[Minor] Allow to require encryption when checking messages

src/libutil/http.c

@@ -432,7 +432,7 @@ rspamd_http_parse_key (rspamd_ftok_t *data, struct rspamd_http_connection *conn,
 
 	if (priv->local_key == NULL) {
 		/* In this case we cannot do anything, e.g. we cannot decrypt payload */
-		priv->flags |= RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;
+		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;
 	}
 	else {
 		/* Check sanity of what we have */
@@ -914,6 +914,11 @@ rspamd_http_on_message_complete (http_parser * parser)
 
 	priv = conn->priv;
 
+	if ((conn->opts & RSPAMD_HTTP_REQUIRE_ENCRYPTION) && !IS_CONN_ENCRYPTED (priv)) {
+		msg_err ("unencrypted connection when encryption has been requested");
+		return -1;
+	}
+
 	if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) == 0 && IS_CONN_ENCRYPTED (priv)) {
 		mode = rspamd_keypair_alg (priv->local_key);
 

src/libutil/http.h

@@ -76,9 +76,10 @@ struct rspamd_storage_shmem {
  */
 enum rspamd_http_options {
 	RSPAMD_HTTP_BODY_PARTIAL = 0x1, /**< Call body handler on all body data portions *///!< RSPAMD_HTTP_BODY_PARTIAL
-	RSPAMD_HTTP_CLIENT_SIMPLE = 0x2, /**< Read HTTP client reply automatically */      //!< RSPAMD_HTTP_CLIENT_SIMPLE
-	RSPAMD_HTTP_CLIENT_ENCRYPTED = 0x4, /**< Encrypt data for client */                //!< RSPAMD_HTTP_CLIENT_ENCRYPTED
-	RSPAMD_HTTP_CLIENT_SHARED = 0x8, /**< Store reply in shared memory */              //!< RSPAMD_HTTP_CLIENT_SHARED
+	RSPAMD_HTTP_CLIENT_SIMPLE = 0x1u << 1, /**< Read HTTP client reply automatically */      //!< RSPAMD_HTTP_CLIENT_SIMPLE
+	RSPAMD_HTTP_CLIENT_ENCRYPTED = 0x1u << 2, /**< Encrypt data for client */                //!< RSPAMD_HTTP_CLIENT_ENCRYPTED
+	RSPAMD_HTTP_CLIENT_SHARED = 0x1u << 3, /**< Store reply in shared memory */              //!< RSPAMD_HTTP_CLIENT_SHARED
+	RSPAMD_HTTP_REQUIRE_ENCRYPTION = 0x1u << 4
 };
 
 typedef int (*rspamd_http_body_handler_t) (struct rspamd_http_connection *conn,