git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Rewrites: fix delivery crash from constant errors_to. Bug 3081
[exim.git]
/
src
/
src
/
tls-gnu.c
diff --git
a/src/src/tls-gnu.c
b/src/src/tls-gnu.c
index afb59c33f6f5e53853b1f00c7a7f780a0710eabc..3e8ec6d847b8f0d88353231c795def00cdc29cc5 100644
(file)
--- a/
src/src/tls-gnu.c
+++ b/
src/src/tls-gnu.c
@@
-2,7
+2,7
@@
* Exim - an Internet mail transport agent *
*************************************************/
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) The Exim Maintainers 2020 - 202
2
*/
+/* Copyright (c) The Exim Maintainers 2020 - 202
3
*/
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) Phil Pennock 2012 */
/* See the file NOTICE for conditions of use and distribution. */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) Phil Pennock 2012 */
/* See the file NOTICE for conditions of use and distribution. */
@@
-1185,6
+1185,8
@@
tls_server_servercerts_cb(gnutls_session_t session, unsigned int htype,
# ifdef notdef_crashes
/*XXX crashes */
return gnutls_ext_raw_parse(NULL, tls_server_servercerts_ext, msg, 0);
# ifdef notdef_crashes
/*XXX crashes */
return gnutls_ext_raw_parse(NULL, tls_server_servercerts_ext, msg, 0);
+# else
+return GNUTLS_E_SUCCESS;
# endif
}
#endif /*SUPPORT_GNUTLS_EXT_RAW_PARSE*/
# endif
}
#endif /*SUPPORT_GNUTLS_EXT_RAW_PARSE*/
@@
-1233,7
+1235,7
@@
switch (htype)
return tls_server_ticket_cb(sess, htype, when, incoming, msg);
# endif
default:
return tls_server_ticket_cb(sess, htype, when, incoming, msg);
# endif
default:
- return
0
;
+ return
GNUTLS_E_SUCCESS
;
}
}
#endif
}
}
#endif
@@
-2851,7
+2853,7
@@
static int
tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
unsigned incoming, const gnutls_datum_t * msg)
{
tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
unsigned incoming, const gnutls_datum_t * msg)
{
-DEBUG(D_tls) debug_printf("newticket cb\n");
+DEBUG(D_tls) debug_printf("newticket cb
(on server)
\n");
tls_in.resumption |= RESUME_CLIENT_REQUESTED;
return 0;
}
tls_in.resumption |= RESUME_CLIENT_REQUESTED;
return 0;
}
@@
-2888,9
+2890,12
@@
tls_server_resume_posthandshake(exim_gnutls_state_st * state)
{
if (gnutls_session_resumption_requested(state->session))
{
{
if (gnutls_session_resumption_requested(state->session))
{
- /* This tells us the client sent a full ticket. We use a
+ /* This tells us the client sent a full
(?)
ticket. We use a
callback on session-ticket request, elsewhere, to tell
callback on session-ticket request, elsewhere, to tell
- if a client asked for a ticket. */
+ if a client asked for a ticket.
+ XXX As of GnuTLS 3.0.1 it seems to be returning true even for
+ a pure ticket-req (a zero-length Session Ticket extension
+ in the Client Hello, for 1.2) which mucks up our logic. */
tls_in.resumption |= RESUME_CLIENT_SUGGESTED;
DEBUG(D_tls) debug_printf("client requested resumption\n");
tls_in.resumption |= RESUME_CLIENT_SUGGESTED;
DEBUG(D_tls) debug_printf("client requested resumption\n");
@@
-3319,7
+3324,8
@@
tls_retrieve_session(tls_support * tlsp, gnutls_session_t session,
tlsp->resumption = RESUME_SUPPORTED;
if (!conn_args->have_lbserver)
tlsp->resumption = RESUME_SUPPORTED;
if (!conn_args->have_lbserver)
- { DEBUG(D_tls) debug_printf("resumption not supported on continued-connection\n"); }
+ { DEBUG(D_tls) debug_printf(
+ "resumption not supported: no LB detection done (continued-conn?)\n"); }
else if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, conn_args->host) == OK)
{
dbdata_tls_session * dt;
else if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, conn_args->host) == OK)
{
dbdata_tls_session * dt;
@@
-3347,6
+3353,7
@@
else if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, conn_args->host
dbfn_close(dbm_file);
}
}
dbfn_close(dbm_file);
}
}
+else DEBUG(D_tls) debug_printf("no resumption for this host\n");
}
}
@@
-3374,7
+3381,7
@@
if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)
int dlen = sizeof(dbdata_tls_session) + tkt.size;
dbdata_tls_session * dt = store_get(dlen, GET_TAINTED);
int dlen = sizeof(dbdata_tls_session) + tkt.size;
dbdata_tls_session * dt = store_get(dlen, GET_TAINTED);
- DEBUG(D_tls) debug_printf("session data size %u\n", (unsigned)tkt.size);
+ DEBUG(D_tls) debug_printf("
session data size %u\n", (unsigned)tkt.size);
memcpy(dt->session, tkt.data, tkt.size);
gnutls_free(tkt.data);
memcpy(dt->session, tkt.data, tkt.size);
gnutls_free(tkt.data);
@@
-3385,11
+3392,15
@@
if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)
dbfn_close(dbm_file);
DEBUG(D_tls)
dbfn_close(dbm_file);
DEBUG(D_tls)
- debug_printf("wrote session db (len %u)\n", (unsigned)dlen);
+ debug_printf("
wrote session db (len %u)\n", (unsigned)dlen);
}
}
}
}
- else DEBUG(D_tls)
- debug_printf("extract session data: %s\n", US gnutls_strerror(rc));
+ else
+ { DEBUG(D_tls)
+ debug_printf(" extract session data: %s\n", US gnutls_strerror(rc));
+ }
+ else DEBUG(D_tls)
+ debug_printf(" host not resmable; not saving ticket\n");
}
}
}
}
@@
-3406,7
+3417,7
@@
tls_client_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
exim_gnutls_state_st * state = gnutls_session_get_ptr(sess);
tls_support * tlsp = state->tlsp;
exim_gnutls_state_st * state = gnutls_session_get_ptr(sess);
tls_support * tlsp = state->tlsp;
-DEBUG(D_tls) debug_printf("newticket cb\n");
+DEBUG(D_tls) debug_printf("newticket cb
(on client)
\n");
if (!tlsp->ticket_received)
tls_save_session(tlsp, sess, state->host);
if (!tlsp->ticket_received)
tls_save_session(tlsp, sess, state->host);