diff options
Diffstat (limited to 'imap4d/starttls.c')
-rw-r--r-- | imap4d/starttls.c | 115 |
1 files changed, 71 insertions, 44 deletions
diff --git a/imap4d/starttls.c b/imap4d/starttls.c index 4ac540939..2d9e03269 100644 --- a/imap4d/starttls.c +++ b/imap4d/starttls.c @@ -16,6 +16,8 @@ #include "imap4d.h" +static int global_conf_status = -1; +int global_tls_mode; struct mu_tls_config global_tls_conf; /* @@ -68,6 +70,70 @@ tls_encryption_on (struct imap4d_session *session) } int +starttls_server_check (struct imap4d_srv_config *cfg, char const *srvid) +{ + int result; + + switch (cfg->tls_mode) + { + case tls_unspecified: + if (global_tls_mode != tls_unspecified) + cfg->tls_mode = global_tls_mode; + else if (cfg->tls_conf.cert_file) + cfg->tls_mode = tls_ondemand; + else + { + cfg->tls_mode = tls_no; + return MU_TLS_CONFIG_NULL; + } + break; + + case tls_no: + return MU_TLS_CONFIG_NULL; + + default: + break; + } + + result = mu_tls_config_check (&cfg->tls_conf, 1); + switch (result) + { + case MU_TLS_CONFIG_OK: + if (!cfg->tls_conf.cert_file) + { + mu_error (_("server %s: no certificate set"), srvid); + result = MU_TLS_CONFIG_FAIL; + } + break; + + case MU_TLS_CONFIG_NULL: + if (global_conf_status == -1) + { + if (global_tls_conf.cert_file) + global_conf_status = mu_tls_config_check (&global_tls_conf, 1); + else + global_conf_status = MU_TLS_CONFIG_NULL; + } + + if (global_conf_status != MU_TLS_CONFIG_NULL) + { + cfg->tls_conf = global_tls_conf; + result = MU_TLS_CONFIG_OK; + } + else + { + mu_error (_("server %s: no certificate set"), srvid); + result = MU_TLS_CONFIG_FAIL; + } + break; + + default: + mu_error (_("server %s: TLS configuration failed"), srvid); + } + return result; +} + +int starttls_init (mu_m_server_t msrv) { mu_list_t srvlist; @@ -75,12 +141,6 @@ starttls_init (mu_m_server_t msrv) int errors = 0; int tls_ok = mu_init_tls_libs (); int tls_requested = 0; - int global_conf_status = 0; - - if (global_tls_conf.cert_file) - global_conf_status = mu_tls_config_check (&global_tls_conf, 1); - else - global_conf_status = MU_TLS_CONFIG_NULL; mu_m_server_get_srvlist (msrv, &srvlist); mu_list_get_iterator (srvlist, &itr); @@ -90,51 +150,15 @@ starttls_init (mu_m_server_t msrv) struct imap4d_srv_config *cfg; mu_iterator_current (itr, (void**) &ipsrv); cfg = mu_ip_server_get_data (ipsrv); - switch (cfg->tls_mode) + switch (starttls_server_check (cfg, mu_ip_server_addrstr (ipsrv))) { - case tls_unspecified: - if (cfg->tls_conf.cert_file) - { - cfg->tls_mode = tls_ondemand; - break; - } - else - cfg->tls_mode = tls_no; - /* fall through */ - case tls_no: + case MU_TLS_CONFIG_NULL: continue; - default: - break; - } - - switch (mu_tls_config_check (&cfg->tls_conf, 1)) - { case MU_TLS_CONFIG_OK: - if (!cfg->tls_conf.cert_file) - { - mu_error (_("server %s: no certificate set"), - mu_ip_server_addrstr (ipsrv)); - errors = 1; - } - break; - - case MU_TLS_CONFIG_NULL: - if (global_conf_status != MU_TLS_CONFIG_NULL) - { - cfg->tls_conf = global_tls_conf; - } - else - { - mu_error (_("server %s: no certificate set"), - mu_ip_server_addrstr (ipsrv)); - errors = 1; - } break; default: - mu_error (_("server %s: TLS configuration failed"), - mu_ip_server_addrstr (ipsrv)); errors = 1; } @@ -142,6 +166,9 @@ starttls_init (mu_m_server_t msrv) } mu_iterator_destroy (&itr); + if (global_tls_mode == tls_unspecified) + global_tls_mode = tls_no; + if (tls_requested && !tls_ok) { mu_error (_("TLS is not configured, but requested in the " |