master-service-ssl-settings.c revision 7a6197f909f23febec07194a5f4c0e1f53d49cef
02c335c23bf5fa225a467c19f2c063fb0dc7b8c3Timo Sirainen/* Copyright (c) 2013-2016 Dovecot authors, see the included COPYING file */
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen { type, #name, offsetof(struct master_service_ssl_settings, name), NULL }
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainenmaster_service_ssl_settings_check(void *_set, pool_t pool, const char **error_r);
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainenstatic const struct setting_define master_service_ssl_setting_defines[] = {
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody DEF(SET_STR, ssl_options), /* parsed as a string to set bools */
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainenstatic const struct master_service_ssl_settings master_service_ssl_default_settings = {
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL",
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainenconst struct setting_parser_info master_service_ssl_setting_parser_info = {
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen .defines = master_service_ssl_setting_defines,
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen .defaults = &master_service_ssl_default_settings,
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen .struct_size = sizeof(struct master_service_ssl_settings),
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen .check_func = master_service_ssl_settings_check
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen/* <settings checks> */
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainenmaster_service_ssl_settings_check(void *_set, pool_t pool ATTR_UNUSED,
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen const char **error_r)
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen struct master_service_ssl_settings *set = _set;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen /* disabled */
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen *error_r = t_strdup_printf("SSL support not compiled in but ssl=%s",
b244040178025c901c47be4fef3fa3bbc4c1e75aTimo Sirainen /* we get called from many different tools, possibly with -O parameter,
b244040178025c901c47be4fef3fa3bbc4c1e75aTimo Sirainen and few of those tools care about SSL settings. so don't check
b244040178025c901c47be4fef3fa3bbc4c1e75aTimo Sirainen ssl_cert/ssl_key/etc validity here except in doveconf, because it
b244040178025c901c47be4fef3fa3bbc4c1e75aTimo Sirainen usually is just an extra annoyance. */
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen *error_r = "ssl enabled, but ssl_cert not set";
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen *error_r = "ssl enabled, but ssl_key not set";
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen if (set->ssl_verify_client_cert && *set->ssl_ca == '\0') {
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen *error_r = "ssl_verify_client_cert set, but ssl_ca not";
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody /* Now explode the ssl_options string into individual flags */
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody /* First set them all to defaults */
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody /* Then modify anything specified in the string */
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody const char **opts = t_strsplit_spaces(set->ssl_options, ", ");
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody const char *opt;
ea6bcfde34e4cced9b42f1b4f5140a47752cb0abTimo Sirainen } else if (strcasecmp(opt, "no_ticket") == 0) {
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody *error_r = t_strdup_printf("ssl_options: unknown flag: '%s'",
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen/* </settings checks> */
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainenmaster_service_ssl_settings_get(struct master_service *service)