summary refs log tree commit diff stats
path: root/src/common
diff options
context:
space:
mode:
authorSoniEx2 <endermoneymod@gmail.com>2021-05-30 00:34:43 -0300
committerSoniEx2 <endermoneymod@gmail.com>2021-05-30 00:34:43 -0300
commitaa921ca2a04f674d81ca61d8a305ed35745df48a (patch)
tree4879550c767622dd134555adb0b624496cd10bfe /src/common
parente2cfba040e26927b94a4e311a0a61365a81a41b1 (diff)
Allow setting cert path for SASL EXTERNAL feature/flexible-cert
Diffstat (limited to 'src/common')
-rw-r--r--src/common/server.c32
1 files changed, 21 insertions, 11 deletions
diff --git a/src/common/server.c b/src/common/server.c
index 5c645eb5..7f6a003b 100644
--- a/src/common/server.c
+++ b/src/common/server.c
@@ -1582,23 +1582,33 @@ server_connect (server *serv, char *hostname, int port, int no_login)
 		char *cert_file;
 		serv->have_cert = FALSE;
 
-		/* first try network specific cert/key */
-		cert_file = g_strdup_printf ("%s" G_DIR_SEPARATOR_S "certs" G_DIR_SEPARATOR_S "%s.pem",
-					 get_xdir (), server_get_network (serv, TRUE));
-		if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
+		/* try user-supplied cert (only for SASL EXTERNAL) */
+		if (serv->password[0] && serv->loginmethod == LOGIN_SASLEXTERNAL &&
+			SSL_CTX_use_certificate_file (serv->ctx,
+			cert_file = g_strdup_printf ("%s", serv->password),
+			SSL_FILETYPE_PEM) == 1)
 		{
 			if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
 				serv->have_cert = TRUE;
 		}
 		else
+		/* try network specific cert/key */
+		if (SSL_CTX_use_certificate_file (serv->ctx,
+			cert_file = g_strdup_printf ("%s" G_DIR_SEPARATOR_S "certs" G_DIR_SEPARATOR_S "%s.pem",
+			 get_xdir (), server_get_network (serv, TRUE)),
+			SSL_FILETYPE_PEM) == 1)
 		{
-			/* if that doesn't exist, try <config>/certs/client.pem */
-			cert_file = g_build_filename (get_xdir (), "certs", "client.pem", NULL);
-			if (SSL_CTX_use_certificate_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
-			{
-				if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
-					serv->have_cert = TRUE;
-			}
+			if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
+				serv->have_cert = TRUE;
+		}
+		else
+		/* if that doesn't exist, try <config>/certs/client.pem */
+		if (SSL_CTX_use_certificate_file (serv->ctx,
+			cert_file = g_build_filename (get_xdir (), "certs", "client.pem", NULL),
+			SSL_FILETYPE_PEM) == 1)
+		{
+			if (SSL_CTX_use_PrivateKey_file (serv->ctx, cert_file, SSL_FILETYPE_PEM) == 1)
+				serv->have_cert = TRUE;
 		}
 		g_free (cert_file);
 	}