[dovecot-cvs] dovecot/src/login-common ssl-proxy-openssl.c, 1.37.2.1, 1.37.2.2

[cras at dovecot.org]

Update of /var/lib/cvs/dovecot/src/login-common
In directory talvi:/tmp/cvs-serv31029

Modified Files:
      Tag: branch_1_0
	ssl-proxy-openssl.c 
Log Message:
If verbose_ssl=yes set ssl_info_callback and print any alerts and BIO
errors.



Index: ssl-proxy-openssl.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v
retrieving revision 1.37.2.1
retrieving revision 1.37.2.2
diff -u -d -r1.37.2.1 -r1.37.2.2
--- ssl-proxy-openssl.c	11 Jun 2006 14:48:42 -0000	1.37.2.1
+++ ssl-proxy-openssl.c	1 Jul 2006 21:15:15 -0000	1.37.2.2
@@ -575,6 +575,24 @@
 	return ssl_params.dh_1024;
 }
 
+static void ssl_info_callback(const SSL *ssl, int where, int ret)
+{
+	struct ssl_proxy *proxy;
+
+	proxy = SSL_get_ex_data(ssl, extdata_index);
+
+	if ((where & SSL_CB_ALERT) != 0) {
+		i_warning("SSL alert: where=0x%x, ret=%d: %s %s [%s]",
+			  where, ret, SSL_alert_type_string_long(ret),
+			  SSL_alert_desc_string_long(ret),
+			  net_ip2addr(&proxy->ip));
+	} else {
+		i_warning("SSL BIO failed: where=0x%x, ret=%d: %s [%s]",
+			  where, ret, SSL_state_string_long(ssl),
+			  net_ip2addr(&proxy->ip));
+	}
+}
+
 static int ssl_verify_client_cert(int preverify_ok, X509_STORE_CTX *ctx)
 {
 	SSL *ssl;
@@ -681,6 +699,9 @@
 		SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
 	SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback);
 
+	if (verbose_ssl)
+		SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
+
 	if (getenv("SSL_VERIFY_CLIENT_CERT") != NULL) {
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
 		X509_STORE *store;