lib-master: master_service_ssl_settings_check(): Raise warning when ssl_min_protocol...

author Marco Bettini <marco.bettini@open-xchange.com>

Wed, 16 Mar 2022 10:53:25 +0000 (10:53 +0000)

committer timo.sirainen <timo.sirainen@open-xchange.com>

Tue, 22 Mar 2022 19:33:06 +0000 (19:33 +0000)
author Marco Bettini <marco.bettini@open-xchange.com>
Wed, 16 Mar 2022 10:53:25 +0000 (10:53 +0000)
committer timo.sirainen <timo.sirainen@open-xchange.com>
Tue, 22 Mar 2022 19:33:06 +0000 (19:33 +0000)
diff --git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c

index 5ddf18cc8a4d9cb41c87087cc7c16138730c3f56..25c214890a8938d9634a4927e8cc68e0265f2006 100644 (file)
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -145,7 +145,15 @@ master_service_ssl_settings_check(void *_set, pool_t pool ATTR_UNUSED,
                 *error_r = "ssl enabled, but ssl_key not set";
                 return FALSE;
         }
+
+       T_BEGIN {
+               const char *proto = t_str_ucase(set->ssl_min_protocol);
+               if (strstr(proto, "ANY") != NULL)
+                       i_warning("ssl_min_protocol=ANY is used - This is "
+                                       "insecure and intended only for testing");
+       } T_END;
  #endif
+
         if (set->ssl_verify_client_cert && *set->ssl_ca == '\0') {
                 *error_r = "ssl_verify_client_cert set, but ssl_ca not";
                 return FALSE;
author	Marco Bettini <marco.bettini@open-xchange.com>
	Wed, 16 Mar 2022 10:53:25 +0000 (10:53 +0000)
committer	timo.sirainen <timo.sirainen@open-xchange.com>
	Tue, 22 Mar 2022 19:33:06 +0000 (19:33 +0000)