lib-iostream: Disallow empty ssl_min_protocol

author Marco Bettini <marco.bettini@open-xchange.com>

Thu, 5 Feb 2026 13:38:35 +0000 (13:38 +0000)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Fri, 6 Feb 2026 13:10:08 +0000 (13:10 +0000)
author Marco Bettini <marco.bettini@open-xchange.com>
Thu, 5 Feb 2026 13:38:35 +0000 (13:38 +0000)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Fri, 6 Feb 2026 13:10:08 +0000 (13:10 +0000)
diff --git a/src/lib-ssl-iostream/ssl-settings.c b/src/lib-ssl-iostream/ssl-settings.c

index 9a70badf0d478744a12e4c94c32f8d7b41e1ee17..e3ae04a93f2647e764344d22a7a9b1e84318b5fd 100644 (file)
--- a/src/lib-ssl-iostream/ssl-settings.c
+++ b/src/lib-ssl-iostream/ssl-settings.c
@@ -128,12 +128,16 @@ ssl_settings_check(void *_set, pool_t pool ATTR_UNUSED,
  {
         struct ssl_settings *set = _set;
  
-       if (settings_get_config_binary() != SETTINGS_BINARY_OTHER) T_BEGIN {
+       if (settings_get_config_binary() != SETTINGS_BINARY_OTHER) {
                 const char *proto = t_str_ucase(set->ssl_min_protocol);
+               if (*proto == '\0') {
+                       *error_r = "ssl_min_protocol cannot be empty";
+                       return FALSE;
+               }
                 if (strstr(proto, "ANY") != NULL)
                         i_warning("ssl_min_protocol=ANY is used - This is "
                                   "insecure and intended only for testing");
-       } T_END;
+       }
  
         /* Now explode the ssl_options string into individual flags */
         /* First set them all to defaults */
author	Marco Bettini <marco.bettini@open-xchange.com>
	Thu, 5 Feb 2026 13:38:35 +0000 (13:38 +0000)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Fri, 6 Feb 2026 13:10:08 +0000 (13:10 +0000)