[dovecot-cvs] dovecot/src/login-common ssl-proxy-openssl.c, 1.20,
1.21
cras at procontrol.fi
cras at procontrol.fi
Mon May 10 05:15:19 EEST 2004
Update of /home/cvs/dovecot/src/login-common
In directory talvi:/tmp/cvs-serv6113/src/login-common
Modified Files:
ssl-proxy-openssl.c
Log Message:
Added ssl_verify_client_cert setting.
Index: ssl-proxy-openssl.c
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- ssl-proxy-openssl.c 10 May 2004 01:55:41 -0000 1.20
+++ ssl-proxy-openssl.c 10 May 2004 02:15:16 -0000 1.21
@@ -453,6 +453,12 @@
if (SSL_CTX_need_tmp_RSA(ssl_ctx))
SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
+ if (getenv("SSL_VERIFY_CLIENT_CERT") != NULL) {
+ SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER |
+ SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
+ SSL_VERIFY_CLIENT_ONCE, NULL);
+ }
+
/* PRNG initialization might want to use /dev/urandom, make sure it
does it before chrooting. */
if (RAND_bytes(&buf, 1) != 1)
More information about the dovecot-cvs
mailing list