Lines 1314-1319
Link Here
|
1314 |
stralloc saciphers = {0}; |
1314 |
stralloc saciphers = {0}; |
1315 |
X509_STORE *store; |
1315 |
X509_STORE *store; |
1316 |
X509_LOOKUP *lookup; |
1316 |
X509_LOOKUP *lookup; |
|
|
1317 |
const char *servercert; |
1318 |
|
1319 |
/* if set, use servercert selected through SMTP_SERVERCERT env var */ |
1320 |
servercert = env_get("SMTP_SERVERCERT"); |
1321 |
if (!servercert) servercert = SERVERCERT; |
1317 |
|
1322 |
|
1318 |
SSL_library_init(); |
1323 |
SSL_library_init(); |
1319 |
|
1324 |
|
Lines 1321-1327
Link Here
|
1321 |
ctx = SSL_CTX_new(SSLv23_server_method()); |
1326 |
ctx = SSL_CTX_new(SSLv23_server_method()); |
1322 |
if (!ctx) { tls_err("unable to initialize ctx"); return; } |
1327 |
if (!ctx) { tls_err("unable to initialize ctx"); return; } |
1323 |
|
1328 |
|
1324 |
if (!SSL_CTX_use_certificate_chain_file(ctx, SERVERCERT)) |
1329 |
if (!SSL_CTX_use_certificate_chain_file(ctx, servercert)) |
1325 |
{ SSL_CTX_free(ctx); tls_err("missing certificate"); return; } |
1330 |
{ SSL_CTX_free(ctx); tls_err("missing certificate"); return; } |
1326 |
SSL_CTX_load_verify_locations(ctx, CLIENTCA, NULL); |
1331 |
SSL_CTX_load_verify_locations(ctx, CLIENTCA, NULL); |
1327 |
|
1332 |
|
Lines 1343-1349
Link Here
|
1343 |
if (!myssl) { tls_err("unable to initialize ssl"); return; } |
1348 |
if (!myssl) { tls_err("unable to initialize ssl"); return; } |
1344 |
|
1349 |
|
1345 |
/* this will also check whether public and private keys match */ |
1350 |
/* this will also check whether public and private keys match */ |
1346 |
if (!SSL_use_RSAPrivateKey_file(myssl, SERVERCERT, SSL_FILETYPE_PEM)) |
1351 |
if (!SSL_use_RSAPrivateKey_file(myssl, servercert, SSL_FILETYPE_PEM)) |
1347 |
{ SSL_free(myssl); tls_err("no valid RSA private key"); return; } |
1352 |
{ SSL_free(myssl); tls_err("no valid RSA private key"); return; } |
1348 |
|
1353 |
|
1349 |
ciphers = env_get("TLSCIPHERS"); |
1354 |
ciphers = env_get("TLSCIPHERS"); |