int cmd_starttls(struct client *client)
{
struct ostream *plain_output = client->output;
const char *error;
if (client->ssl_iostream != NULL) {
o_stream_nsend_str(client->output,
"443 5.5.1 TLS is already active.\r\n");
return 0;
}
if (master_service_ssl_init(master_service,
&client->input, &client->output,
&client->ssl_iostream, &error) < 0) {
i_error("TLS initialization failed: %s", error);
o_stream_nsend_str(client->output,
"454 4.7.0 Internal error, TLS not available.\r\n");
return 0;
}
o_stream_nsend_str(plain_output,
"220 2.0.0 Begin TLS negotiation now.\r\n");
if (ssl_iostream_handshake(client->ssl_iostream) < 0) {
client_destroy(client, NULL, NULL);
return -1;
}
return 0;
}
static int client_connection_init_ssl(struct client_connection *conn)
{
if (master_service_ssl_init(master_service,
&conn->input, &conn->output,
&conn->ssl_iostream) < 0)
return -1;
if (ssl_iostream_handshake(conn->ssl_iostream) < 0) {
i_error("SSL handshake failed: %s",
ssl_iostream_get_last_error(conn->ssl_iostream));
return -1;
}
return 0;
}