change to how we manage SSL initialization. It needs to be done in two steps to be able to return the correct smtp code in case of failure
このコミットが含まれているのは:
コミット
07eaaab646
|
@ -86,9 +86,15 @@ void Proxy::run(string &peer_address)
|
|||
inside.connect(cfg.getServerHost(),cfg.getServerPort());
|
||||
#ifdef HAVE_SSL
|
||||
if(cfg.getOutgoingSsl())
|
||||
inside.enableSSL(false);
|
||||
{
|
||||
inside.prepareSSL(false);
|
||||
inside.startSSL(false);
|
||||
}
|
||||
if(cfg.getIncomingSsl())
|
||||
outside.enableSSL(true);
|
||||
{
|
||||
outside.prepareSSL(true);
|
||||
outside.startSSL(true);
|
||||
}
|
||||
#endif //HAVE_SSL
|
||||
|
||||
while(!outside.isClosed()&&!inside.isClosed())
|
||||
|
@ -216,9 +222,10 @@ void Proxy::run(string &peer_address)
|
|||
#ifdef HAVE_SSL
|
||||
try
|
||||
{
|
||||
outside.enableSSL(true);
|
||||
outside.prepareSSL(true);
|
||||
LINF("STARTTLS issued by remote, TLS enabled");
|
||||
outside.writeLine("220 You can speak now, line is secure!!");
|
||||
outside.startSSL(true);
|
||||
}
|
||||
catch(Exception &e)
|
||||
{
|
||||
|
|
|
@ -153,14 +153,12 @@ Socket::~Socket()
|
|||
|
||||
#ifdef HAVE_SSL
|
||||
/**
|
||||
* enable ssl on the socket
|
||||
* prepare ssl on the socket
|
||||
*
|
||||
* @param server whether to enable server ssl or client ssl
|
||||
*/
|
||||
void Socket::enableSSL(bool server)
|
||||
void Socket::prepareSSL(bool server)
|
||||
{
|
||||
int retval;
|
||||
|
||||
if(server)
|
||||
ssl=SSL_new(ssl_ctx_server);
|
||||
else
|
||||
|
@ -171,12 +169,22 @@ void Socket::enableSSL(bool server)
|
|||
|
||||
if(1!=SSL_set_fd(ssl,fd))
|
||||
throw Exception(_("Error setting FD"),__FILE__,__LINE__);
|
||||
}
|
||||
|
||||
/**
|
||||
* actually do the ssl handshake and start receiving encoded
|
||||
*
|
||||
* @param server whether to enable server ssl or client ssl
|
||||
*/
|
||||
void Socket::startSSL(bool server)
|
||||
{
|
||||
int retval;
|
||||
|
||||
retval=server? SSL_accept(ssl) : SSL_connect(ssl);
|
||||
|
||||
//SSL_accept and SSL_connect have the same semantics so we handle them together
|
||||
if(1!=retval)
|
||||
throw Exception(_("Error enabling SSL on the socket"),__FILE__,__LINE__);
|
||||
throw Exception(_("Error doing SSL handshake on the socket"),__FILE__,__LINE__);
|
||||
|
||||
//only set ssl_enabled if we have suceeded with everything
|
||||
ssl_enabled=true;
|
||||
|
|
|
@ -74,7 +74,8 @@ class Socket
|
|||
Socket();
|
||||
~Socket();
|
||||
#ifdef HAVE_SSL
|
||||
void enableSSL(bool);
|
||||
void prepareSSL(bool);
|
||||
void startSSL(bool);
|
||||
#endif //HAVE_SSL
|
||||
void setFD(int);
|
||||
bool canRead(float);
|
||||
|
|
|
@ -316,7 +316,8 @@ void *cleaner_thread_run(void *)
|
|||
if(cfg.getSubmitStatsSsl())
|
||||
{
|
||||
s.writeLine("ssl");
|
||||
s.enableSSL(false);
|
||||
s.prepareSSL(false);
|
||||
s.startSSL(false);
|
||||
}
|
||||
else
|
||||
#endif //HAVE_SSL
|
||||
|
|
読み込み中…
新しいイシューから参照