"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/lib-master/master-service-ssl-settings.c" between
dovecot-2.3.16.tar.gz and dovecot-2.3.17.tar.gz

About: Dovecot is an IMAP and POP3 server, written with security primarily in mind.

[ To the main dovecot source changes report ]

master-service-ssl-settings.c  (dovecot-2.3.16):master-service-ssl-settings.c  (dovecot-2.3.17)
skipping to change at line 21 skipping to change at line 21
#undef DEF #undef DEF
#define DEF(type, name) \ #define DEF(type, name) \
SETTING_DEFINE_STRUCT_##type(#name, name, struct master_service_ssl_setti ngs) SETTING_DEFINE_STRUCT_##type(#name, name, struct master_service_ssl_setti ngs)
static bool static bool
master_service_ssl_settings_check(void *_set, pool_t pool, const char **error_r) ; master_service_ssl_settings_check(void *_set, pool_t pool, const char **error_r) ;
static const struct setting_define master_service_ssl_setting_defines[] = { static const struct setting_define master_service_ssl_setting_defines[] = {
DEF(ENUM, ssl), DEF(ENUM, ssl),
DEF(STR, ssl_ca), DEF(STR, ssl_ca),
DEF(STR, ssl_cert),
DEF(STR, ssl_key),
DEF(STR, ssl_alt_cert),
DEF(STR, ssl_alt_key),
DEF(STR, ssl_key_password),
DEF(STR, ssl_client_ca_file), DEF(STR, ssl_client_ca_file),
DEF(STR, ssl_client_ca_dir), DEF(STR, ssl_client_ca_dir),
DEF(STR, ssl_client_cert), DEF(STR, ssl_client_cert),
DEF(STR, ssl_client_key), DEF(STR, ssl_client_key),
DEF(STR, ssl_dh),
DEF(STR, ssl_cipher_list), DEF(STR, ssl_cipher_list),
DEF(STR, ssl_cipher_suites), DEF(STR, ssl_cipher_suites),
DEF(STR, ssl_curve_list), DEF(STR, ssl_curve_list),
DEF(STR, ssl_min_protocol), DEF(STR, ssl_min_protocol),
DEF(STR, ssl_cert_username_field), DEF(STR, ssl_cert_username_field),
DEF(STR, ssl_crypto_device), DEF(STR, ssl_crypto_device),
DEF(BOOL, ssl_verify_client_cert), DEF(BOOL, ssl_verify_client_cert),
DEF(BOOL, ssl_client_require_valid_cert), DEF(BOOL, ssl_client_require_valid_cert),
DEF(BOOL, ssl_require_crl), DEF(BOOL, ssl_require_crl),
DEF(BOOL, verbose_ssl), DEF(BOOL, verbose_ssl),
skipping to change at line 53 skipping to change at line 47
SETTING_DEFINE_LIST_END SETTING_DEFINE_LIST_END
}; };
static const struct master_service_ssl_settings master_service_ssl_default_setti ngs = { static const struct master_service_ssl_settings master_service_ssl_default_setti ngs = {
#ifdef HAVE_SSL #ifdef HAVE_SSL
.ssl = "yes:no:required", .ssl = "yes:no:required",
#else #else
.ssl = "no:yes:required", .ssl = "no:yes:required",
#endif #endif
/* keep synced with mail-storage-settings */
.ssl_ca = "", .ssl_ca = "",
.ssl_cert = "",
.ssl_key = "",
.ssl_alt_cert = "",
.ssl_alt_key = "",
.ssl_key_password = "",
.ssl_client_ca_file = "", .ssl_client_ca_file = "",
.ssl_client_ca_dir = "", .ssl_client_ca_dir = "",
.ssl_client_cert = "", .ssl_client_cert = "",
.ssl_client_key = "", .ssl_client_key = "",
.ssl_dh = "",
.ssl_cipher_list = "ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES: !3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH", .ssl_cipher_list = "ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES: !3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH",
.ssl_cipher_suites = "", /* Use TLS library provided value */ .ssl_cipher_suites = "", /* Use TLS library provided value */
.ssl_curve_list = "", .ssl_curve_list = "",
.ssl_min_protocol = "TLSv1.2", .ssl_min_protocol = "TLSv1.2",
.ssl_cert_username_field = "commonName", .ssl_cert_username_field = "commonName",
.ssl_crypto_device = "", .ssl_crypto_device = "",
.ssl_verify_client_cert = FALSE, .ssl_verify_client_cert = FALSE,
.ssl_client_require_valid_cert = TRUE, .ssl_client_require_valid_cert = TRUE,
.ssl_require_crl = TRUE, .ssl_require_crl = TRUE,
.verbose_ssl = FALSE, .verbose_ssl = FALSE,
skipping to change at line 91 skipping to change at line 78
.defines = master_service_ssl_setting_defines, .defines = master_service_ssl_setting_defines,
.defaults = &master_service_ssl_default_settings, .defaults = &master_service_ssl_default_settings,
.type_offset = SIZE_MAX, .type_offset = SIZE_MAX,
.struct_size = sizeof(struct master_service_ssl_settings), .struct_size = sizeof(struct master_service_ssl_settings),
.parent_offset = SIZE_MAX, .parent_offset = SIZE_MAX,
.check_func = master_service_ssl_settings_check .check_func = master_service_ssl_settings_check
}; };
#undef DEF
#define DEF(type, name) \
SETTING_DEFINE_STRUCT_##type(#name, name, struct master_service_ssl_serve
r_settings)
static const struct setting_define master_service_ssl_server_setting_defines[] =
{
DEF(STR, ssl_cert),
DEF(STR, ssl_key),
DEF(STR, ssl_alt_cert),
DEF(STR, ssl_alt_key),
DEF(STR, ssl_key_password),
DEF(STR, ssl_dh),
SETTING_DEFINE_LIST_END
};
static const struct master_service_ssl_server_settings master_service_ssl_server
_default_settings = {
.ssl_cert = "",
.ssl_key = "",
.ssl_alt_cert = "",
.ssl_alt_key = "",
.ssl_key_password = "",
.ssl_dh = "",
};
static const struct setting_parser_info *master_service_ssl_server_setting_depen
dencies[] = {
&master_service_ssl_setting_parser_info,
NULL
};
const struct setting_parser_info master_service_ssl_server_setting_parser_info =
{
.module_name = "ssl-server",
.defines = master_service_ssl_server_setting_defines,
.defaults = &master_service_ssl_server_default_settings,
.type_offset = SIZE_MAX,
.struct_size = sizeof(struct master_service_ssl_server_settings),
.parent_offset = SIZE_MAX,
.dependencies = master_service_ssl_server_setting_dependencies,
};
/* <settings checks> */ /* <settings checks> */
static bool static bool
master_service_ssl_settings_check(void *_set, pool_t pool ATTR_UNUSED, master_service_ssl_settings_check(void *_set, pool_t pool ATTR_UNUSED,
const char **error_r) const char **error_r)
{ {
struct master_service_ssl_settings *set = _set; struct master_service_ssl_settings *set = _set;
if (strcmp(set->ssl, "no") == 0) { if (strcmp(set->ssl, "no") == 0) {
/* disabled */ /* disabled */
return TRUE; return TRUE;
skipping to change at line 167 skipping to change at line 195
#endif #endif
return TRUE; return TRUE;
#endif #endif
} }
/* </settings checks> */ /* </settings checks> */
const struct master_service_ssl_settings * const struct master_service_ssl_settings *
master_service_ssl_settings_get(struct master_service *service) master_service_ssl_settings_get(struct master_service *service)
{ {
return master_service_ssl_settings_get_from_parser(service->set_parser);
}
const struct master_service_ssl_settings *
master_service_ssl_settings_get_from_parser(struct setting_parser_context *set_p
arser)
{
void **sets; void **sets;
i_assert(service->want_ssl_settings); sets = settings_parser_get_list(set_parser);
sets = settings_parser_get_list(service->set_parser);
return sets[1]; return sets[1];
} }
void master_service_ssl_settings_to_iostream_set( const struct master_service_ssl_server_settings *
master_service_ssl_server_settings_get(struct master_service *service)
{
void **sets;
i_assert(service->want_ssl_server);
sets = settings_parser_get_list(service->set_parser);
return sets[2];
}
static void master_service_ssl_common_settings_to_iostream_set(
const struct master_service_ssl_settings *ssl_set, pool_t pool, const struct master_service_ssl_settings *ssl_set, pool_t pool,
enum master_service_ssl_settings_type type,
struct ssl_iostream_settings *set_r) struct ssl_iostream_settings *set_r)
{ {
i_zero(set_r); i_zero(set_r);
set_r->min_protocol = p_strdup(pool, ssl_set->ssl_min_protocol); set_r->min_protocol = p_strdup(pool, ssl_set->ssl_min_protocol);
set_r->cipher_list = p_strdup(pool, ssl_set->ssl_cipher_list); set_r->cipher_list = p_strdup(pool, ssl_set->ssl_cipher_list);
/* leave NULL if empty - let library decide */ /* leave NULL if empty - let library decide */
set_r->ciphersuites = p_strdup_empty(pool, ssl_set->ssl_cipher_suites); set_r->ciphersuites = p_strdup_empty(pool, ssl_set->ssl_cipher_suites);
/* NOTE: It's a bit questionable whether ssl_ca should be used for /* NOTE: It's a bit questionable whether ssl_ca should be used for
clients. But at least for now it's needed for login-proxy. */ clients. But at least for now it's needed for login-proxy. */
set_r->ca = p_strdup_empty(pool, ssl_set->ssl_ca); set_r->ca = p_strdup_empty(pool, ssl_set->ssl_ca);
switch (type) {
case MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER:
set_r->cert.cert = p_strdup(pool, ssl_set->ssl_cert);
set_r->cert.key = p_strdup(pool, ssl_set->ssl_key);
set_r->cert.key_password = p_strdup(pool, ssl_set->ssl_key_passwo
rd);
if (ssl_set->ssl_alt_cert != NULL && *ssl_set->ssl_alt_cert != '\
0') {
set_r->alt_cert.cert = p_strdup(pool, ssl_set->ssl_alt_ce
rt);
set_r->alt_cert.key = p_strdup(pool, ssl_set->ssl_alt_key
);
set_r->alt_cert.key_password = p_strdup(pool, ssl_set->ss
l_key_password);
}
set_r->verify_remote_cert = ssl_set->ssl_verify_client_cert;
set_r->allow_invalid_cert = !set_r->verify_remote_cert;
break;
case MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT:
set_r->ca_file = p_strdup_empty(pool, ssl_set->ssl_client_ca_file
);
set_r->ca_dir = p_strdup_empty(pool, ssl_set->ssl_client_ca_dir);
set_r->cert.cert = p_strdup_empty(pool, ssl_set->ssl_client_cert)
;
set_r->cert.key = p_strdup_empty(pool, ssl_set->ssl_client_key);
set_r->verify_remote_cert = ssl_set->ssl_client_require_valid_cer
t;
set_r->allow_invalid_cert = !set_r->verify_remote_cert;
break;
}
set_r->dh = p_strdup(pool, ssl_set->ssl_dh);
set_r->crypto_device = p_strdup(pool, ssl_set->ssl_crypto_device); set_r->crypto_device = p_strdup(pool, ssl_set->ssl_crypto_device);
set_r->cert_username_field = p_strdup(pool, ssl_set->ssl_cert_username_fi eld); set_r->cert_username_field = p_strdup(pool, ssl_set->ssl_cert_username_fi eld);
set_r->verbose = ssl_set->verbose_ssl; set_r->verbose = ssl_set->verbose_ssl;
set_r->verbose_invalid_cert = ssl_set->verbose_ssl; set_r->verbose_invalid_cert = ssl_set->verbose_ssl;
set_r->skip_crl_check = !ssl_set->ssl_require_crl; set_r->skip_crl_check = !ssl_set->ssl_require_crl;
set_r->prefer_server_ciphers = ssl_set->ssl_prefer_server_ciphers; set_r->prefer_server_ciphers = ssl_set->ssl_prefer_server_ciphers;
set_r->compression = ssl_set->parsed_opts.compression; set_r->compression = ssl_set->parsed_opts.compression;
set_r->tickets = ssl_set->parsed_opts.tickets; set_r->tickets = ssl_set->parsed_opts.tickets;
set_r->curve_list = p_strdup(pool, ssl_set->ssl_curve_list); set_r->curve_list = p_strdup(pool, ssl_set->ssl_curve_list);
} }
void master_service_ssl_client_settings_to_iostream_set(
const struct master_service_ssl_settings *ssl_set, pool_t pool,
struct ssl_iostream_settings *set_r)
{
master_service_ssl_common_settings_to_iostream_set(ssl_set, pool, set_r);
set_r->ca_file = p_strdup_empty(pool, ssl_set->ssl_client_ca_file);
set_r->ca_dir = p_strdup_empty(pool, ssl_set->ssl_client_ca_dir);
set_r->cert.cert = p_strdup_empty(pool, ssl_set->ssl_client_cert);
set_r->cert.key = p_strdup_empty(pool, ssl_set->ssl_client_key);
set_r->verify_remote_cert = ssl_set->ssl_client_require_valid_cert;
set_r->allow_invalid_cert = !set_r->verify_remote_cert;
}
void master_service_ssl_server_settings_to_iostream_set(
const struct master_service_ssl_settings *ssl_set,
const struct master_service_ssl_server_settings *ssl_server_set,
pool_t pool, struct ssl_iostream_settings *set_r)
{
master_service_ssl_common_settings_to_iostream_set(ssl_set, pool, set_r);
set_r->cert.cert = p_strdup(pool, ssl_server_set->ssl_cert);
set_r->cert.key = p_strdup(pool, ssl_server_set->ssl_key);
set_r->cert.key_password = p_strdup(pool, ssl_server_set->ssl_key_passwor
d);
if (ssl_server_set->ssl_alt_cert != NULL &&
*ssl_server_set->ssl_alt_cert != '\0') {
set_r->alt_cert.cert = p_strdup(pool, ssl_server_set->ssl_alt_cer
t);
set_r->alt_cert.key = p_strdup(pool, ssl_server_set->ssl_alt_key)
;
set_r->alt_cert.key_password = p_strdup(pool, ssl_server_set->ssl
_key_password);
}
set_r->dh = p_strdup(pool, ssl_server_set->ssl_dh);
set_r->verify_remote_cert = ssl_set->ssl_verify_client_cert;
set_r->allow_invalid_cert = !set_r->verify_remote_cert;
}
 End of changes. 12 change blocks. 
49 lines changed or deleted 65 lines changed or added
To the C Programs section of the dovecot source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)