[Minor] Allow to require encryption when checking messages

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2018-11-20 16:15:05 +0000
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2018-11-20 20:45:22 +0000
commit: 33046bee3cd67f531e38ffb34ba93b8f0d5e4610 (patch)
tree: 979d280ebe32286a2ab31e6307e4761553b2d204
parent: 53b7abaeab29e89d9631a8d8dedab85f0b5ad55c (diff)
download: rspamd-33046bee3cd67f531e38ffb34ba93b8f0d5e4610.tar.gz
rspamd-33046bee3cd67f531e38ffb34ba93b8f0d5e4610.zip
2 files changed, 10 insertions, 4 deletions
diff --git a/src/libutil/http.c b/src/libutil/http.c
index 189d34b90..bc4fc5283 100644
--- a/src/libutil/http.c
+++ b/src/libutil/http.c
@@ -432,7 +432,7 @@ rspamd_http_parse_key (rspamd_ftok_t *data, struct rspamd_http_connection *conn,
 
 	if (priv->local_key == NULL) {
 		/* In this case we cannot do anything, e.g. we cannot decrypt payload */
-		priv->flags |= RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;
+		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;
 	}
 	else {
 		/* Check sanity of what we have */
@@ -914,6 +914,11 @@ rspamd_http_on_message_complete (http_parser * parser)
 
 	priv = conn->priv;
 
+	if ((conn->opts & RSPAMD_HTTP_REQUIRE_ENCRYPTION) && !IS_CONN_ENCRYPTED (priv)) {
+		msg_err ("unencrypted connection when encryption has been requested");
+		return -1;
+	}
+
 	if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) == 0 && IS_CONN_ENCRYPTED (priv)) {
 		mode = rspamd_keypair_alg (priv->local_key);
 
diff --git a/src/libutil/http.h b/src/libutil/http.h
index c271caaa4..df6f99756 100644
--- a/src/libutil/http.h
+++ b/src/libutil/http.h
@@ -76,9 +76,10 @@ struct rspamd_storage_shmem {
  */
 enum rspamd_http_options {
 	RSPAMD_HTTP_BODY_PARTIAL = 0x1, /**< Call body handler on all body data portions *///!< RSPAMD_HTTP_BODY_PARTIAL
-	RSPAMD_HTTP_CLIENT_SIMPLE = 0x2, /**< Read HTTP client reply automatically */      //!< RSPAMD_HTTP_CLIENT_SIMPLE
-	RSPAMD_HTTP_CLIENT_ENCRYPTED = 0x4, /**< Encrypt data for client */                //!< RSPAMD_HTTP_CLIENT_ENCRYPTED
-	RSPAMD_HTTP_CLIENT_SHARED = 0x8, /**< Store reply in shared memory */              //!< RSPAMD_HTTP_CLIENT_SHARED
+	RSPAMD_HTTP_CLIENT_SIMPLE = 0x1u << 1, /**< Read HTTP client reply automatically */      //!< RSPAMD_HTTP_CLIENT_SIMPLE
+	RSPAMD_HTTP_CLIENT_ENCRYPTED = 0x1u << 2, /**< Encrypt data for client */                //!< RSPAMD_HTTP_CLIENT_ENCRYPTED
+	RSPAMD_HTTP_CLIENT_SHARED = 0x1u << 3, /**< Store reply in shared memory */              //!< RSPAMD_HTTP_CLIENT_SHARED
+	RSPAMD_HTTP_REQUIRE_ENCRYPTION = 0x1u << 4
 };
 
 typedef int (*rspamd_http_body_handler_t) (struct rspamd_http_connection *conn,
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2018-11-20 16:15:05 +0000
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2018-11-20 20:45:22 +0000
commit	33046bee3cd67f531e38ffb34ba93b8f0d5e4610 (patch)
tree	979d280ebe32286a2ab31e6307e4761553b2d204
parent	53b7abaeab29e89d9631a8d8dedab85f0b5ad55c (diff)
download	rspamd-33046bee3cd67f531e38ffb34ba93b8f0d5e4610.tar.gz rspamd-33046bee3cd67f531e38ffb34ba93b8f0d5e4610.zip