change to how we manage SSL initialization. It needs to be done in two steps to be able to return the correct smtp code in case of failure

2011-10-03 20:04:48 +00:00 · 2011-10-03 20:04:48 +00:00 · 07eaaab646
parent 90bd8fd914
commit 07eaaab646
4 changed files with 27 additions and 10 deletions
--- a/src/Proxy.cpp
+++ b/src/Proxy.cpp
@ -86,9 +86,15 @@ void Proxy::run(string &peer_address)
    inside.connect(cfg.getServerHost(),cfg.getServerPort());
    #ifdef HAVE_SSL
      if(cfg.getOutgoingSsl())
-        inside.enableSSL(false);
+      {
+        inside.prepareSSL(false);
+        inside.startSSL(false);
+      }
      if(cfg.getIncomingSsl())
-        outside.enableSSL(true);
+      {
+        outside.prepareSSL(true);
+        outside.startSSL(true);
+      }
    #endif //HAVE_SSL

    while(!outside.isClosed()&&!inside.isClosed())
@ -216,9 +222,10 @@ void Proxy::run(string &peer_address)
          #ifdef HAVE_SSL
            try
            {
-              outside.enableSSL(true);
+              outside.prepareSSL(true);
              LINF("STARTTLS issued by remote, TLS enabled");
              outside.writeLine("220 You can speak now, line is secure!!");
+              outside.startSSL(true);
            }
            catch(Exception &e)
            {
--- a/src/Socket.cpp
+++ b/src/Socket.cpp
@ -153,14 +153,12 @@ Socket::~Socket()

 #ifdef HAVE_SSL
 /**
- * enable ssl on the socket
+ * prepare ssl on the socket
 *
 * @param server whether to enable server ssl or client ssl
 */
-void Socket::enableSSL(bool server)
+void Socket::prepareSSL(bool server)
 {
-  int retval;
-
  if(server)
    ssl=SSL_new(ssl_ctx_server);
  else
@ -171,12 +169,22 @@ void Socket::enableSSL(bool server)

  if(1!=SSL_set_fd(ssl,fd))
    throw Exception(_("Error setting FD"),__FILE__,__LINE__);
+}
+
+/**
+ * actually do the ssl handshake and start receiving encoded
+ *
+ * @param server whether to enable server ssl or client ssl
+ */
+void Socket::startSSL(bool server)
+{
+  int retval;

  retval=server? SSL_accept(ssl) : SSL_connect(ssl);

  //SSL_accept and SSL_connect have the same semantics so we handle them together
  if(1!=retval)
-    throw Exception(_("Error enabling SSL on the socket"),__FILE__,__LINE__);
+    throw Exception(_("Error doing SSL handshake on the socket"),__FILE__,__LINE__);

  //only set ssl_enabled if we have suceeded with everything
  ssl_enabled=true;
--- a/src/Socket.h
+++ b/src/Socket.h
@ -74,7 +74,8 @@ class Socket
    Socket();
    ~Socket();
    #ifdef HAVE_SSL
-    void enableSSL(bool);
+    void prepareSSL(bool);
+    void startSSL(bool);
    #endif //HAVE_SSL
    void setFD(int);
    bool canRead(float);
--- a/src/hermes.cpp
+++ b/src/hermes.cpp
@ -316,7 +316,8 @@ void *cleaner_thread_run(void *)
            if(cfg.getSubmitStatsSsl())
            {
              s.writeLine("ssl");
-              s.enableSSL(false);
+              s.prepareSSL(false);
+              s.startSSL(false);
            }
            else
            #endif //HAVE_SSL