From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 4 Nov 2022 21:50:49 +0000 (+0200)
Subject: login-common: Connections from haproxy are always considered secured
X-Git-Tag: 2.4.0~3418
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80cc8cc8749b2fb42266577f7dc0449a572647bd;p=thirdparty%2Fdovecot%2Fcore.git

login-common: Connections from haproxy are always considered secured

Similarly to non-haproxy connections from login_trusted_networks are
considered secured, connections from haproxy_trusted_networks should also be
considered secured.
---

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index fb5047c289..a4c632f8c8 100644
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -217,9 +217,10 @@ client_alloc(int fd, pool_t pool,
 	client->connection_trusted = client_is_trusted(client);
 
 	if (conn->haproxied) {
+		/* haproxy connections are always coming from
+		   haproxy_trusted_networks, so we consider them secured. */
+		client->connection_secured = TRUE;
 		client->haproxy_terminated_tls = conn->haproxy.ssl;
-		client->connection_secured = conn->haproxy.ssl ||
-			client->connection_trusted;
 		client->end_client_tls_secured = conn->haproxy.ssl;
 		client->local_name = conn->haproxy.hostname;
 		client->client_cert_common_name = conn->haproxy.cert_common_name;