dovecot-2.2: lib-ssl-iostream: ssl_iostream_set_handshake_callba...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Apr 4 15:22:00 EEST 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/970914436288
changeset: 16154:970914436288
user: Timo Sirainen <tss at iki.fi>
date: Thu Apr 04 15:21:00 2013 +0300
description:
lib-ssl-iostream: ssl_iostream_set_handshake_callback() API changed.
The callback can now return the error message to caller instead of having to
log it itself.
diffstat:
src/doveadm/server-connection.c | 18 ++++++++----------
src/lib-http/http-client-connection.c | 20 ++++++++++----------
src/lib-imap-client/imapc-connection.c | 18 ++++++++----------
src/lib-ssl-iostream/iostream-openssl.c | 7 +++++--
src/lib-ssl-iostream/iostream-openssl.h | 2 +-
src/lib-ssl-iostream/iostream-ssl-private.h | 2 +-
src/lib-ssl-iostream/iostream-ssl.c | 2 +-
src/lib-ssl-iostream/iostream-ssl.h | 7 ++++++-
src/lib-storage/index/pop3c/pop3c-client.c | 16 +++++++---------
9 files changed, 47 insertions(+), 45 deletions(-)
diffs (244 lines):
diff -r 3580439c06d8 -r 970914436288 src/doveadm/server-connection.c
--- a/src/doveadm/server-connection.c Thu Apr 04 14:58:00 2013 +0300
+++ b/src/doveadm/server-connection.c Thu Apr 04 15:21:00 2013 +0300
@@ -315,7 +315,7 @@
return 0;
}
-static int server_connection_ssl_handshaked(void *context)
+static int server_connection_ssl_handshaked(const char **error_r, void *context)
{
struct server_connection *conn = context;
const char *host, *p;
@@ -326,16 +326,14 @@
host = t_strdup_until(host, p);
if (!ssl_iostream_has_valid_client_cert(conn->ssl_iostream)) {
- if (!ssl_iostream_has_broken_client_cert(conn->ssl_iostream)) {
- i_error("%s: SSL certificate not received",
- conn->server->name);
- } else {
- i_error("%s: Received invalid SSL certificate",
- conn->server->name);
- }
+ if (!ssl_iostream_has_broken_client_cert(conn->ssl_iostream))
+ *error_r = "SSL certificate not received";
+ else
+ *error_r = "Received invalid SSL certificate";
} else if (ssl_iostream_cert_match_name(conn->ssl_iostream, host) < 0) {
- i_error("%s: SSL certificate doesn't match host name",
- conn->server->name);
+ *error_r = t_strdup_printf(
+ "SSL certificate doesn't match expected host name %s",
+ host);
} else {
if (doveadm_debug) {
i_debug("%s: SSL handshake successful",
diff -r 3580439c06d8 -r 970914436288 src/lib-http/http-client-connection.c
--- a/src/lib-http/http-client-connection.c Thu Apr 04 14:58:00 2013 +0300
+++ b/src/lib-http/http-client-connection.c Thu Apr 04 15:21:00 2013 +0300
@@ -652,7 +652,8 @@
(void)http_client_connection_next_request(conn);
}
-static int http_client_connection_ssl_handshaked(void *context)
+static int
+http_client_connection_ssl_handshaked(const char **error_r, void *context)
{
struct http_client_connection *conn = context;
@@ -661,23 +662,22 @@
http_client_connection_debug(conn, "SSL handshake successful");
return 0;
} else if (!ssl_iostream_has_valid_client_cert(conn->ssl_iostream)) {
- if (!ssl_iostream_has_broken_client_cert(conn->ssl_iostream)) {
- http_client_connection_error(conn, "SSL certificate not received");
- } else {
- http_client_connection_error(conn, "Received invalid SSL certificate");
- }
+ if (!ssl_iostream_has_broken_client_cert(conn->ssl_iostream))
+ *error_r = "SSL certificate not received";
+ else
+ *error_r = "Received invalid SSL certificate";
} else {
const char *host = http_client_peer_get_hostname(conn->peer);
i_assert(host != NULL);
- if (ssl_iostream_cert_match_name(conn->ssl_iostream, host) < 0) {
- http_client_connection_error(conn,
- "SSL certificate doesn't match host name");
- } else {
+ if (ssl_iostream_cert_match_name(conn->ssl_iostream, host) == 0) {
http_client_connection_debug(conn, "SSL handshake successful");
return 0;
}
+
+ *error_r = t_strdup_printf(
+ "SSL certificate doesn't match expected host name %s", host);
}
i_stream_close(conn->conn.input);
return -1;
diff -r 3580439c06d8 -r 970914436288 src/lib-imap-client/imapc-connection.c
--- a/src/lib-imap-client/imapc-connection.c Thu Apr 04 14:58:00 2013 +0300
+++ b/src/lib-imap-client/imapc-connection.c Thu Apr 04 15:21:00 2013 +0300
@@ -1126,7 +1126,7 @@
imapc_connection_unref(&conn);
}
-static int imapc_connection_ssl_handshaked(void *context)
+static int imapc_connection_ssl_handshaked(const char **error_r, void *context)
{
struct imapc_connection *conn = context;
@@ -1134,17 +1134,15 @@
/* skip certificate checks */
return 0;
} else if (!ssl_iostream_has_valid_client_cert(conn->ssl_iostream)) {
- if (!ssl_iostream_has_broken_client_cert(conn->ssl_iostream)) {
- i_error("imapc(%s): SSL certificate not received",
- conn->name);
- } else {
- i_error("imapc(%s): Received invalid SSL certificate",
- conn->name);
- }
+ if (!ssl_iostream_has_broken_client_cert(conn->ssl_iostream))
+ *error_r = "SSL certificate not received";
+ else
+ *error_r = "Received invalid SSL certificate";
} else if (ssl_iostream_cert_match_name(conn->ssl_iostream,
conn->client->set.host) < 0) {
- i_error("imapc(%s): SSL certificate doesn't match host name",
- conn->name);
+ *error_r = t_strdup_printf(
+ "SSL certificate doesn't match expected host name %s",
+ conn->client->set.host);
} else {
if (conn->client->set.debug) {
i_debug("imapc(%s): SSL handshake successful",
diff -r 3580439c06d8 -r 970914436288 src/lib-ssl-iostream/iostream-openssl.c
--- a/src/lib-ssl-iostream/iostream-openssl.c Thu Apr 04 14:58:00 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl.c Thu Apr 04 15:21:00 2013 +0300
@@ -516,6 +516,7 @@
static int openssl_iostream_handshake(struct ssl_iostream *ssl_io)
{
+ const char *error = NULL;
int ret;
i_assert(!ssl_io->handshaked);
@@ -542,7 +543,9 @@
ssl_io->handshaked = TRUE;
if (ssl_io->handshake_callback != NULL) {
- if (ssl_io->handshake_callback(ssl_io->handshake_context) < 0) {
+ if (ssl_io->handshake_callback(&error, ssl_io->handshake_context) < 0) {
+ i_assert(error != NULL);
+ openssl_iostream_set_error(ssl_io, error);
errno = EINVAL;
return -1;
}
@@ -554,7 +557,7 @@
static void
openssl_iostream_set_handshake_callback(struct ssl_iostream *ssl_io,
- int (*callback)(void *context),
+ ssl_iostream_handshake_callback_t *callback,
void *context)
{
ssl_io->handshake_callback = callback;
diff -r 3580439c06d8 -r 970914436288 src/lib-ssl-iostream/iostream-openssl.h
--- a/src/lib-ssl-iostream/iostream-openssl.h Thu Apr 04 14:58:00 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl.h Thu Apr 04 15:21:00 2013 +0300
@@ -38,7 +38,7 @@
bool verbose, verbose_invalid_cert, require_valid_cert;
int username_nid;
- int (*handshake_callback)(void *context);
+ ssl_iostream_handshake_callback_t *handshake_callback;
void *handshake_context;
unsigned int handshaked:1;
diff -r 3580439c06d8 -r 970914436288 src/lib-ssl-iostream/iostream-ssl-private.h
--- a/src/lib-ssl-iostream/iostream-ssl-private.h Thu Apr 04 14:58:00 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-ssl-private.h Thu Apr 04 15:21:00 2013 +0300
@@ -25,7 +25,7 @@
int (*handshake)(struct ssl_iostream *ssl_io);
void (*set_handshake_callback)(struct ssl_iostream *ssl_io,
- int (*callback)(void *context),
+ ssl_iostream_handshake_callback_t *callback,
void *context);
bool (*is_handshaked)(const struct ssl_iostream *ssl_io);
diff -r 3580439c06d8 -r 970914436288 src/lib-ssl-iostream/iostream-ssl.c
--- a/src/lib-ssl-iostream/iostream-ssl.c Thu Apr 04 14:58:00 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-ssl.c Thu Apr 04 15:21:00 2013 +0300
@@ -124,7 +124,7 @@
}
void ssl_iostream_set_handshake_callback(struct ssl_iostream *ssl_io,
- int (*callback)(void *context),
+ ssl_iostream_handshake_callback_t *callback,
void *context)
{
ssl_vfuncs->set_handshake_callback(ssl_io, callback, context);
diff -r 3580439c06d8 -r 970914436288 src/lib-ssl-iostream/iostream-ssl.h
--- a/src/lib-ssl-iostream/iostream-ssl.h Thu Apr 04 14:58:00 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-ssl.h Thu Apr 04 15:21:00 2013 +0300
@@ -19,6 +19,11 @@
bool require_valid_cert; /* stream-only */
};
+/* Returns 0 if ok, -1 and sets error_r if failed. The returned error string
+ becomes available via ssl_iostream_get_last_error() */
+typedef int
+ssl_iostream_handshake_callback_t(const char **error_r, void *context);
+
int io_stream_create_ssl(struct ssl_iostream_context *ctx, const char *source,
const struct ssl_iostream_settings *set,
struct istream **input, struct ostream **output,
@@ -31,7 +36,7 @@
int ssl_iostream_handshake(struct ssl_iostream *ssl_io);
void ssl_iostream_set_handshake_callback(struct ssl_iostream *ssl_io,
- int (*callback)(void *context),
+ ssl_iostream_handshake_callback_t *callback,
void *context);
bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io);
diff -r 3580439c06d8 -r 970914436288 src/lib-storage/index/pop3c/pop3c-client.c
--- a/src/lib-storage/index/pop3c/pop3c-client.c Thu Apr 04 14:58:00 2013 +0300
+++ b/src/lib-storage/index/pop3c/pop3c-client.c Thu Apr 04 15:21:00 2013 +0300
@@ -409,7 +409,7 @@
}
}
-static int pop3c_client_ssl_handshaked(void *context)
+static int pop3c_client_ssl_handshaked(const char **error_r, void *context)
{
struct pop3c_client *client = context;
@@ -417,16 +417,14 @@
/* skip certificate checks */
return 0;
} else if (!ssl_iostream_has_valid_client_cert(client->ssl_iostream)) {
- if (!ssl_iostream_has_broken_client_cert(client->ssl_iostream)) {
- i_error("pop3c(%s): SSL certificate not received",
- client->set.host);
- } else {
- i_error("pop3c(%s): Received invalid SSL certificate",
- client->set.host);
- }
+ if (!ssl_iostream_has_broken_client_cert(client->ssl_iostream))
+ *error_r = "SSL certificate not received";
+ else
+ *error_r = "Received invalid SSL certificate";
} else if (ssl_iostream_cert_match_name(client->ssl_iostream,
client->set.host) < 0) {
- i_error("pop3c(%s): SSL certificate doesn't match host name",
+ *error_r = t_strdup_printf(
+ "SSL certificate doesn't match expected host name %s",
client->set.host);
} else {
if (client->set.debug) {
More information about the dovecot-cvs
mailing list