git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Harmonised TLS library version reporting.
[exim.git]
/
src
/
src
/
tls-openssl.c
diff --git
a/src/src/tls-openssl.c
b/src/src/tls-openssl.c
index 02db7cd526675c62c97e5c20b49cffb4eba25279..e9628ba29a1e50488a836b20b9ab4d3e0da8fb08 100644
(file)
--- a/
src/src/tls-openssl.c
+++ b/
src/src/tls-openssl.c
@@
-1,4
+1,4
@@
-/* $Cambridge: exim/src/src/tls-openssl.c,v 1.2
5 2010/06/05 09:36:11 pdp
Exp $ */
+/* $Cambridge: exim/src/src/tls-openssl.c,v 1.2
8 2010/06/12 17:56:32 jetmore
Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
/*************************************************
* Exim - an Internet mail transport agent *
@@
-360,7
+360,7
@@
availability of the option value macros from OpenSSL. */
okay = tls_openssl_options_parse(openssl_options, &init_options);
if (!okay)
okay = tls_openssl_options_parse(openssl_options, &init_options);
if (!okay)
- return tls_error("openssl_options parsing failed", host, NULL);
+ return tls_error(
US
"openssl_options parsing failed", host, NULL);
if (init_options)
{
if (init_options)
{
@@
-438,7
+438,10
@@
static void
construct_cipher_name(SSL *ssl)
{
static uschar cipherbuf[256];
construct_cipher_name(SSL *ssl)
{
static uschar cipherbuf[256];
-SSL_CIPHER *c;
+/* With OpenSSL 1.0.0a, this needs to be const but the documentation doesn't
+yet reflect that. It should be a safe change anyway, even 0.9.8 versions have
+the accessor functions use const in the prototype. */
+const SSL_CIPHER *c;
uschar *ver;
int bits;
uschar *ver;
int bits;
@@
-460,7
+463,7
@@
switch (ssl->session->ssl_version)
ver = US"UNKNOWN";
}
ver = US"UNKNOWN";
}
-c = SSL_get_current_cipher(ssl);
+c =
(const SSL_CIPHER *)
SSL_get_current_cipher(ssl);
SSL_CIPHER_get_bits(c, &bits);
string_format(cipherbuf, sizeof(cipherbuf), "%s:%s:%u", ver,
SSL_CIPHER_get_bits(c, &bits);
string_format(cipherbuf, sizeof(cipherbuf), "%s:%s:%u", ver,
@@
-714,7
+717,7
@@
if (rc <= 0)
tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL);
if (ERR_get_error() == 0)
log_write(0, LOG_MAIN,
tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL);
if (ERR_get_error() == 0)
log_write(0, LOG_MAIN,
- "
=> client disconnected cleanly (rejected our certificate?)\n
");
+ "
TLS client disconnected cleanly (rejected our certificate?)
");
return FAIL;
}
return FAIL;
}
@@
-833,10
+836,16
@@
if (rc <= 0)
DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");
DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");
+/* Beware anonymous ciphers which lead to server_cert being NULL */
server_cert = SSL_get_peer_certificate (ssl);
server_cert = SSL_get_peer_certificate (ssl);
-tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
- CS txt, sizeof(txt));
-tls_peerdn = txt;
+if (server_cert)
+ {
+ tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
+ CS txt, sizeof(txt));
+ tls_peerdn = txt;
+ }
+else
+ tls_peerdn = NULL;
construct_cipher_name(ssl); /* Sets tls_cipher */
construct_cipher_name(ssl); /* Sets tls_cipher */
@@
-1072,8
+1081,10
@@
Returns: nothing
void
tls_version_report(FILE *f)
{
void
tls_version_report(FILE *f)
{
-fprintf(f, "OpenSSL compile-time version: %s\n", OPENSSL_VERSION_TEXT);
-fprintf(f, "OpenSSL runtime version: %s\n", SSLeay_version(SSLEAY_VERSION));
+fprintf(f, "Library version: OpenSSL: Compile: %s\n"
+ " Runtime: %s\n",
+ OPENSSL_VERSION_TEXT,
+ SSLeay_version(SSLEAY_VERSION));
}
}
@@
-1173,61
+1184,61
@@
This list is current as of:
static struct exim_openssl_option exim_openssl_options[] = {
/* KEEP SORTED ALPHABETICALLY! */
#ifdef SSL_OP_ALL
static struct exim_openssl_option exim_openssl_options[] = {
/* KEEP SORTED ALPHABETICALLY! */
#ifdef SSL_OP_ALL
- { "all", SSL_OP_ALL },
+ {
US
"all", SSL_OP_ALL },
#endif
#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
#endif
#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- { "allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION },
+ {
US
"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION },
#endif
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
#endif
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
- { "cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE },
+ {
US
"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE },
#endif
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
#endif
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
- { "dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS },
+ {
US
"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS },
#endif
#ifdef SSL_OP_EPHEMERAL_RSA
#endif
#ifdef SSL_OP_EPHEMERAL_RSA
- { "ephemeral_rsa", SSL_OP_EPHEMERAL_RSA },
+ {
US
"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA },
#endif
#ifdef SSL_OP_LEGACY_SERVER_CONNECT
#endif
#ifdef SSL_OP_LEGACY_SERVER_CONNECT
- { "legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT },
+ {
US
"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT },
#endif
#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
#endif
#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
- { "microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER },
+ {
US
"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER },
#endif
#ifdef SSL_OP_MICROSOFT_SESS_ID_BUG
#endif
#ifdef SSL_OP_MICROSOFT_SESS_ID_BUG
- { "microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG },
+ {
US
"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG },
#endif
#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
#endif
#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
- { "msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING },
+ {
US
"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING },
#endif
#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG
#endif
#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG
- { "netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG },
+ {
US
"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG },
#endif
#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
#endif
#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
- { "netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG },
+ {
US
"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG },
#endif
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
#endif
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
- { "no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION },
+ {
US
"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION },
#endif
#ifdef SSL_OP_SINGLE_DH_USE
#endif
#ifdef SSL_OP_SINGLE_DH_USE
- { "single_dh_use", SSL_OP_SINGLE_DH_USE },
+ {
US
"single_dh_use", SSL_OP_SINGLE_DH_USE },
#endif
#ifdef SSL_OP_SINGLE_ECDH_USE
#endif
#ifdef SSL_OP_SINGLE_ECDH_USE
- { "single_ecdh_use", SSL_OP_SINGLE_ECDH_USE },
+ {
US
"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE },
#endif
#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
#endif
#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
- { "ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG },
+ {
US
"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG },
#endif
#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
#endif
#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
- { "sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG },
+ {
US
"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG },
#endif
#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG
#endif
#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG
- { "tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG },
+ {
US
"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG },
#endif
#ifdef SSL_OP_TLS_D5_BUG
#endif
#ifdef SSL_OP_TLS_D5_BUG
- { "tls_d5_bug", SSL_OP_TLS_D5_BUG },
+ {
US
"tls_d5_bug", SSL_OP_TLS_D5_BUG },
#endif
#ifdef SSL_OP_TLS_ROLLBACK_BUG
#endif
#ifdef SSL_OP_TLS_ROLLBACK_BUG
- { "tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG },
+ {
US
"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG },
#endif
};
static int exim_openssl_options_size =
#endif
};
static int exim_openssl_options_size =