change to how we manage SSL initialization. It needs to be done in two steps to be able to return the correct smtp code in case of failure
This commit is contained in:
parent
90bd8fd914
commit
07eaaab646
|
@ -86,9 +86,15 @@ void Proxy::run(string &peer_address)
|
||||||
inside.connect(cfg.getServerHost(),cfg.getServerPort());
|
inside.connect(cfg.getServerHost(),cfg.getServerPort());
|
||||||
#ifdef HAVE_SSL
|
#ifdef HAVE_SSL
|
||||||
if(cfg.getOutgoingSsl())
|
if(cfg.getOutgoingSsl())
|
||||||
inside.enableSSL(false);
|
{
|
||||||
|
inside.prepareSSL(false);
|
||||||
|
inside.startSSL(false);
|
||||||
|
}
|
||||||
if(cfg.getIncomingSsl())
|
if(cfg.getIncomingSsl())
|
||||||
outside.enableSSL(true);
|
{
|
||||||
|
outside.prepareSSL(true);
|
||||||
|
outside.startSSL(true);
|
||||||
|
}
|
||||||
#endif //HAVE_SSL
|
#endif //HAVE_SSL
|
||||||
|
|
||||||
while(!outside.isClosed()&&!inside.isClosed())
|
while(!outside.isClosed()&&!inside.isClosed())
|
||||||
|
@ -216,9 +222,10 @@ void Proxy::run(string &peer_address)
|
||||||
#ifdef HAVE_SSL
|
#ifdef HAVE_SSL
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
outside.enableSSL(true);
|
outside.prepareSSL(true);
|
||||||
LINF("STARTTLS issued by remote, TLS enabled");
|
LINF("STARTTLS issued by remote, TLS enabled");
|
||||||
outside.writeLine("220 You can speak now, line is secure!!");
|
outside.writeLine("220 You can speak now, line is secure!!");
|
||||||
|
outside.startSSL(true);
|
||||||
}
|
}
|
||||||
catch(Exception &e)
|
catch(Exception &e)
|
||||||
{
|
{
|
||||||
|
|
|
@ -153,14 +153,12 @@ Socket::~Socket()
|
||||||
|
|
||||||
#ifdef HAVE_SSL
|
#ifdef HAVE_SSL
|
||||||
/**
|
/**
|
||||||
* enable ssl on the socket
|
* prepare ssl on the socket
|
||||||
*
|
*
|
||||||
* @param server whether to enable server ssl or client ssl
|
* @param server whether to enable server ssl or client ssl
|
||||||
*/
|
*/
|
||||||
void Socket::enableSSL(bool server)
|
void Socket::prepareSSL(bool server)
|
||||||
{
|
{
|
||||||
int retval;
|
|
||||||
|
|
||||||
if(server)
|
if(server)
|
||||||
ssl=SSL_new(ssl_ctx_server);
|
ssl=SSL_new(ssl_ctx_server);
|
||||||
else
|
else
|
||||||
|
@ -171,12 +169,22 @@ void Socket::enableSSL(bool server)
|
||||||
|
|
||||||
if(1!=SSL_set_fd(ssl,fd))
|
if(1!=SSL_set_fd(ssl,fd))
|
||||||
throw Exception(_("Error setting FD"),__FILE__,__LINE__);
|
throw Exception(_("Error setting FD"),__FILE__,__LINE__);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* actually do the ssl handshake and start receiving encoded
|
||||||
|
*
|
||||||
|
* @param server whether to enable server ssl or client ssl
|
||||||
|
*/
|
||||||
|
void Socket::startSSL(bool server)
|
||||||
|
{
|
||||||
|
int retval;
|
||||||
|
|
||||||
retval=server? SSL_accept(ssl) : SSL_connect(ssl);
|
retval=server? SSL_accept(ssl) : SSL_connect(ssl);
|
||||||
|
|
||||||
//SSL_accept and SSL_connect have the same semantics so we handle them together
|
//SSL_accept and SSL_connect have the same semantics so we handle them together
|
||||||
if(1!=retval)
|
if(1!=retval)
|
||||||
throw Exception(_("Error enabling SSL on the socket"),__FILE__,__LINE__);
|
throw Exception(_("Error doing SSL handshake on the socket"),__FILE__,__LINE__);
|
||||||
|
|
||||||
//only set ssl_enabled if we have suceeded with everything
|
//only set ssl_enabled if we have suceeded with everything
|
||||||
ssl_enabled=true;
|
ssl_enabled=true;
|
||||||
|
|
|
@ -74,7 +74,8 @@ class Socket
|
||||||
Socket();
|
Socket();
|
||||||
~Socket();
|
~Socket();
|
||||||
#ifdef HAVE_SSL
|
#ifdef HAVE_SSL
|
||||||
void enableSSL(bool);
|
void prepareSSL(bool);
|
||||||
|
void startSSL(bool);
|
||||||
#endif //HAVE_SSL
|
#endif //HAVE_SSL
|
||||||
void setFD(int);
|
void setFD(int);
|
||||||
bool canRead(float);
|
bool canRead(float);
|
||||||
|
|
|
@ -316,7 +316,8 @@ void *cleaner_thread_run(void *)
|
||||||
if(cfg.getSubmitStatsSsl())
|
if(cfg.getSubmitStatsSsl())
|
||||||
{
|
{
|
||||||
s.writeLine("ssl");
|
s.writeLine("ssl");
|
||||||
s.enableSSL(false);
|
s.prepareSSL(false);
|
||||||
|
s.startSSL(false);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif //HAVE_SSL
|
#endif //HAVE_SSL
|
||||||
|
|
Loading…
Reference in a new issue