# ifndef EXIM_HAVE_OPENSSL_CIPHER_GET_ID
# define SSL_CIPHER_get_id(c) (c->id)
# endif
-# include "tls-cipher-stdname.c"
+# ifndef MACRO_PREDEF
+# include "tls-cipher-stdname.c"
+# endif
#endif
/*************************************************
typedef struct {
SSL_CTX * ctx;
SSL * ssl;
+ gstring * corked;
} exim_openssl_client_tls_ctx;
static SSL_CTX *server_ctx = NULL;
#ifdef EXIM_HAVE_OPENSSL_KEYLOG
{
- BIO * bp = BIO_new(BIO_s_mem());
- uschar * s;
- int len;
+ BIO * bp = BIO_new_fp(debug_file, BIO_NOCLOSE);
SSL_SESSION_print_keylog(bp, SSL_get_session(server_ssl));
- len = (int) BIO_get_mem_data(bp, CSS &s);
- debug_printf("%.*s", len, s);
BIO_free(bp);
}
#endif
rc = store_pool;
store_pool = POOL_PERM;
exim_client_ctx = store_get(sizeof(exim_openssl_client_tls_ctx));
+exim_client_ctx->corked = NULL;
store_pool = rc;
#ifdef SUPPORT_DANE
debug_printf("SSL_connect succeeded\n");
#ifdef EXIM_HAVE_OPENSSL_KEYLOG
{
- BIO * bp = BIO_new(BIO_s_mem());
- if (bp)
- {
- uschar * s;
- int len;
- SSL_SESSION_print_keylog(bp, SSL_get_session(exim_client_ctx->ssl));
- len = (int) BIO_get_mem_data(bp, CSS &s);
- debug_printf("%.*s", len, s);
- BIO_free(bp);
- }
- else
- debug_printf("(alloc failure for keylog)\n");
+ BIO * bp = BIO_new_fp(debug_file, BIO_NOCLOSE);
+ SSL_SESSION_print_keylog(bp, SSL_get_session(exim_client_ctx->ssl));
+ BIO_free(bp);
}
#endif
}
{
size_t olen = len;
int outbytes, error;
-SSL * ssl = ct_ctx ? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl : server_ssl;
-static gstring * corked = NULL;
+SSL * ssl = ct_ctx
+ ? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl : server_ssl;
+static gstring * server_corked = NULL;
+gstring ** corkedp = ct_ctx
+ ? &((exim_openssl_client_tls_ctx *)ct_ctx)->corked : &server_corked;
+gstring * corked = *corkedp;
DEBUG(D_tls) debug_printf("%s(%p, %lu%s)\n", __FUNCTION__,
buff, (unsigned long)len, more ? ", more" : "");
/* Lacking a CORK or MSG_MORE facility (such as GnuTLS has) we copy data when
"more" is notified. This hack is only ok if small amounts are involved AND only
one stream does it, in one context (i.e. no store reset). Currently it is used
-for the responses to the received SMTP MAIL , RCPT, DATA sequence, only. */
+for the responses to the received SMTP MAIL , RCPT, DATA sequence, only.
+We support callouts done by the server process by using a separate client
+context for the stashed information. */
/* + if PIPE_COMMAND, banner & ehlo-resp for smmtp-on-connect. Suspect there's
a store reset there, so use POOL_PERM. */
/* + if CHUNKING, cmds EHLO,MAIL,RCPT(s),BDAT */
#endif
if (more)
+ {
+ *corkedp = corked;
return len;
+ }
buff = CUS corked->s;
len = corked->ptr;
- corked = NULL;
+ *corkedp = NULL;
}
for (int left = len; left > 0;)
DEBUG(D_tls) debug_printf("openssl option setting unrecognised: \"%s\"\n", s);
return FALSE;
}
- DEBUG(D_tls) debug_printf("openssl option, %s from %lx: %lx (%s)\n",
- adding ? "adding" : "removing", result, item, s);
+ DEBUG(D_tls) debug_printf("openssl option, %s %8lx: %lx (%s)\n",
+ adding ? "adding to " : "removing from", result, item, s);
if (adding)
result |= item;
else