From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Wed, 14 Nov 2018 12:05:24 +0000 (+0200)
Subject: auth: Use master service ssl settings for http client in policy checks
X-Git-Tag: 2.3.9~1083
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1920d7fc13064ca43aa599dbadc2215dc8252b08;p=thirdparty%2Fdovecot%2Fcore.git

auth: Use master service ssl settings for http client in policy checks
---

diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c
index 9eecdc814a..77a94bd3a1 100755
--- a/src/auth/auth-policy.c
+++ b/src/auth/auth-policy.c
@@ -11,6 +11,8 @@
 #include "http-url.h"
 #include "http-client.h"
 #include "json-parser.h"
+#include "master-service.h"
+#include "master-service-ssl-settings.h"
 #include "auth-request.h"
 #include "auth-penalty.h"
 #include "auth-settings.h"
@@ -157,18 +159,18 @@ void auth_policy_open_and_close_to_key(const char *fromkey, const char *tokey, s
 
 void auth_policy_init(void)
 {
+	const struct master_service_ssl_settings *master_ssl_set =
+		master_service_ssl_settings_get(master_service);
 	struct ssl_iostream_settings ssl_set;
 	i_zero(&ssl_set);
 
 	http_client_set.request_absolute_timeout_msecs = global_auth_settings->policy_server_timeout_msecs;
 	if (global_auth_settings->debug)
 		http_client_set.debug = 1;
-	ssl_set.ca_dir = global_auth_settings->ssl_client_ca_dir;
-	ssl_set.ca_file = global_auth_settings->ssl_client_ca_file;
-	if (*ssl_set.ca_dir == '\0' &&
-	    *ssl_set.ca_file == '\0')
-		ssl_set.allow_invalid_cert = TRUE;
 
+	master_service_ssl_settings_to_iostream_set(master_ssl_set, pool_datastack_create(),
+						    MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
+						    &ssl_set);
 	http_client_set.ssl = &ssl_set;
 	http_client = http_client_init(&http_client_set);
 
diff --git a/src/auth/main.c b/src/auth/main.c
index 3cd0e82f3b..494df33ce6 100644
--- a/src/auth/main.c
+++ b/src/auth/main.c
@@ -373,8 +373,11 @@ static void auth_die(void)
 int main(int argc, char *argv[])
 {
 	int c;
+	enum master_service_flags service_flags =
+		MASTER_SERVICE_FLAG_USE_SSL_SETTINGS |
+		MASTER_SERVICE_FLAG_NO_SSL_INIT;
 
-	master_service = master_service_init("auth", 0, &argc, &argv, "w");
+	master_service = master_service_init("auth", service_flags, &argc, &argv, "w");
 	master_service_init_log(master_service, "auth: ");
 
 	while ((c = master_getopt(master_service)) > 0) {