STARTTLS handshake failure fixes.

--HG--
branch : HEAD

diff --git a/src/imap-login/client.c b/src/imap-login/client.c
index 30ab54dbe642dce1b0d3def682492445043daee0..e1627d46b1b3ac5a4ea69c7543510d16feabfac0 100644 (file)
--- a/src/imap-login/client.c
+++ b/src/imap-login/client.c
@@ -140,13 +140,13 @@ static int cmd_starttls(struct imap_client *client)
                imap_parser_destroy(client->parser);
 
                client_open_streams(client, fd_ssl);
+               client->common.io = io_add(client->common.fd, IO_READ,
+                                          client_input, client);
        } else {
-               client_send_line(client, " * BYE TLS handehake failed.");
-               client_destroy(client, "TLS handshake failed");
+               client_send_line(client, "* BYE TLS initialization failed.");
+               client_destroy(client, "TLS initialization failed.");
        }
 
-       client->common.io =
-               io_add(client->common.fd, IO_READ, client_input, client);
        return TRUE;
 }
 
@@ -376,8 +376,10 @@ void client_destroy(struct imap_client *client, const char *reason)
                client->common.io = NULL;
        }
 
-       net_disconnect(client->common.fd);
-       client->common.fd = -1;
+       if (client->common.fd != -1) {
+               net_disconnect(client->common.fd);
+               client->common.fd = -1;
+       }
 
        i_free(client->common.virtual_user);
        client_unref(client);

diff --git a/src/login-common/ssl-proxy-gnutls.c b/src/login-common/ssl-proxy-gnutls.c
index 1de683b1e248cc29e1abba7f2d64aa566a87065d..b6976aa454d592a47628a730124d07d67cc868fb 100644 (file)
--- a/src/login-common/ssl-proxy-gnutls.c
+++ b/src/login-common/ssl-proxy-gnutls.c
@@ -315,8 +315,11 @@ int ssl_proxy_new(int fd)
 
        proxy->refcount++;
        ssl_handshake(proxy);
-       if (!ssl_proxy_destroy(proxy))
-               return -1;
+       if (!ssl_proxy_destroy(proxy)) {
+               /* handshake failed. return the disconnected socket anyway
+                  so the caller doesn't try to use the old closed fd */
+               return sfd[1];
+       }
 
         main_ref();
        return sfd[1];

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 870691f0e32791385899794ce6399393c139c889..5de8e6efe021f26ca7391e11c6e2cc1bf89e5eb5 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -312,8 +312,11 @@ int ssl_proxy_new(int fd)
 
        proxy->refcount++;
        ssl_handshake_step(proxy);
-       if (!ssl_proxy_destroy(proxy))
-               return -1;
+       if (!ssl_proxy_destroy(proxy)) {
+               /* handshake failed. return the disconnected socket anyway
+                  so the caller doesn't try to use the old closed fd */
+               return sfd[1];
+       }
 
         main_ref();
        return sfd[1];

diff --git a/src/pop3-login/client.c b/src/pop3-login/client.c
index 8acee47461e91adf5d1c8c86049ff33c0eb6c9a5..4b56ae25b680604ce0692d4a307c301813b5ef1b 100644 (file)
--- a/src/pop3-login/client.c
+++ b/src/pop3-login/client.c
@@ -91,13 +91,13 @@ static int cmd_stls(struct pop3_client *client)
                o_stream_unref(client->output);
 
                client_open_streams(client, fd_ssl);
+               client->common.io = io_add(client->common.fd, IO_READ,
+                                          client_input, client);
        } else {
-               client_send_line(client, "-ERR TLS handehake failed.");
-               client_destroy(client, "TLS handshake failed");
+               client_send_line(client, "-ERR TLS initialization failed.");
+               client_destroy(client, "TLS initialization failed.");
        }
 
-       client->common.io =
-               io_add(client->common.fd, IO_READ, client_input, client);
        return TRUE;
 }