From 07eaaab64675564ebe91edfd6d7aeb07a8737611 Mon Sep 17 00:00:00 2001
From: ps <ps@805f7146-951d-0410-87ab-a7c6d0b5165e>
Date: Mon, 3 Oct 2011 20:04:48 +0000
Subject: [PATCH] change to how we manage SSL initialization. It needs to be
 done in two steps to be able to return the correct smtp code in case of
 failure

---
 src/Proxy.cpp  | 13 ++++++++++---
 src/Socket.cpp | 18 +++++++++++++-----
 src/Socket.h   |  3 ++-
 src/hermes.cpp |  3 ++-
 4 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/src/Proxy.cpp b/src/Proxy.cpp
index ae8141c..1359cde 100644
--- a/src/Proxy.cpp
+++ b/src/Proxy.cpp
@@ -86,9 +86,15 @@ void Proxy::run(string &peer_address)
     inside.connect(cfg.getServerHost(),cfg.getServerPort());
     #ifdef HAVE_SSL
       if(cfg.getOutgoingSsl())
-        inside.enableSSL(false);
+      {
+        inside.prepareSSL(false);
+        inside.startSSL(false);
+      }
       if(cfg.getIncomingSsl())
-        outside.enableSSL(true);
+      {
+        outside.prepareSSL(true);
+        outside.startSSL(true);
+      }
     #endif //HAVE_SSL
 
     while(!outside.isClosed()&&!inside.isClosed())
@@ -216,9 +222,10 @@ void Proxy::run(string &peer_address)
           #ifdef HAVE_SSL
             try
             {
-              outside.enableSSL(true);
+              outside.prepareSSL(true);
               LINF("STARTTLS issued by remote, TLS enabled");
               outside.writeLine("220 You can speak now, line is secure!!");
+              outside.startSSL(true);
             }
             catch(Exception &e)
             {
diff --git a/src/Socket.cpp b/src/Socket.cpp
index 799589a..288732d 100644
--- a/src/Socket.cpp
+++ b/src/Socket.cpp
@@ -153,14 +153,12 @@ Socket::~Socket()
 
 #ifdef HAVE_SSL
 /**
- * enable ssl on the socket
+ * prepare ssl on the socket
  *
  * @param server whether to enable server ssl or client ssl
  */
-void Socket::enableSSL(bool server)
+void Socket::prepareSSL(bool server)
 {
-  int retval;
-
   if(server)
     ssl=SSL_new(ssl_ctx_server);
   else
@@ -171,12 +169,22 @@ void Socket::enableSSL(bool server)
 
   if(1!=SSL_set_fd(ssl,fd))
     throw Exception(_("Error setting FD"),__FILE__,__LINE__);
+}
+
+/**
+ * actually do the ssl handshake and start receiving encoded
+ *
+ * @param server whether to enable server ssl or client ssl
+ */
+void Socket::startSSL(bool server)
+{
+  int retval;
 
   retval=server? SSL_accept(ssl) : SSL_connect(ssl);
 
   //SSL_accept and SSL_connect have the same semantics so we handle them together
   if(1!=retval)
-    throw Exception(_("Error enabling SSL on the socket"),__FILE__,__LINE__);
+    throw Exception(_("Error doing SSL handshake on the socket"),__FILE__,__LINE__);
 
   //only set ssl_enabled if we have suceeded with everything
   ssl_enabled=true;
diff --git a/src/Socket.h b/src/Socket.h
index 96ff646..1313c93 100644
--- a/src/Socket.h
+++ b/src/Socket.h
@@ -74,7 +74,8 @@ class Socket
     Socket();
     ~Socket();
     #ifdef HAVE_SSL
-    void enableSSL(bool);
+    void prepareSSL(bool);
+    void startSSL(bool);
     #endif //HAVE_SSL
     void setFD(int);
     bool canRead(float);
diff --git a/src/hermes.cpp b/src/hermes.cpp
index aef105e..8b02315 100644
--- a/src/hermes.cpp
+++ b/src/hermes.cpp
@@ -316,7 +316,8 @@ void *cleaner_thread_run(void *)
             if(cfg.getSubmitStatsSsl())
             {
               s.writeLine("ssl");
-              s.enableSSL(false);
+              s.prepareSSL(false);
+              s.startSSL(false);
             }
             else
             #endif //HAVE_SSL