dovecot-2.2: auth ldap: If any tls_* settings are given when the...
dovecot at dovecot.org
dovecot at dovecot.org
Mon Mar 16 21:18:29 UTC 2015
details: http://hg.dovecot.org/dovecot-2.2/rev/ec2e7ae958c5
changeset: 18359:ec2e7ae958c5
user: Timo Sirainen <tss at iki.fi>
date: Mon Mar 16 23:17:39 2015 +0200
description:
auth ldap: If any tls_* settings are given when they're not supported, fail with fatal instead of just warning.
These may be important for intended security, especially tls_cipher_suite.
We shouldn't allow setting them and then somewhat silently just ignore them.
diffstat:
src/auth/db-ldap.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diffs (17 lines):
diff -r 804dc641f448 -r ec2e7ae958c5 src/auth/db-ldap.c
--- a/src/auth/db-ldap.c Mon Mar 16 23:14:49 2015 +0200
+++ b/src/auth/db-ldap.c Mon Mar 16 23:17:39 2015 +0200
@@ -1087,9 +1087,10 @@
conn->set.tls_ca_cert_dir != NULL ||
conn->set.tls_cert_file != NULL ||
conn->set.tls_key_file != NULL ||
- conn->set.tls_cipher_suite != NULL)
- i_warning("LDAP: tls_* settings ignored, "
- "your LDAP library doesn't seem to support them");
+ conn->set.tls_cipher_suite != NULL) {
+ i_fatal("LDAP %s: tls_* settings aren't supported by your LDAP library - they must not be set",
+ conn->config_path);
+ }
#endif
}
More information about the dovecot-cvs
mailing list