iostream_context_ref(dest_r->ssl_ctx);
static int server_connection_init_ssl(struct server_connection *conn,
const char **error_r)
{
- struct ssl_iostream_settings ssl_set;
+ struct ssl_iostream_settings ssl_set = conn->set.ssl_set;
const char *error;
if (conn->set.ssl_flags == 0)
return 0;
- doveadm_get_ssl_settings(&ssl_set, pool_datastack_create());
-
if ((conn->set.ssl_flags & AUTH_PROXY_SSL_FLAG_ANY_CERT) != 0)
ssl_set.allow_invalid_cert = TRUE;
if (ssl_set.allow_invalid_cert)
#define SERVER_CONNECTION_H
#include "auth-proxy.h"
+#include "iostream-ssl.h"
#define SERVER_EXIT_CODE_DISCONNECTED 1000
/* SSL flags. */
enum auth_proxy_ssl_flags ssl_flags;
+ /* SSL settings. */
+ struct ssl_iostream_settings ssl_set;
/* SSL context, or NULL to create a new one. */
struct ssl_iostream_context *ssl_ctx;
};