dovecot-2.0: login: ssl_require_client_cert and ssl_username_fro...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Jan 4 13:53:19 EET 2011
details: http://hg.dovecot.org/dovecot-2.0/rev/fd9c01323475
changeset: 12548:fd9c01323475
user: Timo Sirainen <tss at iki.fi>
date: Tue Jan 04 13:53:17 2011 +0200
description:
login: ssl_require_client_cert and ssl_username_from_cert settings should have had auth_ prefix.
The actual functionality was provided by the auth_* settings, but with these
duplicated settings login process didn't give as good error messages.
diffstat:
src/login-common/client-common.c | 5 +++--
src/login-common/login-settings.c | 11 ++++++-----
src/login-common/login-settings.h | 4 ++--
3 files changed, 11 insertions(+), 9 deletions(-)
diffs (71 lines):
diff -r 8e84c40b7a67 -r fd9c01323475 src/login-common/client-common.c
--- a/src/login-common/client-common.c Tue Jan 04 13:22:20 2011 +0200
+++ b/src/login-common/client-common.c Tue Jan 04 13:53:17 2011 +0200
@@ -497,7 +497,8 @@
const char *client_get_extra_disconnect_reason(struct client *client)
{
- if (client->set->ssl_require_client_cert && client->ssl_proxy != NULL) {
+ if (client->set->auth_ssl_require_client_cert &&
+ client->ssl_proxy != NULL) {
if (ssl_proxy_has_broken_client_cert(client->ssl_proxy))
return "(client sent an invalid cert)";
if (!ssl_proxy_has_valid_client_cert(client->ssl_proxy))
@@ -510,7 +511,7 @@
/* some auth attempts without SSL/TLS */
if (client->auth_tried_disabled_plaintext)
return "(tried to use disabled plaintext auth)";
- if (client->set->ssl_require_client_cert)
+ if (client->set->auth_ssl_require_client_cert)
return "(cert required, client didn't start TLS)";
if (client->auth_tried_unsupported_mech)
return "(tried to use unsupported auth mechanism)";
diff -r 8e84c40b7a67 -r fd9c01323475 src/login-common/login-settings.c
--- a/src/login-common/login-settings.c Tue Jan 04 13:22:20 2011 +0200
+++ b/src/login-common/login-settings.c Tue Jan 04 13:53:17 2011 +0200
@@ -34,8 +34,8 @@
DEF(SET_STR, ssl_cipher_list),
DEF(SET_STR, ssl_cert_username_field),
DEF(SET_BOOL, ssl_verify_client_cert),
- DEF(SET_BOOL, ssl_require_client_cert),
- DEF(SET_BOOL, ssl_username_from_cert),
+ DEF(SET_BOOL, auth_ssl_require_client_cert),
+ DEF(SET_BOOL, auth_ssl_username_from_cert),
DEF(SET_BOOL, verbose_ssl),
DEF(SET_BOOL, disable_plaintext_auth),
@@ -64,8 +64,8 @@
.ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL",
.ssl_cert_username_field = "commonName",
.ssl_verify_client_cert = FALSE,
- .ssl_require_client_cert = FALSE,
- .ssl_username_from_cert = FALSE,
+ .auth_ssl_require_client_cert = FALSE,
+ .auth_ssl_username_from_cert = FALSE,
.verbose_ssl = FALSE,
.disable_plaintext_auth = TRUE,
@@ -131,7 +131,8 @@
set->log_format_elements_split =
p_strsplit(pool, set->login_log_format_elements, " ");
- if (set->ssl_require_client_cert || set->ssl_username_from_cert) {
+ if (set->auth_ssl_require_client_cert ||
+ set->auth_ssl_username_from_cert) {
/* if we require valid cert, make sure we also ask for it */
set->ssl_verify_client_cert = TRUE;
}
diff -r 8e84c40b7a67 -r fd9c01323475 src/login-common/login-settings.h
--- a/src/login-common/login-settings.h Tue Jan 04 13:22:20 2011 +0200
+++ b/src/login-common/login-settings.h Tue Jan 04 13:53:17 2011 +0200
@@ -16,8 +16,8 @@
const char *ssl_cipher_list;
const char *ssl_cert_username_field;
bool ssl_verify_client_cert;
- bool ssl_require_client_cert;
- bool ssl_username_from_cert;
+ bool auth_ssl_require_client_cert;
+ bool auth_ssl_username_from_cert;
bool verbose_ssl;
bool disable_plaintext_auth;
More information about the dovecot-cvs
mailing list