Re: TLS client certificates and auth external

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: TLS client certificates and auth external

Wietse Venema
Bastian Schmidt:
> Shall I remove the check again? After all, it's just a simple if and
> won't hurt. In case later someone makes initialization conditional it
> would prevent the segfault.

Removing this initialization would be a bad idea. The way the
code works is that all table variables are initialized, so that
the consumers of those tables do not have to worry about it.

        Wietse

>
> On 17.01.19 20:46, Wietse Venema wrote:
> > Bastian Schmidt:
> >> No, it would not segfault (permit_tls_clientcerts does not do any check
> >> as well.).
> > I see, because the relay_ccerts initialization is unconditional:
> >
> >      relay_ccerts = maps_create(VAR_RELAY_CCERTS, var_smtpd_relay_ccerts,
> >       DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
> >
> > Therefore it is safe to acces the information.
> >
> >> However, I like the idea and added some checks to improve the patch.
> > In this specific case there is no need to validate relay_ccerts.
> >
> > Wietse
> >
> >> Also, I was finally able to get dovecot installed for testing and have
> >> fixed some issues for dovecot-sasl.
> >>
> >> Bastian
> >>
> >>
> >> On 16.01.19 01:08, Wietse Venema wrote:
> >>> Will this code segfault if relay_clientcerts is not specified? You
> >>> may want to add some checks that information exists before using it.
> >>>
> >>> Wietse
> >>
> > [ Attachment, skipping... ]
>
>
>