dovecot-2.1: login: Added ssl_crypto_device setting to set OpenS...

dovecot at dovecot.org dovecot at dovecot.org
Thu Nov 24 01:53:12 EET 2011 

details:   http://hg.dovecot.org/dovecot-2.1/rev/ca49f570f0c1
changeset: 13772:ca49f570f0c1
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Nov 24 01:45:59 2011 +0200
description:
login: Added ssl_crypto_device setting to set OpenSSL engine.

diffstat:

 src/login-common/login-settings.c    |   2 ++
 src/login-common/login-settings.h    |   1 +
 src/login-common/ssl-proxy-openssl.c |  19 +++++++++++++++++++
 3 files changed, 22 insertions(+), 0 deletions(-)

diffs (80 lines):

diff -r cc497af529cd -r ca49f570f0c1 src/login-common/login-settings.c
--- a/src/login-common/login-settings.c	Thu Nov 24 01:45:09 2011 +0200
+++ b/src/login-common/login-settings.c	Thu Nov 24 01:45:59 2011 +0200
@@ -35,6 +35,7 @@
 	DEF(SET_STR, ssl_cert_username_field),
 	DEF(SET_STR, ssl_client_cert),
 	DEF(SET_STR, ssl_client_key),
+	DEF(SET_STR, ssl_crypto_device),
 	DEF(SET_BOOL, ssl_verify_client_cert),
 	DEF(SET_BOOL, auth_ssl_require_client_cert),
 	DEF(SET_BOOL, auth_ssl_username_from_cert),
@@ -67,6 +68,7 @@
 	.ssl_cert_username_field = "commonName",
 	.ssl_client_cert = "",
 	.ssl_client_key = "",
+	.ssl_crypto_device = "",
 	.ssl_verify_client_cert = FALSE,
 	.auth_ssl_require_client_cert = FALSE,
 	.auth_ssl_username_from_cert = FALSE,
diff -r cc497af529cd -r ca49f570f0c1 src/login-common/login-settings.h
--- a/src/login-common/login-settings.h	Thu Nov 24 01:45:09 2011 +0200
+++ b/src/login-common/login-settings.h	Thu Nov 24 01:45:59 2011 +0200
@@ -17,6 +17,7 @@
 	const char *ssl_cert_username_field;
 	const char *ssl_client_cert;
 	const char *ssl_client_key;
+	const char *ssl_crypto_device;
 	bool ssl_verify_client_cert;
 	bool auth_ssl_require_client_cert;
 	bool auth_ssl_username_from_cert;
diff -r cc497af529cd -r ca49f570f0c1 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Thu Nov 24 01:45:09 2011 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Thu Nov 24 01:45:59 2011 +0200
@@ -21,6 +21,7 @@
 
 #include "iostream-openssl.h"
 #include <openssl/crypto.h>
+#include <openssl/engine.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
@@ -99,6 +100,7 @@
 static struct ssl_proxy *ssl_proxies;
 static struct ssl_parameters ssl_params;
 static int ssl_username_nid;
+static ENGINE *ssl_engine;
 
 static void plain_read(struct ssl_proxy *proxy);
 static void ssl_read(struct ssl_proxy *proxy);
@@ -1274,6 +1276,19 @@
 	SSL_load_error_strings();
 	OpenSSL_add_all_algorithms();
 
+	if (*set->ssl_crypto_device != '\0') {
+		ENGINE_load_builtin_engines();
+		ssl_engine = ENGINE_by_id(set->ssl_crypto_device);
+		if (ssl_engine == NULL) {
+			i_fatal("Unknown ssl_crypto_device: %s",
+				set->ssl_crypto_device);
+		}
+		ENGINE_init(ssl_engine);
+		ENGINE_set_default_RSA(ssl_engine);
+		ENGINE_set_default_DSA(ssl_engine);
+		ENGINE_set_default_ciphers(ssl_engine);
+	}
+
 	extdata_index = SSL_get_ex_new_index(0, dovecot, NULL, NULL, NULL);
 
 	ssl_servers = hash_table_create(default_pool, default_pool, 0,
@@ -1324,6 +1339,10 @@
 
 	ssl_free_parameters(&ssl_params);
 	SSL_CTX_free(ssl_client_ctx);
+	if (ssl_engine != NULL) {
+		ENGINE_cleanup();
+		ENGINE_finish(ssl_engine);
+	}
 	EVP_cleanup();
 	ERR_free_strings();
 }

More information about the dovecot-cvs mailing list