*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2019 */
+/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
/* Portions Copyright (c) The OpenSSL Project 1999 */
# define DISABLE_OCSP
#endif
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
# if OPENSSL_VERSION_NUMBER < 0x0101010L
# error OpenSSL version too old for session-resumption
# endif
to apply.
This list is current as of:
- ==> 1.0.1b <==
-Plus SSL_OP_SAFARI_ECDHE_ECDSA_BUG from 2013-June patch/discussion on openssl-dev
-Plus SSL_OP_NO_TLSv1_3 for 1.1.2-dev
-Plus SSL_OP_NO_RENEGOTIATION for 1.1.1
+ ==> 1.1.1c <==
XXX could we autobuild this list, as with predefined-macros?
-Seems just parsing ssl.h for SSL_OP_.* would be enough.
+Seems just parsing ssl.h for SSL_OP_.* would be enough (except to exclude DTLS).
Also allow a numeric literal?
*/
static exim_openssl_option exim_openssl_options[] = {
#ifdef SSL_OP_ALL
{ US"all", (long) SSL_OP_ALL },
#endif
+#ifdef SSL_OP_ALLOW_NO_DHE_KEX
+ { US"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX },
+#endif
#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
{ US"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION },
#endif
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
{ US"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE },
#endif
+#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG
+ { US"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG },
+#endif
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
{ US"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS },
#endif
+#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+ { US"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT },
+#endif
#ifdef SSL_OP_EPHEMERAL_RSA
{ US"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA },
#endif
#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
{ US"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG },
#endif
+#ifdef SSL_OP_NO_ANTI_REPLAY
+ { US"no_anti_replay", SSL_OP_NO_ANTI_REPLAY },
+#endif
#ifdef SSL_OP_NO_COMPRESSION
{ US"no_compression", SSL_OP_NO_COMPRESSION },
#endif
+#ifdef SSL_OP_NO_ENCRYPT_THEN_MAC
+ { US"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC },
+#endif
#ifdef SSL_OP_NO_RENEGOTIATION
{ US"no_renegotiation", SSL_OP_NO_RENEGOTIATION },
#endif
#ifdef SSL_OP_NO_TLSv1_3
{ US"no_tlsv1_3", SSL_OP_NO_TLSv1_3 },
#endif
+#ifdef SSL_OP_PRIORITIZE_CHACHA
+ { US"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA },
+#endif
#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG
{ US"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG },
#endif
#ifdef SSL_OP_TLS_ROLLBACK_BUG
{ US"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG },
#endif
+#ifdef SSL_OP_TLSEXT_PADDING
+ { US"tlsext_padding", SSL_OP_TLSEXT_PADDING },
+#endif
};
#ifndef MACRO_PREDEF
builtin_macro_create(buf);
}
-# ifdef EXPERIMENTAL_TLS_RESUME
+# ifndef DISABLE_TLS_RESUME
builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );
# endif
# ifdef SSL_OP_NO_TLSv1_3
} ocsp_resplist;
typedef struct tls_ext_ctx_cb {
- tls_support * tlsp;
- uschar *certificate;
- uschar *privatekey;
- BOOL is_server;
+ tls_support * tlsp;
+ uschar * certificate;
+ uschar * privatekey;
+ BOOL is_server;
#ifndef DISABLE_OCSP
STACK_OF(X509) *verify_stack; /* chain for verifying the proof */
union {
} client;
} u_ocsp;
#endif
- uschar *dhparam;
+ uschar * dhparam;
/* these are cached from first expand */
- uschar *server_cipher_list;
+ uschar * server_cipher_list;
/* only passed down to tls_error: */
- host_item *host;
+ host_item * host;
const uschar * verify_cert_hostnames;
#ifndef DISABLE_EVENT
- uschar * event_action;
+ uschar * event_action;
#endif
} tls_ext_ctx_cb;
/* Daemon-called, before every connection, key create/rotate */
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
static void tk_init(void);
static int tls_exdata_idx = -1;
#endif
void
tls_daemon_init(void)
{
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
tk_init();
#endif
return;
BIGNUM *bn = BN_new();
#endif
-export = export; /* Shut picky compilers up */
DEBUG(D_tls) debug_printf("Generating %d bit RSA key...\n", keylength);
#ifdef EXIM_HAVE_RSA_GENKEY_EX
#endif
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
/* Manage the keysets used for encrypting the session tickets, on the server. */
typedef struct { /* Session ticket encryption key */
if (!tls_openssl_options_parse(openssl_options, &init_options))
return tls_error(US"openssl_options parsing failed", host, NULL, errstr);
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
tlsp->resumption = RESUME_SUPPORTED;
#endif
if (init_options)
{
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
/* Should the server offer session resumption? */
if (!host && verify_check_host(&tls_resumption_hosts) == OK)
{
#endif
}
- /* If a certificate file is empty, the next function fails with an
+ /* If a certificate file is empty, the load function fails with an
unhelpful error message. If we skip it, we get the correct behaviour (no
certificates are recognized, but the error message is still misleading (it
says no certificate was supplied). But this is better. */
&& !SSL_CTX_load_verify_locations(sctx, CS file, CS dir))
return tls_error(US"SSL_CTX_load_verify_locations", host, NULL, errstr);
- /* Load the list of CAs for which we will accept certs, for sending
- to the client. This is only for the one-file tls_verify_certificates
- variant.
+ /* On the server load the list of CAs for which we will accept certs, for
+ sending to the client. This is only for the one-file
+ tls_verify_certificates variant.
If a list isn't loaded into the server, but some verify locations are set,
the server end appears to make a wildcard request for client certs.
Meanwhile, the client library as default behaviour *ignores* the list
{
STACK_OF(X509_NAME) * names = SSL_load_client_CA_file(CS file);
- SSL_CTX_set_client_CA_list(sctx, names);
+ if (!host) SSL_CTX_set_client_CA_list(sctx, names);
DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n",
sk_X509_NAME_num(names));
}
server_verify_optional = TRUE;
}
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, ticket_key_callback);
/* despite working, appears to always return failure, so ignoring */
#endif
#ifdef OPENSSL_HAVE_NUM_TICKETS
-# ifdef EXPERIMENTAL_TLS_RESUME
+# ifndef DISABLE_TLS_RESUME
SSL_CTX_set_num_tickets(server_ctx, tls_in.host_resumable ? 1 : 0);
# else
SSL_CTX_set_num_tickets(server_ctx, 0); /* send no TLS1.3 stateful-tickets */
DEBUG(D_tls) debug_printf("Calling SSL_accept\n");
+ERR_clear_error();
sigalrm_seen = FALSE;
if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout);
rc = SSL_accept(server_ssl);
case SSL_ERROR_SSL:
{
uschar * s = US"SSL_accept";
- unsigned long e = ERR_peek_error();
- if (ERR_GET_REASON(e) == SSL_R_WRONG_VERSION_NUMBER)
+ int r = ERR_GET_REASON(ERR_peek_error());
+ if ( r == SSL_R_WRONG_VERSION_NUMBER
+#ifdef SSL_R_VERSION_TOO_LOW
+ || r == SSL_R_VERSION_TOO_LOW
+#endif
+ || r == SSL_R_UNKNOWN_PROTOCOL || r == SSL_R_UNSUPPORTED_PROTOCOL)
s = string_sprintf("%s (%s)", s, SSL_get_version(server_ssl));
(void) tls_error(s, NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
return FAIL;
}
DEBUG(D_tls) debug_printf(" - syscall %s\n", strerror(errno));
}
- (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
+ (void) tls_error(US"SSL_accept", NULL,
+ sigalrm_seen ? US"timed out"
+ : ERR_peek_error() ? NULL : string_sprintf("ret %d", error),
+ errstr);
return FAIL;
}
}
ERR_clear_error(); /* Even success can leave errors in the stack. Seen with
anon-authentication ciphersuite negotiated. */
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
if (SSL_session_reused(server_ssl))
{
tls_in.resumption |= RESUME_USED;
uschar c, * s;
size_t len = SSL_get_peer_finished(server_ssl, &c, 0);
int old_pool = store_pool;
-
+
SSL_get_peer_finished(server_ssl, s = store_get((int)len, FALSE), len);
store_pool = POOL_PERM;
tls_in.channelbinding = b64encode_taint(CUS s, (int)len, FALSE);
{
cbinfo->verify_cert_hostnames =
#ifdef SUPPORT_I18N
- string_domain_utf8_to_alabel(host->name, NULL);
+ string_domain_utf8_to_alabel(host->certname, NULL);
#else
- host->name;
+ host->certname;
#endif
DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
cbinfo->verify_cert_hostnames);
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
/* On the client, get any stashed session for the given IP from hints db
and apply it to the ssl-connection for attempted resumption. */
tlsp->resumption |= RESUME_CLIENT_REQUESTED;
DEBUG(D_tls) debug_printf("checking for resumable session for %s\n", key);
- if ((dbm_file = dbfn_open(US"tls", O_RDONLY, &dbblock, FALSE, FALSE)))
+ if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))
{
/* key for the db is the IP */
if ((dt = dbfn_read_with_length(dbm_file, key, &len)))
tlsp->resumption |= RESUME_USED;
}
}
-#endif /* EXPERIMENTAL_TLS_RESUME */
+#endif /* !DISABLE_TLS_RESUME */
/*************************************************
client_static_cbinfo, errstr) != OK)
return FALSE;
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
tls_client_ctx_resume_prehandshake(exim_client_ctx, tlsp, ob, host);
#endif
}
#endif
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
if (!tls_client_ssl_resume_prehandshake(exim_client_ctx->ssl, tlsp, host,
errstr))
return FALSE;
#endif
}
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifndef DISABLE_TLS_RESUME
tls_client_resume_posthandshake(exim_client_ctx, tlsp);
#endif
uschar c, * s;
size_t len = SSL_get_finished(exim_client_ctx->ssl, &c, 0);
int old_pool = store_pool;
-
+
SSL_get_finished(exim_client_ctx->ssl, s = store_get((int)len, TRUE), len);
store_pool = POOL_PERM;
tlsp->channelbinding = b64encode_taint(CUS s, (int)len, TRUE);
DEBUG(D_tls) debug_printf("Calling SSL_read(%p, %p, %u)\n", server_ssl,
ssl_xfer_buffer, ssl_xfer_buffer_size);
+ERR_clear_error();
if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout);
inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer,
MIN(ssl_xfer_buffer_size, lim));
DEBUG(D_tls) debug_printf("Calling SSL_read(%p, %p, %u)\n", ssl,
buff, (unsigned int)len);
+ERR_clear_error();
inbytes = SSL_read(ssl, CS buff, len);
error = SSL_get_error(ssl, inbytes);
for (int left = len; left > 0;)
{
DEBUG(D_tls) debug_printf("SSL_write(%p, %p, %d)\n", ssl, buff, left);
+ ERR_clear_error();
outbytes = SSL_write(ssl, CS buff, left);
error = SSL_get_error(ssl, outbytes);
DEBUG(D_tls) debug_printf("outbytes=%d error=%d\n", outbytes, error);