diff options
author | Carsten Rosenberg <c.rosenberg@heinlein-support.de> | 2021-11-01 18:23:55 +0100 |
---|---|---|
committer | Carsten Rosenberg <c.rosenberg@heinlein-support.de> | 2021-11-01 18:23:55 +0100 |
commit | 6b4f1cb5f7ba6380744915981492b89a12f350e4 (patch) | |
tree | e974bbdabca4737e54670a5882fa07d1a10a5222 | |
parent | 36bc47a45116d7abac3a2272af25965f69b89149 (diff) | |
download | rspamd-6b4f1cb5f7ba6380744915981492b89a12f350e4.tar.gz rspamd-6b4f1cb5f7ba6380744915981492b89a12f350e4.zip |
[Minor] lua_scanners - icap - add SSL support
-rw-r--r-- | lualib/lua_scanners/icap.lua | 46 |
1 files changed, 26 insertions, 20 deletions
diff --git a/lualib/lua_scanners/icap.lua b/lualib/lua_scanners/icap.lua index eb1b3d611..93570c82f 100644 --- a/lualib/lua_scanners/icap.lua +++ b/lualib/lua_scanners/icap.lua @@ -87,6 +87,8 @@ local function icap_config(opts) scan_image_mime = false, scheme = "scan", default_port = 1344, + ssl = false, + no_ssl_verify = false, timeout = 10.0, log_clean = false, retransmits = 2, @@ -150,6 +152,7 @@ local function icap_check(task, content, digest, rule, maybe_part) local retransmits = rule.retransmits local http_headers = {} local req_headers = {} + local tcp_options = {} -- Build extended User Agent if rule.user_agent == "extended" then @@ -202,16 +205,11 @@ local function icap_check(task, content, digest, rule, maybe_part) lua_util.debugm(rule.name, task, '%s: retry IP: %s:%s', rule.log_prefix, addr, addr:get_port()) - tcp.request({ - task = task, - host = addr:to_string(), - port = addr:get_port(), - timeout = rule.timeout, - stop_pattern = '\r\n', - data = options_request, - read = false, - callback = icap_callback, - }) + tcp_options.host = addr:to_string() + tcp_options.port = addr:get_port() + + tcp.request(tcp_options) + else rspamd_logger.errx(task, '%s: failed to scan, maximum retransmits '.. 'exceed - error: %s', rule.log_prefix, err_m or '') @@ -541,16 +539,24 @@ local function icap_check(task, content, digest, rule, maybe_part) end end - tcp.request({ - task = task, - host = addr:to_string(), - port = addr:get_port(), - timeout = rule.timeout, - stop_pattern = '\r\n', - data = options_request, - read = false, - callback = icap_callback, - }) + tcp_options.task = task + tcp_options.stop_pattern = '\r\n' + tcp_options.read = false + tcp_options.timeout = rule.timeout + tcp_options.callback = icap_callback + tcp_options.data = options_request + + if rule.ssl then + tcp_options.ssl = true + if rule.no_ssl_verify then + tcp_options.no_ssl_verify = true + end + end + + tcp_options.host = addr:to_string() + tcp_options.port = addr:get_port() + + tcp.request(tcp_options) end if common.condition_check_and_continue(task, content, rule, digest, |