]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7f76acb)
lib-ssl-iostream: Change ssl_iostream_settings.verify_remote_cert to be context-only
authorTimo Sirainen <timo.sirainen@open-xchange.com>
Wed, 14 Jun 2023 09:28:35 +0000 (12:28 +0300)
committerAki Tuomi <aki.tuomi@open-xchange.com>
Wed, 12 Feb 2025 10:34:09 +0000 (12:34 +0200)
src/lib-master/master-service-ssl.c patch | blob | blame | history
src/lib-ssl-iostream/iostream-openssl.c patch | blob | blame | history
src/lib-ssl-iostream/iostream-ssl.h patch | blob | blame | history

diff --git a/src/lib-master/master-service-ssl.c b/src/lib-master/master-service-ssl.c
index 2ad45388f8d7ddedadc8a367c08a121ad19f6e74..8e89b980060a98ff6935d10e31ca63306608053a 100644 (file)
--- a/src/lib-master/master-service-ssl.c
+++ b/src/lib-master/master-service-ssl.c
@@ -44,7 +44,6 @@ int master_service_ssl_init(struct master_service *service,
 
        i_zero(&ssl_set);
        ssl_set.verbose = set->verbose_ssl;
-       ssl_set.verify_remote_cert = server_set->ssl_request_client_cert;
        ret = io_stream_create_ssl_server(service->ssl_ctx, &ssl_set, NULL,
                                          input, output, ssl_iostream_r, error_r);
        settings_free(set);
diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index 58005b29a618f81a582ec7ae8f8e046f663c2460..f69ae16b41b7645b9a79419f58e9cde54a9c8a76 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -188,7 +188,7 @@ openssl_iostream_set(struct ssl_iostream *ssl_io,
                if (openssl_iostream_use_key(ssl_io, "ssl_alt_key", &set->alt_cert, error_r) < 0)
                        return -1;
        }
-       if (set->verify_remote_cert) {
+       if (ssl_io->ctx->set.verify_remote_cert) {
                if (ssl_io->ctx->client_ctx)
                        verify_flags = SSL_VERIFY_NONE;
                else
diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h
index 9e076ba8f5f00359e986a83f708cc57414926db2..1664bc79d11be667ac5935ed3459536965238610 100644 (file)
--- a/src/lib-ssl-iostream/iostream-ssl.h
+++ b/src/lib-ssl-iostream/iostream-ssl.h
@@ -29,7 +29,7 @@ struct ssl_iostream_settings {
 
        bool verbose, verbose_invalid_cert; /* stream-only */
        bool skip_crl_check; /* context-only */
-       bool verify_remote_cert; /* neither/both */
+       bool verify_remote_cert; /* context-only */
        bool allow_invalid_cert; /* stream-only */
        bool prefer_server_ciphers; /* context-only */
        bool compression; /* context-only */
Mirror of https://github.com/dovecot/core.git