Add explicit SSL_ca_file parameter to calls to create the SSL session.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@604 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
parent
a67b39e282
commit
0f5d720359
21
plugins/tls
21
plugins/tls
@ -8,7 +8,7 @@ tls - plugin to support STARTTLS
|
||||
|
||||
# in config/plugins
|
||||
|
||||
tls ssl/cert.pem ssl/privkey.pem
|
||||
tls ssl/cert.pem ssl/privkey.pem ssl/ca.pem
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
@ -19,26 +19,34 @@ Connection notes is set. If you wish to make TLS mandatory you should check
|
||||
that field and take appropriate action. Note that you can only do that from
|
||||
MAIL FROM onwards.
|
||||
|
||||
Use the script C<plugins/tls_cert> to automatically generate a self-signed
|
||||
certificate with the appropriate characteristics. Otherwise, you should
|
||||
give absolute pathnames to the certificate, key, and the CA root cert
|
||||
used to sign that certificate.
|
||||
|
||||
=cut
|
||||
|
||||
use IO::Socket::SSL;# qw(debug1 debug2 debug3 debug4);
|
||||
|
||||
sub init {
|
||||
my ($self, $qp, $cert, $key) = @_;
|
||||
my ($self, $qp, $cert, $key, $ca) = @_;
|
||||
$cert ||= 'ssl/qpsmtpd-server.crt';
|
||||
$key ||= 'ssl/qpsmtpd-server.key';
|
||||
unless ( -f $cert && -f $key ) {
|
||||
$ca ||= 'ssl/qpsmtpd-ca.crt';
|
||||
unless ( -f $cert && -f $key && -f $ca ) {
|
||||
$self->log(LOGERROR, "Cannot locate cert/key! Run plugins/tls_cert to generate");
|
||||
return;
|
||||
}
|
||||
$self->tls_cert($cert);
|
||||
$self->tls_key($key);
|
||||
$self->tls_ca($ca);
|
||||
|
||||
local $^W; # this bit is very noisy...
|
||||
my $ssl_ctx = IO::Socket::SSL::SSL_Context->new(
|
||||
SSL_use_cert => 1,
|
||||
SSL_cert_file => $self->tls_cert,
|
||||
SSL_key_file => $self->tls_key,
|
||||
SSL_ca_file => $self->tls_ca,
|
||||
SSL_cipher_list => 'HIGH',
|
||||
SSL_server => 1
|
||||
) or die "Could not create SSL context: $!";
|
||||
@ -91,6 +99,7 @@ sub hook_unrecognized_command {
|
||||
SSL_use_cert => 1,
|
||||
SSL_cert_file => $self->tls_cert,
|
||||
SSL_key_file => $self->tls_key,
|
||||
SSL_ca_file => $self->tls_ca,
|
||||
SSL_cipher_list => 'HIGH',
|
||||
SSL_server => 1,
|
||||
SSL_reuse_ctx => $self->ssl_context,
|
||||
@ -130,6 +139,12 @@ sub tls_key {
|
||||
$self->{_tls_key};
|
||||
}
|
||||
|
||||
sub tls_ca {
|
||||
my $self = shift;
|
||||
@_ and $self->{_tls_ca} = shift;
|
||||
$self->{_tls_ca};
|
||||
}
|
||||
|
||||
sub ssl_context {
|
||||
my $self = shift;
|
||||
@_ and $self->{_ssl_ctx} = shift;
|
||||
|
Loading…
Reference in New Issue
Block a user