From 3948bb44ff30ebda9837480c42de7f0d384e4cb9 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Fri, 7 Mar 2008 13:16:58 +0000 Subject: Merge Daniel Richard G.'s --sslcommonname option. Exception from no-features policy on 6.3.X is made to keep people away from doing more dangerous things in order to get rid of CommonName mismatch warnings. svn path=/branches/BRANCH_6-3/; revision=5165 --- pop3.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'pop3.c') diff --git a/pop3.c b/pop3.c index 84dbc69c..561a4b59 100644 --- a/pop3.c +++ b/pop3.c @@ -307,7 +307,6 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) char *challenge; #endif /* OPIE_ENABLE */ #ifdef SSL_ENABLE - char *realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; flag connection_may_have_tls_errors = FALSE; flag got_tls = FALSE; #endif /* SSL_ENABLE */ @@ -476,6 +475,14 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) #ifdef SSL_ENABLE if (maybe_tls(ctl)) { + char *commonname; + + commonname = ctl->server.pollname; + if (ctl->server.via) + commonname = ctl->server.via; + if (ctl->sslcommonname) + commonname = ctl->sslcommonname; + if (has_stls) { /* Use "tls1" rather than ctl->sslproto because tls1 is the only @@ -484,7 +491,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) * (see below). */ if (gen_transact(sock, "STLS") == PS_SUCCESS && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck, - ctl->sslcertpath, ctl->sslfingerprint, realhost, + ctl->sslcertpath, ctl->sslfingerprint, commonname, ctl->server.pollname, &ctl->remotename) != -1) { /* @@ -508,7 +515,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) } if (outlevel >= O_VERBOSE) { - report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), realhost); + report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname); } } } @@ -517,7 +524,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) if (must_tls(ctl)) { /* Config required TLS but we couldn't guarantee it, so we must * stop. */ - report(stderr, GT_("%s: upgrade to TLS failed.\n"), realhost); + report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname); return PS_SOCKET; } else { /* We don't know whether the connection is usable, and there's @@ -528,7 +535,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) connection_may_have_tls_errors = TRUE; if (outlevel >= O_VERBOSE) { - report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue.\n"), realhost); + report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue.\n"), commonname); } } } -- cgit v1.2.3