if (!client_unref(&client) || client->destroyed)
return;
- fd_ssl = ssl_proxy_new(client->fd, &client->ip,
- client->set, &client->ssl_proxy);
+ fd_ssl = ssl_proxy_alloc(client->fd, &client->ip,
+ client->set, &client->ssl_proxy);
if (fd_ssl == -1) {
client_send_line(client, CLIENT_CMD_REPLY_BYE,
"TLS initialization failed.");
return;
}
ssl_proxy_set_client(client->ssl_proxy, client);
+ ssl_proxy_start(client->ssl_proxy);
client->starttls = TRUE;
client->tls = TRUE;
o_stream_destroy(&proxy->server_output);
io_remove(&proxy->server_io);
- fd = ssl_proxy_client_new(proxy->server_fd, &proxy->client->ip,
- proxy->client->set,
- login_proxy_ssl_handshaked, proxy,
- &proxy->ssl_server_proxy);
+ fd = ssl_proxy_client_alloc(proxy->server_fd, &proxy->client->ip,
+ proxy->client->set,
+ login_proxy_ssl_handshaked, proxy,
+ &proxy->ssl_server_proxy);
if (fd < 0) {
client_log_err(proxy->client, t_strdup_printf(
"proxy: SSL handshake failed to %s:%u",
return -1;
}
ssl_proxy_set_client(proxy->ssl_server_proxy, proxy->client);
+ ssl_proxy_start(proxy->ssl_server_proxy);
proxy->server_fd = fd;
proxy_plain_connected(proxy);
client = client_create(conn->fd, FALSE, pool, set, other_sets,
&local_ip, &conn->remote_ip);
} else {
- fd_ssl = ssl_proxy_new(conn->fd, &conn->remote_ip, set, &proxy);
+ fd_ssl = ssl_proxy_alloc(conn->fd, &conn->remote_ip, set,
+ &proxy);
if (fd_ssl == -1) {
net_disconnect(conn->fd);
pool_unref(&pool);
&local_ip, &conn->remote_ip);
client->ssl_proxy = proxy;
ssl_proxy_set_client(proxy, client);
+ ssl_proxy_start(proxy);
}
client->remote_port = conn->remote_port;
}
static int
-ssl_proxy_new_common(SSL_CTX *ssl_ctx, int fd, const struct ip_addr *ip,
- const struct login_settings *set,
- struct ssl_proxy **proxy_r)
+ssl_proxy_alloc_common(SSL_CTX *ssl_ctx, int fd, const struct ip_addr *ip,
+ const struct login_settings *set,
+ struct ssl_proxy **proxy_r)
{
struct ssl_proxy *proxy;
SSL *ssl;
return sfd[1];
}
-int ssl_proxy_new(int fd, const struct ip_addr *ip,
- const struct login_settings *set, struct ssl_proxy **proxy_r)
+int ssl_proxy_alloc(int fd, const struct ip_addr *ip,
+ const struct login_settings *set,
+ struct ssl_proxy **proxy_r)
{
struct ssl_server_context *ctx, lookup_ctx;
- int ret;
memset(&lookup_ctx, 0, sizeof(lookup_ctx));
lookup_ctx.cert = set->ssl_cert;
if (ctx == NULL)
ctx = ssl_server_context_init(set);
- ret = ssl_proxy_new_common(ctx->ctx, fd, ip, set, proxy_r);
- if (ret < 0)
- return -1;
-
- ssl_step(*proxy_r);
- return ret;
+ return ssl_proxy_alloc_common(ctx->ctx, fd, ip, set, proxy_r);
}
-int ssl_proxy_client_new(int fd, struct ip_addr *ip,
- const struct login_settings *set,
- ssl_handshake_callback_t *callback, void *context,
- struct ssl_proxy **proxy_r)
+int ssl_proxy_client_alloc(int fd, struct ip_addr *ip,
+ const struct login_settings *set,
+ ssl_handshake_callback_t *callback, void *context,
+ struct ssl_proxy **proxy_r)
{
int ret;
- ret = ssl_proxy_new_common(ssl_client_ctx, fd, ip, set, proxy_r);
+ ret = ssl_proxy_alloc_common(ssl_client_ctx, fd, ip, set, proxy_r);
if (ret < 0)
return -1;
(*proxy_r)->handshake_callback = callback;
(*proxy_r)->handshake_context = context;
(*proxy_r)->client_proxy = TRUE;
- ssl_step(*proxy_r);
return ret;
}
+void ssl_proxy_start(struct ssl_proxy *proxy)
+{
+ ssl_step(proxy);
+}
+
void ssl_proxy_set_client(struct ssl_proxy *proxy, struct client *client)
{
i_assert(proxy->client == NULL);
/* no SSL support */
-int ssl_proxy_new(int fd ATTR_UNUSED, const struct ip_addr *ip ATTR_UNUSED,
- const struct login_settings *set ATTR_UNUSED,
- struct ssl_proxy **proxy_r ATTR_UNUSED)
+int ssl_proxy_alloc(int fd ATTR_UNUSED, const struct ip_addr *ip ATTR_UNUSED,
+ const struct login_settings *set ATTR_UNUSED,
+ struct ssl_proxy **proxy_r ATTR_UNUSED)
{
i_error("Dovecot wasn't built with SSL support");
return -1;
}
-int ssl_proxy_client_new(int fd ATTR_UNUSED, struct ip_addr *ip ATTR_UNUSED,
- const struct login_settings *set ATTR_UNUSED,
- ssl_handshake_callback_t *callback ATTR_UNUSED,
- void *context ATTR_UNUSED,
- struct ssl_proxy **proxy_r ATTR_UNUSED)
+int ssl_proxy_client_alloc(int fd ATTR_UNUSED, struct ip_addr *ip ATTR_UNUSED,
+ const struct login_settings *set ATTR_UNUSED,
+ ssl_handshake_callback_t *callback ATTR_UNUSED,
+ void *context ATTR_UNUSED,
+ struct ssl_proxy **proxy_r ATTR_UNUSED)
{
i_error("Dovecot wasn't built with SSL support");
return -1;
}
+void ssl_proxy_start(struct ssl_proxy *proxy ATTR_UNUSED)
+{
+}
+
void ssl_proxy_set_client(struct ssl_proxy *proxy ATTR_UNUSED,
struct client *client ATTR_UNUSED)
{
/* establish SSL connection with the given fd, returns a new fd which you
must use from now on, or -1 if error occurred. Unless -1 is returned,
the given fd must be simply forgotten. */
-int ssl_proxy_new(int fd, const struct ip_addr *ip,
- const struct login_settings *set, struct ssl_proxy **proxy_r);
-int ssl_proxy_client_new(int fd, struct ip_addr *ip,
- const struct login_settings *set,
- ssl_handshake_callback_t *callback, void *context,
- struct ssl_proxy **proxy_r);
+int ssl_proxy_alloc(int fd, const struct ip_addr *ip,
+ const struct login_settings *set,
+ struct ssl_proxy **proxy_r);
+int ssl_proxy_client_alloc(int fd, struct ip_addr *ip,
+ const struct login_settings *set,
+ ssl_handshake_callback_t *callback, void *context,
+ struct ssl_proxy **proxy_r);
+void ssl_proxy_start(struct ssl_proxy *proxy);
void ssl_proxy_set_client(struct ssl_proxy *proxy, struct client *client);
bool ssl_proxy_has_valid_client_cert(const struct ssl_proxy *proxy) ATTR_PURE;
bool ssl_proxy_has_broken_client_cert(struct ssl_proxy *proxy);
projects / thirdparty / dovecot / core.git / commitdiff
