[Minor] Allow to require encryption when checking messages

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2018-11-20 16:15:05 +0000
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2018-11-20 20:45:22 +0000
commit: 33046bee3cd67f531e38ffb34ba93b8f0d5e4610 (patch)
tree: 979d280ebe32286a2ab31e6307e4761553b2d204 /src/libutil/http.c
parent: 53b7abaeab29e89d9631a8d8dedab85f0b5ad55c (diff)
download: rspamd-33046bee3cd67f531e38ffb34ba93b8f0d5e4610.tar.gz
rspamd-33046bee3cd67f531e38ffb34ba93b8f0d5e4610.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/libutil/http.c b/src/libutil/http.c
index 189d34b90..bc4fc5283 100644
--- a/src/libutil/http.c
+++ b/src/libutil/http.c
@@ -432,7 +432,7 @@ rspamd_http_parse_key (rspamd_ftok_t *data, struct rspamd_http_connection *conn,
 
 	if (priv->local_key == NULL) {
 		/* In this case we cannot do anything, e.g. we cannot decrypt payload */
-		priv->flags |= RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;
+		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;
 	}
 	else {
 		/* Check sanity of what we have */
@@ -914,6 +914,11 @@ rspamd_http_on_message_complete (http_parser * parser)
 
 	priv = conn->priv;
 
+	if ((conn->opts & RSPAMD_HTTP_REQUIRE_ENCRYPTION) && !IS_CONN_ENCRYPTED (priv)) {
+		msg_err ("unencrypted connection when encryption has been requested");
+		return -1;
+	}
+
 	if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) == 0 && IS_CONN_ENCRYPTED (priv)) {
 		mode = rspamd_keypair_alg (priv->local_key);
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2018-11-20 16:15:05 +0000
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2018-11-20 20:45:22 +0000
commit	33046bee3cd67f531e38ffb34ba93b8f0d5e4610 (patch)
tree	979d280ebe32286a2ab31e6307e4761553b2d204 /src/libutil/http.c
parent	53b7abaeab29e89d9631a8d8dedab85f0b5ad55c (diff)
download	rspamd-33046bee3cd67f531e38ffb34ba93b8f0d5e4610.tar.gz rspamd-33046bee3cd67f531e38ffb34ba93b8f0d5e4610.zip