dovecot-2.0: login proxy: Skip SSL hostname check when connectin...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.0/rev/de8715e4d793
changeset: 12978:de8715e4d793
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Nov 16 23:40:03 2011 +0200
description:
login proxy: Skip SSL hostname check when connecting to IP address (for backwards compatibility)

diffstat:

 src/login-common/login-proxy.c |  6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diffs (23 lines):

diff -r 5e9eaf63a6b1 -r de8715e4d793 src/login-common/login-proxy.c
--- a/src/login-common/login-proxy.c	Wed Nov 16 23:31:46 2011 +0200
+++ b/src/login-common/login-proxy.c	Wed Nov 16 23:40:03 2011 +0200
@@ -504,6 +504,7 @@
 static int login_proxy_ssl_handshaked(void *context)
 {
 	struct login_proxy *proxy = context;
+	struct ip_addr ip;
 
 	if ((proxy->ssl_flags & PROXY_SSL_FLAG_ANY_CERT) != 0)
 		return 0;
@@ -516,7 +517,10 @@
 		client_log_err(proxy->client, t_strdup_printf(
 			"proxy: SSL certificate not received from %s:%u",
 			proxy->host, proxy->port));
-	} else if (ssl_proxy_cert_match_name(proxy->ssl_server_proxy,
+	} else if (net_addr2ip(proxy->host, &ip) == 0 ||
+		   /* NOTE: allow IP address for backwards compatibility,
+		      v2.1 no longer accepts it */
+		   ssl_proxy_cert_match_name(proxy->ssl_server_proxy,
 					     proxy->host) < 0) {
 		client_log_err(proxy->client, t_strdup_printf(
 			"proxy: hostname doesn't match SSL certificate at %s:%u",