remove redundant use_ssl variables

just use the presence of an SSL object as an indicator. if something
goes wrong during the ssl handshake or certificate validation, the
socket must be immediately closed anyway.
This commit is contained in:
Oswald Buddenhagen 2010-12-15 19:01:27 +01:00
parent fd229040d8
commit 4d4de6e275

View File

@ -98,7 +98,6 @@ typedef struct {
int fd; int fd;
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
SSL *ssl; SSL *ssl;
unsigned int use_ssl:1;
#endif #endif
} Socket_t; } Socket_t;
@ -355,7 +354,7 @@ socket_perror( const char *func, Socket_t *sock, int ret )
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
int err; int err;
if (sock->use_ssl) { if (sock->ssl) {
switch ((err = SSL_get_error( sock->ssl, ret ))) { switch ((err = SSL_get_error( sock->ssl, ret ))) {
case SSL_ERROR_SYSCALL: case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL: case SSL_ERROR_SSL:
@ -390,7 +389,7 @@ socket_read( Socket_t *sock, char *buf, int len )
assert( sock->fd >= 0 ); assert( sock->fd >= 0 );
n = n =
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
sock->use_ssl ? SSL_read( sock->ssl, buf, len ) : sock->ssl ? SSL_read( sock->ssl, buf, len ) :
#endif #endif
read( sock->fd, buf, len ); read( sock->fd, buf, len );
if (n <= 0) { if (n <= 0) {
@ -409,7 +408,7 @@ socket_write( Socket_t *sock, char *buf, int len )
assert( sock->fd >= 0 ); assert( sock->fd >= 0 );
n = n =
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
sock->use_ssl ? SSL_write( sock->ssl, buf, len ) : sock->ssl ? SSL_write( sock->ssl, buf, len ) :
#endif #endif
write( sock->fd, buf, len ); write( sock->fd, buf, len );
if (n != len) { if (n != len) {
@ -430,7 +429,7 @@ socket_pending( Socket_t *sock )
if (num > 0) if (num > 0)
return num; return num;
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
if (sock->use_ssl) if (sock->ssl)
return SSL_pending( sock->ssl ); return SSL_pending( sock->ssl );
#endif #endif
return 0; return 0;
@ -1212,7 +1211,6 @@ start_tls( imap_store_t *ctx )
if (verify_cert( ctx )) if (verify_cert( ctx ))
return 1; return 1;
ctx->buf.sock.use_ssl = 1;
info( "Connection is now encrypted\n" ); info( "Connection is now encrypted\n" );
return 0; return 0;
} }
@ -1300,9 +1298,6 @@ imap_open_store( store_conf_t *conf,
struct hostent *he; struct hostent *he;
struct sockaddr_in addr; struct sockaddr_in addr;
int s, a[2], preauth; int s, a[2], preauth;
#ifdef HAVE_LIBSSL
int use_ssl;
#endif
for (ctxp = &unowned; (ctx = (imap_store_t *)*ctxp); ctxp = &ctx->gen.next) for (ctxp = &unowned; (ctx = (imap_store_t *)*ctxp); ctxp = &ctx->gen.next)
if (((imap_store_conf_t *)ctx->gen.conf)->server == srvc) { if (((imap_store_conf_t *)ctx->gen.conf)->server == srvc) {
@ -1322,10 +1317,6 @@ imap_open_store( store_conf_t *conf,
ctx->in_progress_append = &ctx->in_progress; ctx->in_progress_append = &ctx->in_progress;
/* open connection to IMAP server */ /* open connection to IMAP server */
#ifdef HAVE_LIBSSL
use_ssl = 0;
#endif
if (srvc->tunnel) { if (srvc->tunnel) {
infon( "Starting tunnel '%s'... ", srvc->tunnel ); infon( "Starting tunnel '%s'... ", srvc->tunnel );
@ -1388,7 +1379,6 @@ imap_open_store( store_conf_t *conf,
if (srvc->use_imaps) { if (srvc->use_imaps) {
if (start_tls( ctx )) if (start_tls( ctx ))
goto ssl_bail; goto ssl_bail;
use_ssl = 1;
} }
#endif #endif
@ -1420,7 +1410,6 @@ imap_open_store( store_conf_t *conf,
goto bail; goto bail;
if (start_tls( ctx )) if (start_tls( ctx ))
goto ssl_bail; goto ssl_bail;
use_ssl = 1;
if (imap_exec( ctx, 0, "CAPABILITY" ) != RESP_OK) if (imap_exec( ctx, 0, "CAPABILITY" ) != RESP_OK)
goto bail; goto bail;
@ -1476,7 +1465,7 @@ imap_open_store( store_conf_t *conf,
goto bail; goto bail;
} }
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
if (!use_ssl) if (!ctx->buf.sock.ssl)
#endif #endif
warn( "*** IMAP Warning *** Password is being sent in the clear\n" ); warn( "*** IMAP Warning *** Password is being sent in the clear\n" );
if (imap_exec( ctx, 0, "LOGIN \"%s\" \"%s\"", srvc->user, srvc->pass ) != RESP_OK) { if (imap_exec( ctx, 0, "LOGIN \"%s\" \"%s\"", srvc->user, srvc->pass ) != RESP_OK) {