From: Timo Sirainen Date: Fri, 16 Feb 2024 05:25:46 +0000 (+0200) Subject: lib-ssl-iostream: Add ssl_client_key_password setting X-Git-Tag: 2.4.1~991 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00058a66d67aef6a18d123063f1cc61d1516ba3d;p=thirdparty%2Fdovecot%2Fcore.git lib-ssl-iostream: Add ssl_client_key_password setting --- diff --git a/src/lib-ssl-iostream/ssl-settings.c b/src/lib-ssl-iostream/ssl-settings.c index 3436f857a0..0fd7c89ca5 100644 --- a/src/lib-ssl-iostream/ssl-settings.c +++ b/src/lib-ssl-iostream/ssl-settings.c @@ -18,6 +18,7 @@ static const struct setting_define ssl_setting_defines[] = { DEF(STR, ssl_client_ca_dir), DEF(FILE, ssl_client_cert_file), DEF(FILE, ssl_client_key_file), + DEF(STR, ssl_client_key_password), DEF(STR, ssl_cipher_list), DEF(STR, ssl_cipher_suites), @@ -36,6 +37,7 @@ const struct ssl_settings ssl_default_settings = { .ssl_client_ca_dir = "", .ssl_client_cert_file = "", .ssl_client_key_file = "", + .ssl_client_key_password = "", .ssl_cipher_list = "ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH", .ssl_cipher_suites = "", /* Use TLS library provided value */ @@ -195,6 +197,7 @@ void ssl_client_settings_to_iostream_set( set->pool, &set->cert.cert); settings_file_get(ssl_set->ssl_client_key_file, set->pool, &set->cert.key); + set->cert.key_password = ssl_set->ssl_client_key_password; set->verify_remote_cert = ssl_set->ssl_client_require_valid_cert; set->allow_invalid_cert = !set->verify_remote_cert; /* client-side CRL checking not supported currently */ diff --git a/src/lib-ssl-iostream/ssl-settings.h b/src/lib-ssl-iostream/ssl-settings.h index 1c8b66092e..2202488782 100644 --- a/src/lib-ssl-iostream/ssl-settings.h +++ b/src/lib-ssl-iostream/ssl-settings.h @@ -10,6 +10,7 @@ struct ssl_settings { const char *ssl_client_ca_dir; const char *ssl_client_cert_file; const char *ssl_client_key_file; + const char *ssl_client_key_password; const char *ssl_cipher_list; const char *ssl_cipher_suites;