From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 4 Nov 2022 19:22:15 +0000 (+0200)
Subject: login-common: Fix logging %{secured} and %{ssl_security} for haproxy TLS connections
X-Git-Tag: 2.4.0~3420
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c144595ce63d1cf15d13688a30e2014664b71155;p=thirdparty%2Fdovecot%2Fcore.git

login-common: Fix logging %{secured} and %{ssl_security} for haproxy TLS connections

It should have been logged as TLS (proxied), but this had never worked.
Instead, it was logged simply as "secured".
---

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index d95c37bf6d..fb5047c289 100644
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -888,12 +888,12 @@ get_var_expand_table(struct client *client)
 		dec2str(client->local_port);
 	tab[VAR_EXPAND_ALIAS_INDEX_START + 3].value = tab[10].value =
 		dec2str(client->remote_port);
-	if (!client->connection_tls_secured) {
-		tab[11].value = client->connection_secured ? "secured" : NULL;
-		tab[12].value = "";
-	} else if (client->haproxy_terminated_tls) {
+	if (client->haproxy_terminated_tls) {
 		tab[11].value = "TLS";
 		tab[12].value = "(proxied)";
+	} else if (!client->connection_tls_secured) {
+		tab[11].value = client->connection_secured ? "secured" : NULL;
+		tab[12].value = "";
 	} else if (client->ssl_iostream != NULL) {
 		const char *ssl_state =
 			ssl_iostream_is_handshaked(client->ssl_iostream) ?