From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Thu, 1 Feb 2024 13:24:37 +0000 (+0200)
Subject: lib-ssl-iostream: Convert ssl_client_cert/key setting to ssl_client_cert/key_file
X-Git-Tag: 2.4.1~1071
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d816be6c350d5eafdd529019c4c8aa5bc66e006;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Convert ssl_client_cert/key setting to ssl_client_cert/key_file
---

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index d9ddbf8b45..80da8c7ad3 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -593,7 +593,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx,
 		SSL_CTX_set_min_proto_version(ctx->ssl_ctx, min_protocol);
 	}
 
-	/* Client can ignore an empty ssl_client_cert, but server will fail
+	/* Client can ignore an empty ssl_client_cert_file, but server will fail
 	   if ssl_cert_file is empty. */
 	if (set->cert.cert.content != NULL &&
 	    (set->cert.cert.content[0] != '\0' || !ctx->client_ctx) &&
diff --git a/src/lib-ssl-iostream/ssl-settings.c b/src/lib-ssl-iostream/ssl-settings.c
index fddb250654..cb3c55fc4f 100644
--- a/src/lib-ssl-iostream/ssl-settings.c
+++ b/src/lib-ssl-iostream/ssl-settings.c
@@ -17,8 +17,8 @@ static const struct setting_define ssl_setting_defines[] = {
 	DEF(STR, ssl_client_ca),
 	DEF(STR, ssl_client_ca_file),
 	DEF(STR, ssl_client_ca_dir),
-	DEF(STR, ssl_client_cert),
-	DEF(STR, ssl_client_key),
+	DEF(FILE, ssl_client_cert_file),
+	DEF(FILE, ssl_client_key_file),
 
 	DEF(STR, ssl_cipher_list),
 	DEF(STR, ssl_cipher_suites),
@@ -36,8 +36,8 @@ static const struct ssl_settings ssl_default_settings = {
 	.ssl_client_ca = "",
 	.ssl_client_ca_file = "",
 	.ssl_client_ca_dir = "",
-	.ssl_client_cert = "",
-	.ssl_client_key = "",
+	.ssl_client_cert_file = "",
+	.ssl_client_key_file = "",
 
 	.ssl_cipher_list = "ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH",
 	.ssl_cipher_suites = "", /* Use TLS library provided value */
@@ -193,8 +193,10 @@ void ssl_client_settings_to_iostream_set(
 	set->ca = ssl_set->ssl_client_ca;
 	set->ca_file = ssl_set->ssl_client_ca_file;
 	set->ca_dir = ssl_set->ssl_client_ca_dir;
-	set->cert.cert.content = ssl_set->ssl_client_cert;
-	set->cert.key.content = ssl_set->ssl_client_key;
+	settings_file_get(ssl_set->ssl_client_cert_file,
+			  set->pool, &set->cert.cert);
+	settings_file_get(ssl_set->ssl_client_key_file,
+			  set->pool, &set->cert.key);
 	set->verify_remote_cert = ssl_set->ssl_client_require_valid_cert;
 	set->allow_invalid_cert = !set->verify_remote_cert;
 	/* client-side CRL checking not supported currently */
diff --git a/src/lib-ssl-iostream/ssl-settings.h b/src/lib-ssl-iostream/ssl-settings.h
index 072ce9c418..777c2ef89b 100644
--- a/src/lib-ssl-iostream/ssl-settings.h
+++ b/src/lib-ssl-iostream/ssl-settings.h
@@ -9,8 +9,8 @@ struct ssl_settings {
 	const char *ssl_client_ca;
 	const char *ssl_client_ca_file;
 	const char *ssl_client_ca_dir;
-	const char *ssl_client_cert;
-	const char *ssl_client_key;
+	const char *ssl_client_cert_file;
+	const char *ssl_client_key_file;
 
 	const char *ssl_cipher_list;
 	const char *ssl_cipher_suites;