diff options
| author | manuel <manuel@mausz.at> | 2013-02-05 19:15:16 +0100 |
|---|---|---|
| committer | manuel <manuel@mausz.at> | 2013-02-05 19:15:16 +0100 |
| commit | 5aa01e959e8dd979ac44d7267c9fa0738b5cc2be (patch) | |
| tree | 919f57526f76d618e3cd616e73fed4e3f26900ab | |
| parent | 12d58429622d8afad8e96df57b0a3dd4bd2f8959 (diff) | |
| download | qmail-5aa01e959e8dd979ac44d7267c9fa0738b5cc2be.tar.gz qmail-5aa01e959e8dd979ac44d7267c9fa0738b5cc2be.tar.bz2 qmail-5aa01e959e8dd979ac44d7267c9fa0738b5cc2be.zip | |
[PATCH] qmail-1.03-env-servercert
| -rw-r--r-- | qmail-smtpd.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index eebba2e..e1bde44 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c | |||
| @@ -1200,6 +1200,11 @@ void tls_init() | |||
| 1200 | stralloc saciphers = {0}; | 1200 | stralloc saciphers = {0}; |
| 1201 | X509_STORE *store; | 1201 | X509_STORE *store; |
| 1202 | X509_LOOKUP *lookup; | 1202 | X509_LOOKUP *lookup; |
| 1203 | const char *servercert; | ||
| 1204 | |||
| 1205 | /* if set, use servercert selected through SMTP_SERVERCERT env var */ | ||
| 1206 | servercert = env_get("SMTP_SERVERCERT"); | ||
| 1207 | if (!servercert) servercert = SERVERCERT; | ||
| 1203 | 1208 | ||
| 1204 | SSL_library_init(); | 1209 | SSL_library_init(); |
| 1205 | 1210 | ||
| @@ -1207,7 +1212,7 @@ void tls_init() | |||
| 1207 | ctx = SSL_CTX_new(SSLv23_server_method()); | 1212 | ctx = SSL_CTX_new(SSLv23_server_method()); |
| 1208 | if (!ctx) { tls_err("unable to initialize ctx"); return; } | 1213 | if (!ctx) { tls_err("unable to initialize ctx"); return; } |
| 1209 | 1214 | ||
| 1210 | if (!SSL_CTX_use_certificate_chain_file(ctx, SERVERCERT)) | 1215 | if (!SSL_CTX_use_certificate_chain_file(ctx, servercert)) |
| 1211 | { SSL_CTX_free(ctx); tls_err("missing certificate"); return; } | 1216 | { SSL_CTX_free(ctx); tls_err("missing certificate"); return; } |
| 1212 | SSL_CTX_load_verify_locations(ctx, CLIENTCA, NULL); | 1217 | SSL_CTX_load_verify_locations(ctx, CLIENTCA, NULL); |
| 1213 | 1218 | ||
| @@ -1229,7 +1234,7 @@ void tls_init() | |||
| 1229 | if (!myssl) { tls_err("unable to initialize ssl"); return; } | 1234 | if (!myssl) { tls_err("unable to initialize ssl"); return; } |
| 1230 | 1235 | ||
| 1231 | /* this will also check whether public and private keys match */ | 1236 | /* this will also check whether public and private keys match */ |
| 1232 | if (!SSL_use_RSAPrivateKey_file(myssl, SERVERCERT, SSL_FILETYPE_PEM)) | 1237 | if (!SSL_use_RSAPrivateKey_file(myssl, servercert, SSL_FILETYPE_PEM)) |
| 1233 | { SSL_free(myssl); tls_err("no valid RSA private key"); return; } | 1238 | { SSL_free(myssl); tls_err("no valid RSA private key"); return; } |
| 1234 | 1239 | ||
| 1235 | ciphers = env_get("TLSCIPHERS"); | 1240 | ciphers = env_get("TLSCIPHERS"); |