From: Vsevolod Stakhov Date: Thu, 19 Jul 2018 12:03:11 +0000 (+0100) Subject: [Feature] Disable all SSL checks if ssl_no_verify flag is set X-Git-Tag: 1.7.9~82 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=ac8bf6185abbc1f1fd9a4a9b6a2b9258cb7ac596;p=rspamd.git [Feature] Disable all SSL checks if ssl_no_verify flag is set --- diff --git a/src/libutil/util.c b/src/libutil/util.c index 4616bedc0..93f449791 100644 --- a/src/libutil/util.c +++ b/src/libutil/util.c @@ -2094,6 +2094,9 @@ rspamd_init_libs (void) #endif SSL_CTX_set_options (ctx->ssl_ctx, ssl_options); + ctx->ssl_ctx_noverify = SSL_CTX_new (SSLv23_method ()); + SSL_CTX_set_verify (ctx->ssl_ctx_noverify, SSL_VERIFY_NONE, NULL); + SSL_CTX_set_options (ctx->ssl_ctx_noverify, ssl_options); #endif rspamd_random_seed_fast (); @@ -2308,6 +2311,7 @@ rspamd_deinit_libs (struct rspamd_external_libs_ctx *ctx) EVP_cleanup (); ERR_free_strings (); SSL_CTX_free (ctx->ssl_ctx); + SSL_CTX_free (ctx->ssl_ctx_noverify); #endif rspamd_inet_library_destroy (); rspamd_free_zstd_dictionary (ctx->in_dict); diff --git a/src/lua/lua_http.c b/src/lua/lua_http.c index da4cad890..87244dd55 100644 --- a/src/lua/lua_http.c +++ b/src/lua/lua_http.c @@ -248,7 +248,8 @@ lua_http_make_connection (struct lua_http_cbdata *cbd) RSPAMD_HTTP_CLIENT_SIMPLE, RSPAMD_HTTP_CLIENT, NULL, - cbd->cfg->libs_ctx->ssl_ctx); + (cbd->flags & RSPAMD_LUA_HTTP_FLAG_NOVERIFY) ? + cbd->cfg->libs_ctx->ssl_ctx_noverify : cbd->cfg->libs_ctx->ssl_ctx); } else { cbd->conn = rspamd_http_connection_new (NULL, diff --git a/src/rspamd.h b/src/rspamd.h index 266571290..a993238a9 100644 --- a/src/rspamd.h +++ b/src/rspamd.h @@ -323,6 +323,7 @@ struct rspamd_external_libs_ctx { struct rspamd_cryptobox_library_ctx *crypto_ctx; struct ottery_config *ottery_cfg; SSL_CTX *ssl_ctx; + SSL_CTX *ssl_ctx_noverify; struct zstd_dictionary *in_dict; struct zstd_dictionary *out_dict; void *out_zstream;