dovecot-2.2: lib-ssl-iostream: If handshake callback fails, clos...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Apr 4 15:40:19 EEST 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/4e9851e24c28
changeset: 16156:4e9851e24c28
user: Timo Sirainen <tss at iki.fi>
date: Thu Apr 04 15:40:08 2013 +0300
description:
lib-ssl-iostream: If handshake callback fails, close the iostreams immediately.
This way the callback itself doesn't have to do it. Also fixes errors caused
by it, since they didn't close the ostream.
diffstat:
src/doveadm/server-connection.c | 4 ++--
src/lib-http/http-client-connection.c | 8 ++++----
src/lib-http/http-client.h | 1 -
src/lib-imap-client/imapc-connection.c | 1 -
src/lib-ssl-iostream/iostream-openssl.c | 2 ++
src/lib-storage/index/pop3c/pop3c-client.c | 1 -
6 files changed, 8 insertions(+), 9 deletions(-)
diffs (110 lines):
diff -r c1f1624a299c -r 4e9851e24c28 src/doveadm/server-connection.c
--- a/src/doveadm/server-connection.c Thu Apr 04 15:21:52 2013 +0300
+++ b/src/doveadm/server-connection.c Thu Apr 04 15:40:08 2013 +0300
@@ -330,10 +330,12 @@
*error_r = "SSL certificate not received";
else
*error_r = "Received invalid SSL certificate";
+ return -1;
} else if (ssl_iostream_cert_match_name(conn->ssl_iostream, host) < 0) {
*error_r = t_strdup_printf(
"SSL certificate doesn't match expected host name %s",
host);
+ return -1;
} else {
if (doveadm_debug) {
i_debug("%s: SSL handshake successful",
@@ -341,8 +343,6 @@
}
return 0;
}
- i_stream_close(conn->input);
- return -1;
}
static int server_connection_init_ssl(struct server_connection *conn)
diff -r c1f1624a299c -r 4e9851e24c28 src/lib-http/http-client-connection.c
--- a/src/lib-http/http-client-connection.c Thu Apr 04 15:21:52 2013 +0300
+++ b/src/lib-http/http-client-connection.c Thu Apr 04 15:40:08 2013 +0300
@@ -641,7 +641,7 @@
{
struct http_client_connection *conn = context;
- if (!conn->client->set.ssl_verify) {
+ if (conn->client->set.ssl_allow_invalid_cert) {
/* skip certificate checks */
http_client_connection_debug(conn, "SSL handshake successful");
return 0;
@@ -650,6 +650,7 @@
*error_r = "SSL certificate not received";
else
*error_r = "Received invalid SSL certificate";
+ return -1;
} else {
const char *host = http_client_peer_get_hostname(conn->peer);
@@ -662,9 +663,8 @@
*error_r = t_strdup_printf(
"SSL certificate doesn't match expected host name %s", host);
+ return -1;
}
- i_stream_close(conn->conn.input);
- return -1;
}
static int
@@ -677,7 +677,7 @@
i_assert(conn->client->ssl_ctx != NULL);
memset(&ssl_set, 0, sizeof(ssl_set));
- if (conn->client->set.ssl_verify) {
+ if (!conn->client->set.ssl_allow_invalid_cert) {
ssl_set.verbose_invalid_cert = TRUE;
ssl_set.verify_remote_cert = TRUE;
ssl_set.require_valid_cert = TRUE;
diff -r c1f1624a299c -r 4e9851e24c28 src/lib-http/http-client.h
--- a/src/lib-http/http-client.h Thu Apr 04 15:21:52 2013 +0300
+++ b/src/lib-http/http-client.h Thu Apr 04 15:40:08 2013 +0300
@@ -36,7 +36,6 @@
const char *ssl_ca_dir, *ssl_ca;
const char *ssl_crypto_device;
bool ssl_allow_invalid_cert;
- bool ssl_verify;
const char *rawlog_dir;
diff -r c1f1624a299c -r 4e9851e24c28 src/lib-imap-client/imapc-connection.c
--- a/src/lib-imap-client/imapc-connection.c Thu Apr 04 15:21:52 2013 +0300
+++ b/src/lib-imap-client/imapc-connection.c Thu Apr 04 15:40:08 2013 +0300
@@ -1151,7 +1151,6 @@
return 0;
}
conn->handshake_failed = TRUE;
- i_stream_close(conn->input);
return -1;
}
diff -r c1f1624a299c -r 4e9851e24c28 src/lib-ssl-iostream/iostream-openssl.c
--- a/src/lib-ssl-iostream/iostream-openssl.c Thu Apr 04 15:21:52 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl.c Thu Apr 04 15:40:08 2013 +0300
@@ -545,6 +545,8 @@
if (ssl_io->handshake_callback != NULL) {
if (ssl_io->handshake_callback(&error, ssl_io->handshake_context) < 0) {
i_assert(error != NULL);
+ i_stream_close(ssl_io->plain_input);
+ o_stream_close(ssl_io->plain_output);
openssl_iostream_set_error(ssl_io, error);
errno = EINVAL;
return -1;
diff -r c1f1624a299c -r 4e9851e24c28 src/lib-storage/index/pop3c/pop3c-client.c
--- a/src/lib-storage/index/pop3c/pop3c-client.c Thu Apr 04 15:21:52 2013 +0300
+++ b/src/lib-storage/index/pop3c/pop3c-client.c Thu Apr 04 15:40:08 2013 +0300
@@ -434,7 +434,6 @@
return 0;
}
client->handshake_failed = TRUE;
- i_stream_close(client->input);
return -1;
}
More information about the dovecot-cvs
mailing list