master-service-ssl-settings.c revision 02c335c23bf5fa225a467c19f2c063fb0dc7b8c3
c25356d5978632df6203437e1953bcb29e0c736fTimo Sirainen/* Copyright (c) 2013-2016 Dovecot authors, see the included COPYING file */
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen { type, #name, offsetof(struct master_service_ssl_settings, name), NULL }
29543188462c9348f365ec29115d777ffe4769d3Timo Sirainenmaster_service_ssl_settings_check(void *_set, pool_t pool, const char **error_r);
37847ec8eaec9ad55c9df10ae109efe7b37ac573Timo Sirainenstatic const struct setting_define master_service_ssl_setting_defines[] = {
dca6d617a23e3f93af3b8df59acb46478179fe55Timo Sirainen DEF(SET_STR, ssl_options), /* parsed as a string to set bools */
a27e065f1a1f91c7fbdf7c2ea1c387441af0cbb3Timo Sirainenstatic const struct master_service_ssl_settings master_service_ssl_default_settings = {
c0a87e5f3316a57e6f915882fa1951d0fbb74a61Timo Sirainen .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL",
d92f33f13830ba23d814342bf3ea8db721a15bb1Timo Sirainenconst struct setting_parser_info master_service_ssl_setting_parser_info = {
61e84692827b6a64912343f515c984853021483aTimo Sirainen .defines = master_service_ssl_setting_defines,
a27e065f1a1f91c7fbdf7c2ea1c387441af0cbb3Timo Sirainen .defaults = &master_service_ssl_default_settings,
dca6d617a23e3f93af3b8df59acb46478179fe55Timo Sirainen .struct_size = sizeof(struct master_service_ssl_settings),
dca6d617a23e3f93af3b8df59acb46478179fe55Timo Sirainen .check_func = master_service_ssl_settings_check
dca6d617a23e3f93af3b8df59acb46478179fe55Timo Sirainen/* <settings checks> */
4ba962c3e78f140facdcfb1e093c4c46de75ae24Timo Sirainenmaster_service_ssl_settings_check(void *_set, pool_t pool ATTR_UNUSED,
4ba962c3e78f140facdcfb1e093c4c46de75ae24Timo Sirainen const char **error_r)
4ba962c3e78f140facdcfb1e093c4c46de75ae24Timo Sirainen struct master_service_ssl_settings *set = _set;
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainen /* disabled */
71e88fae3be360e9a93b3398e743f99a6f05d2edTimo Sirainen *error_r = t_strdup_printf("SSL support not compiled in but ssl=%s",
8854395cdd21ca521b37ce669f3acb8445792b20Timo Sirainen /* we get called from many different tools, possibly with -O parameter,
8854395cdd21ca521b37ce669f3acb8445792b20Timo Sirainen and few of those tools care about SSL settings. so don't check
8854395cdd21ca521b37ce669f3acb8445792b20Timo Sirainen ssl_cert/ssl_key/etc validity here except in doveconf, because it
8854395cdd21ca521b37ce669f3acb8445792b20Timo Sirainen usually is just an extra annoyance. */
a27e065f1a1f91c7fbdf7c2ea1c387441af0cbb3Timo Sirainen *error_r = "ssl enabled, but ssl_cert not set";
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen *error_r = "ssl enabled, but ssl_key not set";
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen if (set->ssl_verify_client_cert && *set->ssl_ca == '\0') {
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen *error_r = "ssl_verify_client_cert set, but ssl_ca not";
bbd0a870f8639767e4e4011d2aedadac08d5c66fTimo Sirainen /* Now explode the ssl_options string into individual flags */
a27e065f1a1f91c7fbdf7c2ea1c387441af0cbb3Timo Sirainen /* First set them all to defaults */
a27e065f1a1f91c7fbdf7c2ea1c387441af0cbb3Timo Sirainen /* Then modify anything specified in the string */
a27e065f1a1f91c7fbdf7c2ea1c387441af0cbb3Timo Sirainen const char **opts = t_strsplit_spaces(set->ssl_options, ", ");
c58906589cafc32df4c04ffbef933baadd3f2276Timo Sirainen const char *opt;
a27e065f1a1f91c7fbdf7c2ea1c387441af0cbb3Timo Sirainen } else if (strcasecmp(opt, "no_ticket") == 0) {
5694eeb99b69dea8033ca77ad69743c6b4871370Timo Sirainen *error_r = t_strdup_printf("ssl_options: unknown flag: '%s'",
bd4e36a8cd7257cca7d1434c49a1e343ed7c5100Timo Sirainen/* </settings checks> */
ff7056842f14fd3b30a2d327dfab165b9d15dd30Timo Sirainenmaster_service_ssl_settings_get(struct master_service *service)