in main.c the logic for for SSL CA init is incorrect:
--- squirrelmail-imap_proxy-1.2.7/src/main.c.sslinit 2010-07-26
01:21:19.000000000 -0600
+++ squirrelmail-imap_proxy-1.2.7/src/main.c 2011-12-30
20:25:31.495721931 -0700
@@ -490,10 +490,10 @@ int main( int argc, char *argv[] )
/* Work around all known bugs */
SSL_CTX_set_options( tls_ctx, SSL_OP_ALL );
- if ( ! SSL_CTX_load_verify_locations( tls_ctx,
+ if ( ! ( SSL_CTX_load_verify_locations( tls_ctx,
PC_Struct.tls_ca_file,
PC_Struct.tls_ca_path
) ||
- ! SSL_CTX_set_default_verify_paths( tls_ctx ) )
+ SSL_CTX_set_default_verify_paths( tls_ctx ) ) )
{
syslog(LOG_ERR, "%s: Failed to load CA data.
Exiting.", fn);
exit( 1 );
If SSL_CTX_load_verify_locations fails (returns 0) you want to try
SSL_CTX_set_default_verify_paths. Then if both fail you want to error
out. In the current code, if no tls_ca_file or tls_ca_path is specified
it never calls SSL_CTX_set_default because one half of the or succeeded.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane or...@cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
-----
squirrelmail-imapproxy mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-imapproxy@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.imapproxy
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-imapproxy
