dovecot-2.2: lib-ssl-iostream: Added ssl_iostream_has_handshake_...

dovecot at dovecot.org dovecot at dovecot.org
Mon Apr 8 13:03:27 EEST 2013 

details:   http://hg.dovecot.org/dovecot-2.2/rev/c7555e6d13fd
changeset: 16244:c7555e6d13fd
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Apr 08 13:02:27 2013 +0300
description:
lib-ssl-iostream: Added ssl_iostream_has_handshake_failed()

diffstat:

 src/lib-ssl-iostream/iostream-openssl.c     |  12 +++++++++++-
 src/lib-ssl-iostream/iostream-openssl.h     |   1 +
 src/lib-ssl-iostream/iostream-ssl-private.h |   1 +
 src/lib-ssl-iostream/iostream-ssl.c         |   5 +++++
 src/lib-ssl-iostream/iostream-ssl.h         |   3 +++
 5 files changed, 21 insertions(+), 1 deletions(-)

diffs (94 lines):

diff -r be767af05259 -r c7555e6d13fd src/lib-ssl-iostream/iostream-openssl.c
--- a/src/lib-ssl-iostream/iostream-openssl.c	Mon Apr 08 02:06:29 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl.c	Mon Apr 08 13:02:27 2013 +0300
@@ -117,8 +117,10 @@
 	}
 	if (!preverify_ok) {
 		ssl_io->cert_broken = TRUE;
-		if (ssl_io->require_valid_cert)
+		if (ssl_io->require_valid_cert) {
+			ssl_io->handshake_failed = TRUE;
 			return 0;
+		}
 	}
 	return 1;
 }
@@ -550,6 +552,7 @@
 			i_stream_close(ssl_io->plain_input);
 			o_stream_close(ssl_io->plain_output);
 			openssl_iostream_set_error(ssl_io, error);
+			ssl_io->handshake_failed = TRUE;
 			errno = EINVAL;
 			return -1;
 		}
@@ -584,6 +587,12 @@
 }
 
 static bool
+openssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io)
+{
+	return ssl_io->handshake_failed;
+}
+
+static bool
 openssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io)
 {
 	return ssl_io->cert_received && !ssl_io->cert_broken;
@@ -685,6 +694,7 @@
 
 	openssl_iostream_set_log_prefix,
 	openssl_iostream_is_handshaked,
+	openssl_iostream_has_handshake_failed,
 	openssl_iostream_has_valid_client_cert,
 	openssl_iostream_has_broken_client_cert,
 	openssl_iostream_cert_match_name,
diff -r be767af05259 -r c7555e6d13fd src/lib-ssl-iostream/iostream-openssl.h
--- a/src/lib-ssl-iostream/iostream-openssl.h	Mon Apr 08 02:06:29 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl.h	Mon Apr 08 13:02:27 2013 +0300
@@ -41,6 +41,7 @@
 	void *handshake_context;
 
 	unsigned int handshaked:1;
+	unsigned int handshake_failed:1;
 	unsigned int cert_received:1;
 	unsigned int cert_broken:1;
 	unsigned int want_read:1;
diff -r be767af05259 -r c7555e6d13fd src/lib-ssl-iostream/iostream-ssl-private.h
--- a/src/lib-ssl-iostream/iostream-ssl-private.h	Mon Apr 08 02:06:29 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-ssl-private.h	Mon Apr 08 13:02:27 2013 +0300
@@ -30,6 +30,7 @@
 
 	void (*set_log_prefix)(struct ssl_iostream *ssl_io, const char *prefix);
 	bool (*is_handshaked)(const struct ssl_iostream *ssl_io);
+	bool (*has_handshake_failed)(const struct ssl_iostream *ssl_io);
 	bool (*has_valid_client_cert)(const struct ssl_iostream *ssl_io);
 	bool (*has_broken_client_cert)(struct ssl_iostream *ssl_io);
 	int (*cert_match_name)(struct ssl_iostream *ssl_io, const char *name);
diff -r be767af05259 -r c7555e6d13fd src/lib-ssl-iostream/iostream-ssl.c
--- a/src/lib-ssl-iostream/iostream-ssl.c	Mon Apr 08 02:06:29 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-ssl.c	Mon Apr 08 13:02:27 2013 +0300
@@ -151,6 +151,11 @@
 	return ssl_vfuncs->is_handshaked(ssl_io);
 }
 
+bool ssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io)
+{
+	return ssl_vfuncs->has_handshake_failed(ssl_io);
+}
+
 bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io)
 {
 	return ssl_vfuncs->has_valid_client_cert(ssl_io);
diff -r be767af05259 -r c7555e6d13fd src/lib-ssl-iostream/iostream-ssl.h
--- a/src/lib-ssl-iostream/iostream-ssl.h	Mon Apr 08 02:06:29 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-ssl.h	Mon Apr 08 13:02:27 2013 +0300
@@ -49,6 +49,9 @@
 					 void *context);
 
 bool ssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io);
+/* Returns TRUE if the remote cert is invalid, or handshake callback returned
+   failure. */
+bool ssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io);
 bool ssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io);
 bool ssl_iostream_has_broken_client_cert(struct ssl_iostream *ssl_io);
 int ssl_iostream_check_cert_validity(struct ssl_iostream *ssl_io,

More information about the dovecot-cvs mailing list