"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/lib-master/master-service-ssl.c" between
dovecot-2.3.16.tar.gz and dovecot-2.3.17.tar.gz

About: Dovecot is an IMAP and POP3 server, written with security primarily in mind.

master-service-ssl.c  (dovecot-2.3.16)	:	master-service-ssl.c  (dovecot-2.3.17)
skipping to change at line 48		skipping to change at line 48
}		}
bool master_service_ssl_is_enabled(struct master_service *service)		bool master_service_ssl_is_enabled(struct master_service *service)
{		{
return service->ssl_ctx != NULL;		return service->ssl_ctx != NULL;
}		}
void master_service_ssl_ctx_init(struct master_service *service)		void master_service_ssl_ctx_init(struct master_service *service)
{		{
const struct master_service_ssl_settings *set;		const struct master_service_ssl_settings *set;
		const struct master_service_ssl_server_settings *server_set;
struct ssl_iostream_settings ssl_set;		struct ssl_iostream_settings ssl_set;
const char *error;		const char *error;
if (service->ssl_ctx_initialized)		if (service->ssl_ctx_initialized)
return;		return;
service->ssl_ctx_initialized = TRUE;		service->ssl_ctx_initialized = TRUE;
/* must be called after master_service_init_finish() so that if		/* must be called after master_service_init_finish() so that if
initialization fails we can close the SSL listeners */		initialization fails we can close the SSL listeners */
i_assert(service->listeners != NULL || service->socket_count == 0);		i_assert(service->listeners != NULL || service->socket_count == 0);
set = master_service_ssl_settings_get(service);		set = master_service_ssl_settings_get(service);
		server_set = master_service_ssl_server_settings_get(service);
if (strcmp(set->ssl, "no") == 0) {		if (strcmp(set->ssl, "no") == 0) {
/* SSL disabled, don't use it */		/* SSL disabled, don't use it */
return;		return;
}		}
i_zero(&ssl_set);		i_zero(&ssl_set);
ssl_set.min_protocol = set->ssl_min_protocol;		ssl_set.min_protocol = set->ssl_min_protocol;
ssl_set.cipher_list = set->ssl_cipher_list;		ssl_set.cipher_list = set->ssl_cipher_list;
ssl_set.curve_list = set->ssl_curve_list;		ssl_set.curve_list = set->ssl_curve_list;
ssl_set.ca = set->ssl_ca;		ssl_set.ca = set->ssl_ca;
ssl_set.cert.cert = set->ssl_cert;		ssl_set.cert.cert = server_set->ssl_cert;
ssl_set.cert.key = set->ssl_key;		ssl_set.cert.key = server_set->ssl_key;
ssl_set.dh = set->ssl_dh;		ssl_set.dh = server_set->ssl_dh;
ssl_set.cert.key_password = set->ssl_key_password;		ssl_set.cert.key_password = server_set->ssl_key_password;
ssl_set.cert_username_field = set->ssl_cert_username_field;		ssl_set.cert_username_field = set->ssl_cert_username_field;
if (set->ssl_alt_cert != NULL && *set->ssl_alt_cert != '\0') {		if (server_set->ssl_alt_cert != NULL &&
ssl_set.alt_cert.cert = set->ssl_alt_cert;		*server_set->ssl_alt_cert != '\0') {
ssl_set.alt_cert.key = set->ssl_alt_key;		ssl_set.alt_cert.cert = server_set->ssl_alt_cert;
ssl_set.alt_cert.key_password = set->ssl_key_password;		ssl_set.alt_cert.key = server_set->ssl_alt_key;
		ssl_set.alt_cert.key_password = server_set->ssl_key_password;
}		}
ssl_set.crypto_device = set->ssl_crypto_device;		ssl_set.crypto_device = set->ssl_crypto_device;
ssl_set.skip_crl_check = !set->ssl_require_crl;		ssl_set.skip_crl_check = !set->ssl_require_crl;
ssl_set.verbose = set->verbose_ssl;		ssl_set.verbose = set->verbose_ssl;
ssl_set.verify_remote_cert = set->ssl_verify_client_cert;		ssl_set.verify_remote_cert = set->ssl_verify_client_cert;
ssl_set.prefer_server_ciphers = set->ssl_prefer_server_ciphers;		ssl_set.prefer_server_ciphers = set->ssl_prefer_server_ciphers;
ssl_set.compression = set->parsed_opts.compression;		ssl_set.compression = set->parsed_opts.compression;
if (ssl_iostream_context_init_server(&ssl_set, &service->ssl_ctx,		if (ssl_iostream_context_init_server(&ssl_set, &service->ssl_ctx,
End of changes. 4 change blocks.
8 lines changed or deleted		11 lines changed or added

---