dovecot-2.2: lib-ssl-iostream: API changes to return error strin...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Apr 4 13:21:10 EEST 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/02f6b66458b1
changeset: 16145:02f6b66458b1
user: Timo Sirainen <tss at iki.fi>
date: Thu Apr 04 13:20:59 2013 +0300
description:
lib-ssl-iostream: API changes to return error strings if init() functions fail.
This also fixed a couple of broken error handlings.
diffstat:
src/doveadm/client-connection.c | 6 +-
src/doveadm/dsync/doveadm-dsync.c | 12 +-
src/doveadm/server-connection.c | 5 +-
src/lib-http/http-client-connection.c | 8 +-
src/lib-http/http-client.c | 7 +-
src/lib-imap-client/imapc-client.c | 11 +-
src/lib-imap-client/imapc-connection.c | 8 +-
src/lib-master/master-service-ssl.c | 17 ++-
src/lib-master/master-service-ssl.h | 3 +-
src/lib-ssl-iostream/iostream-openssl-context.c | 128 +++++++++++++----------
src/lib-ssl-iostream/iostream-openssl-params.c | 14 +-
src/lib-ssl-iostream/iostream-openssl.c | 54 +++++----
src/lib-ssl-iostream/iostream-openssl.h | 18 +-
src/lib-ssl-iostream/iostream-ssl-private.h | 16 +-
src/lib-ssl-iostream/iostream-ssl.c | 44 ++++---
src/lib-ssl-iostream/iostream-ssl.h | 17 +-
src/lib-storage/index/pop3c/pop3c-client.c | 19 +-
17 files changed, 213 insertions(+), 174 deletions(-)
diffs (truncated from 1032 to 300 lines):
diff -r 778daa3852ef -r 02f6b66458b1 src/doveadm/client-connection.c
--- a/src/doveadm/client-connection.c Thu Apr 04 13:12:26 2013 +0300
+++ b/src/doveadm/client-connection.c Thu Apr 04 13:20:59 2013 +0300
@@ -350,10 +350,14 @@
static int client_connection_init_ssl(struct client_connection *conn)
{
+ const char *error;
+
if (master_service_ssl_init(master_service,
&conn->input, &conn->output,
- &conn->ssl_iostream) < 0)
+ &conn->ssl_iostream, &error) < 0) {
+ i_error("SSL init failed: %s", error);
return -1;
+ }
if (ssl_iostream_handshake(conn->ssl_iostream) < 0) {
i_error("SSL handshake failed: %s",
ssl_iostream_get_last_error(conn->ssl_iostream));
diff -r 778daa3852ef -r 02f6b66458b1 src/doveadm/dsync/doveadm-dsync.c
--- a/src/doveadm/dsync/doveadm-dsync.c Thu Apr 04 13:12:26 2013 +0300
+++ b/src/doveadm/dsync/doveadm-dsync.c Thu Apr 04 13:20:59 2013 +0300
@@ -569,7 +569,8 @@
}
static int dsync_init_ssl_ctx(struct dsync_cmd_context *ctx,
- const struct mail_storage_settings *mail_set)
+ const struct mail_storage_settings *mail_set,
+ const char **error_r)
{
struct ssl_iostream_settings ssl_set;
@@ -581,8 +582,7 @@
ssl_set.verify_remote_cert = TRUE;
ssl_set.crypto_device = mail_set->ssl_crypto_device;
- return ssl_iostream_context_init_client("doveadm", &ssl_set,
- &ctx->ssl_ctx);
+ return ssl_iostream_context_init_client(&ssl_set, &ctx->ssl_ctx, error_r);
}
static int
@@ -594,12 +594,14 @@
struct server_connection *conn;
struct ioloop *ioloop;
string_t *cmd;
+ const char *error;
server = p_new(ctx->ctx.pool, struct doveadm_server, 1);
server->name = p_strdup(ctx->ctx.pool, target);
if (ssl) {
- if (dsync_init_ssl_ctx(ctx, mail_set) < 0) {
- *error_r = "Couldn't initialize SSL context";
+ if (dsync_init_ssl_ctx(ctx, mail_set, &error) < 0) {
+ *error_r = t_strdup_printf(
+ "Couldn't initialize SSL context: %s", error);
return -1;
}
server->ssl_ctx = ctx->ssl_ctx;
diff -r 778daa3852ef -r 02f6b66458b1 src/doveadm/server-connection.c
--- a/src/doveadm/server-connection.c Thu Apr 04 13:12:26 2013 +0300
+++ b/src/doveadm/server-connection.c Thu Apr 04 13:20:59 2013 +0300
@@ -350,6 +350,7 @@
static int server_connection_init_ssl(struct server_connection *conn)
{
struct ssl_iostream_settings ssl_set;
+ const char *error;
if (conn->server->ssl_ctx == NULL)
return 0;
@@ -361,8 +362,8 @@
if (io_stream_create_ssl(conn->server->ssl_ctx, "doveadm", &ssl_set,
&conn->input, &conn->output,
- &conn->ssl_iostream) < 0) {
- i_error("Couldn't initialize SSL client");
+ &conn->ssl_iostream, &error) < 0) {
+ i_error("Couldn't initialize SSL client: %s", error);
return -1;
}
ssl_iostream_set_handshake_callback(conn->ssl_iostream,
diff -r 778daa3852ef -r 02f6b66458b1 src/lib-http/http-client-connection.c
--- a/src/lib-http/http-client-connection.c Thu Apr 04 13:12:26 2013 +0300
+++ b/src/lib-http/http-client-connection.c Thu Apr 04 13:20:59 2013 +0300
@@ -686,7 +686,7 @@
http_client_connection_ssl_init(struct http_client_connection *conn)
{
struct ssl_iostream_settings ssl_set;
- const char *source;
+ const char *source, *error;
if (conn->client->ssl_ctx == NULL) {
http_client_connection_error(conn, "No SSL context");
@@ -706,8 +706,10 @@
source = t_strdup_printf
("connection %s: ", http_client_connection_label(conn));
if (io_stream_create_ssl(conn->client->ssl_ctx, source, &ssl_set,
- &conn->conn.input, &conn->conn.output, &conn->ssl_iostream) < 0) {
- http_client_connection_error(conn, "Couldn't initialize SSL client");
+ &conn->conn.input, &conn->conn.output,
+ &conn->ssl_iostream, &error) < 0) {
+ http_client_connection_error(conn,
+ "Couldn't initialize SSL client: %s", error);
return -1;
}
ssl_iostream_set_handshake_callback(conn->ssl_iostream,
diff -r 778daa3852ef -r 02f6b66458b1 src/lib-http/http-client.c
--- a/src/lib-http/http-client.c Thu Apr 04 13:12:26 2013 +0300
+++ b/src/lib-http/http-client.c Thu Apr 04 13:20:59 2013 +0300
@@ -186,6 +186,7 @@
int http_client_init_ssl_ctx(struct http_client *client, const char **error_r)
{
struct ssl_iostream_settings ssl_set;
+ const char *error;
if (client->ssl_ctx != NULL)
return 0;
@@ -196,9 +197,9 @@
ssl_set.verify_remote_cert = TRUE;
ssl_set.crypto_device = client->set.ssl_crypto_device;
- if (ssl_iostream_context_init_client("lib-http", &ssl_set,
- &client->ssl_ctx) < 0) {
- *error_r = "Couldn't initialize SSL context";
+ if (ssl_iostream_context_init_client(&ssl_set, &client->ssl_ctx, &error) < 0) {
+ *error_r = t_strdup_printf("Couldn't initialize SSL context: %s",
+ error);
return -1;
}
return 0;
diff -r 778daa3852ef -r 02f6b66458b1 src/lib-imap-client/imapc-client.c
--- a/src/lib-imap-client/imapc-client.c Thu Apr 04 13:12:26 2013 +0300
+++ b/src/lib-imap-client/imapc-client.c Thu Apr 04 13:20:59 2013 +0300
@@ -39,7 +39,7 @@
{
struct imapc_client *client;
struct ssl_iostream_settings ssl_set;
- const char *source;
+ const char *error;
pool_t pool;
pool = pool_alloconly_create("imapc client", 1024);
@@ -70,11 +70,10 @@
ssl_set.verify_remote_cert = set->ssl_verify;
ssl_set.crypto_device = set->ssl_crypto_device;
- source = t_strdup_printf("%s:%u", set->host, set->port);
- if (ssl_iostream_context_init_client(source, &ssl_set,
- &client->ssl_ctx) < 0) {
- i_error("imapc(%s): Couldn't initialize SSL context",
- source);
+ if (ssl_iostream_context_init_client(&ssl_set, &client->ssl_ctx,
+ &error) < 0) {
+ i_error("imapc(%s:%u): Couldn't initialize SSL context: %s",
+ set->host, set->port, error);
}
}
client->untagged_callback = default_untagged_callback;
diff -r 778daa3852ef -r 02f6b66458b1 src/lib-imap-client/imapc-connection.c
--- a/src/lib-imap-client/imapc-connection.c Thu Apr 04 13:12:26 2013 +0300
+++ b/src/lib-imap-client/imapc-connection.c Thu Apr 04 13:20:59 2013 +0300
@@ -1161,7 +1161,7 @@
{
struct ssl_iostream_settings ssl_set;
struct stat st;
- const char *source;
+ const char *source, *error;
if (conn->client->ssl_ctx == NULL) {
i_error("imapc(%s): No SSL context", conn->name);
@@ -1191,9 +1191,9 @@
source = t_strdup_printf("imapc(%s): ", conn->name);
if (io_stream_create_ssl(conn->client->ssl_ctx, source, &ssl_set,
&conn->input, &conn->output,
- &conn->ssl_iostream) < 0) {
- i_error("imapc(%s): Couldn't initialize SSL client",
- conn->name);
+ &conn->ssl_iostream, &error) < 0) {
+ i_error("imapc(%s): Couldn't initialize SSL client: %s",
+ conn->name, error);
return -1;
}
ssl_iostream_set_handshake_callback(conn->ssl_iostream,
diff -r 778daa3852ef -r 02f6b66458b1 src/lib-master/master-service-ssl.c
--- a/src/lib-master/master-service-ssl.c Thu Apr 04 13:12:26 2013 +0300
+++ b/src/lib-master/master-service-ssl.c Thu Apr 04 13:20:59 2013 +0300
@@ -61,15 +61,18 @@
int master_service_ssl_init(struct master_service *service,
struct istream **input, struct ostream **output,
- struct ssl_iostream **ssl_iostream_r)
+ struct ssl_iostream **ssl_iostream_r,
+ const char **error_r)
{
const struct master_service_ssl_settings *set;
struct ssl_iostream_settings ssl_set;
i_assert(service->ssl_ctx_initialized);
- if (service->ssl_ctx == NULL)
+ if (service->ssl_ctx == NULL) {
+ *error_r = "Failed to initialize SSL context";
return -1;
+ }
(void)ssl_refresh_parameters(service);
@@ -80,7 +83,7 @@
ssl_set.verify_remote_cert = set->ssl_verify_client_cert;
return io_stream_create_ssl(service->ssl_ctx, service->name, &ssl_set,
- input, output, ssl_iostream_r);
+ input, output, ssl_iostream_r, error_r);
}
bool master_service_ssl_is_enabled(struct master_service *service)
@@ -92,6 +95,7 @@
{
const struct master_service_ssl_settings *set;
struct ssl_iostream_settings ssl_set;
+ const char *error;
if (service->ssl_ctx_initialized)
return;
@@ -116,9 +120,10 @@
ssl_set.verbose = set->verbose_ssl;
ssl_set.verify_remote_cert = set->ssl_verify_client_cert;
- if (ssl_iostream_context_init_server(service->name, &ssl_set,
- &service->ssl_ctx) < 0) {
- i_error("SSL context initialization failed, disabling SSL");
+ if (ssl_iostream_context_init_server(&ssl_set, &service->ssl_ctx,
+ &error) < 0) {
+ i_error("SSL context initialization failed, disabling SSL: %s",
+ error);
master_service_ssl_io_listeners_remove(service);
return;
}
diff -r 778daa3852ef -r 02f6b66458b1 src/lib-master/master-service-ssl.h
--- a/src/lib-master/master-service-ssl.h Thu Apr 04 13:12:26 2013 +0300
+++ b/src/lib-master/master-service-ssl.h Thu Apr 04 13:20:59 2013 +0300
@@ -5,7 +5,8 @@
int master_service_ssl_init(struct master_service *service,
struct istream **input, struct ostream **output,
- struct ssl_iostream **ssl_iostream_r);
+ struct ssl_iostream **ssl_iostream_r,
+ const char **error_r);
bool master_service_ssl_is_enabled(struct master_service *service);
diff -r 778daa3852ef -r 02f6b66458b1 src/lib-ssl-iostream/iostream-openssl-context.c
--- a/src/lib-ssl-iostream/iostream-openssl-context.c Thu Apr 04 13:12:26 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c Thu Apr 04 13:20:59 2013 +0300
@@ -14,14 +14,15 @@
struct ssl_iostream_password_context {
const char *password;
- const char *key_source;
+ const char *error;
};
static bool ssl_global_initialized = FALSE;
static ENGINE *ssl_iostream_engine;
int dovecot_ssl_extdata_index;
-static void ssl_iostream_init_global(const struct ssl_iostream_settings *set);
+static int ssl_iostream_init_global(const struct ssl_iostream_settings *set,
+ const char **error_r);
const char *openssl_iostream_error(void)
{
@@ -82,21 +83,20 @@
struct ssl_iostream_password_context *ctx = userdata;
if (ctx->password == NULL) {
- i_error("%s: SSL private key file is password protected, "
- "but password isn't given", ctx->key_source);
+ ctx->error = "SSL private key file is password protected, "
+ "but password isn't given";
return 0;
}
if (i_strocpy(buf, userdata, size) < 0) {
- i_error("%s: SSL private key password is too long",
- ctx->key_source);
+ ctx->error = "SSL private key password is too long";
return 0;
}
return strlen(buf);
}
int openssl_iostream_load_key(const struct ssl_iostream_settings *set,
- const char *key_source, EVP_PKEY **pkey_r)
+ EVP_PKEY **pkey_r, const char **error_r)
{
struct ssl_iostream_password_context ctx;
EVP_PKEY *pkey;
@@ -106,38 +106,42 @@
key = t_strdup_noconst(set->key);
More information about the dovecot-cvs
mailing list