504
504
static int login_proxy_ssl_handshaked(void *context)
506
506
struct login_proxy *proxy = context;
508
if ((proxy->ssl_flags & PROXY_SSL_FLAG_ANY_CERT) != 0 ||
509
ssl_proxy_has_valid_client_cert(proxy->ssl_server_proxy))
509
if ((proxy->ssl_flags & PROXY_SSL_FLAG_ANY_CERT) != 0)
512
if (!ssl_proxy_has_broken_client_cert(proxy->ssl_server_proxy)) {
512
if (ssl_proxy_has_broken_client_cert(proxy->ssl_server_proxy)) {
513
client_log_err(proxy->client, t_strdup_printf(
514
"proxy: Received invalid SSL certificate from %s:%u",
515
proxy->host, proxy->port));
516
} else if (!ssl_proxy_has_valid_client_cert(proxy->ssl_server_proxy)) {
513
517
client_log_err(proxy->client, t_strdup_printf(
514
518
"proxy: SSL certificate not received from %s:%u",
515
519
proxy->host, proxy->port));
520
} else if (net_addr2ip(proxy->host, &ip) == 0 ||
521
/* NOTE: allow IP address for backwards compatibility,
522
v2.1 no longer accepts it */
523
ssl_proxy_cert_match_name(proxy->ssl_server_proxy,
525
client_log_err(proxy->client, t_strdup_printf(
526
"proxy: hostname doesn't match SSL certificate at %s:%u",
527
proxy->host, proxy->port));
517
client_log_err(proxy->client, t_strdup_printf(
518
"proxy: Received invalid SSL certificate from %s:%u",
519
proxy->host, proxy->port));
521
531
proxy->disconnecting = TRUE;