auth: Use master service ssl settings for http client in policy checks

dovecot · Nov 14, 2018 · 1920d7f · 1920d7f
1 parent 5e7b0e2
commit 1920d7f
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 6 deletions.
diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c
@@ -11,6 +11,8 @@
 #include "http-url.h"
 #include "http-client.h"
 #include "json-parser.h"
+#include "master-service.h"
+#include "master-service-ssl-settings.h"
 #include "auth-request.h"
 #include "auth-penalty.h"
 #include "auth-settings.h"
@@ -157,18 +159,18 @@ void auth_policy_open_and_close_to_key(const char *fromkey, const char *tokey, s
 
 void auth_policy_init(void)
 {
+	const struct master_service_ssl_settings *master_ssl_set =
+		master_service_ssl_settings_get(master_service);
 	struct ssl_iostream_settings ssl_set;
 	i_zero(&ssl_set);
 
 	http_client_set.request_absolute_timeout_msecs = global_auth_settings->policy_server_timeout_msecs;
 	if (global_auth_settings->debug)
 		http_client_set.debug = 1;
-	ssl_set.ca_dir = global_auth_settings->ssl_client_ca_dir;
-	ssl_set.ca_file = global_auth_settings->ssl_client_ca_file;
-	if (*ssl_set.ca_dir == '\0' &&
-	    *ssl_set.ca_file == '\0')
-		ssl_set.allow_invalid_cert = TRUE;
 
+	master_service_ssl_settings_to_iostream_set(master_ssl_set, pool_datastack_create(),
+						    MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
+						    &ssl_set);
 	http_client_set.ssl = &ssl_set;
 	http_client = http_client_init(&http_client_set);
 

diff --git a/src/auth/main.c b/src/auth/main.c
@@ -373,8 +373,11 @@ static void auth_die(void)
 int main(int argc, char *argv[])
 {
 	int c;
+	enum master_service_flags service_flags =
+		MASTER_SERVICE_FLAG_USE_SSL_SETTINGS |
+		MASTER_SERVICE_FLAG_NO_SSL_INIT;
 
-	master_service = master_service_init("auth", 0, &argc, &argv, "w");
+	master_service = master_service_init("auth", service_flags, &argc, &argv, "w");
 	master_service_init_log(master_service, "auth: ");
 
 	while ((c = master_getopt(master_service)) > 0) {