auth-policy: Enable SSL connections

dovecot · Jan 10, 2017 · 135600f · 135600f
1 parent 81fdd61
commit 135600f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/src/auth/Makefile.am b/src/auth/Makefile.am
@@ -59,6 +59,8 @@ auth_libs = \
 	$(LIBDOVECOT_SQL)
 
 auth_LDADD = $(auth_libs) $(LIBDOVECOT) $(AUTH_LIBS)
+auth_CPPFLAGS = $(AM_CPPFLAGS) \
+	-I$(top_srcdir)/src/lib-ssl-iostream
 auth_DEPENDENCIES = $(auth_libs) $(LIBDOVECOT_DEPS)
 
 ldap_sources = db-ldap.c passdb-ldap.c userdb-ldap.c

diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c
@@ -15,6 +15,7 @@
 #include "auth-penalty.h"
 #include "auth-settings.h"
 #include "auth-policy.h"
+#include "iostream-ssl.h"
 
 #define AUTH_POLICY_DNS_SOCKET_PATH "dns-client"
 
@@ -159,6 +160,12 @@ void auth_policy_init(void)
 	http_client_set.request_absolute_timeout_msecs = global_auth_settings->policy_server_timeout_msecs;
 	if (global_auth_settings->debug)
 		http_client_set.debug = 1;
+	http_client_set.ssl_ca_dir = global_auth_settings->ssl_client_ca_dir;
+	http_client_set.ssl_ca_file = global_auth_settings->ssl_client_ca_file;
+	if (*http_client_set.ssl_ca_dir == '\0' &&
+	    *http_client_set.ssl_ca_file == '\0')
+		http_client_set.ssl_allow_invalid_cert = TRUE;
+
 	http_client = http_client_init(&http_client_set);
 
 	/* prepare template */