+
+
+#ifdef SUPPORT_DANE
+/* Given our list of RRs from the TLSA lookup, build a lookup block in
+GnuTLS-DANE's preferred format. Hang it on the state str for later
+use in DANE verification.
+
+We point at the dnsa data not copy it, so it must remain valid until
+after verification is done.*/
+
+static BOOL
+dane_tlsa_load(exim_gnutls_state_st * state, dns_answer * dnsa)
+{
+dns_scan dnss;
+int i;
+const char ** dane_data;
+int * dane_data_len;
+
+i = 1;
+for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
+ rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
+ ) if (rr->type == T_TLSA) i++;
+
+dane_data = store_get(i * sizeof(uschar *));
+dane_data_len = store_get(i * sizeof(int));
+
+i = 0;
+for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
+ rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
+ ) if (rr->type == T_TLSA && rr->size > 3)
+ {
+ const uschar * p = rr->data;
+ uint8_t usage = p[0], sel = p[1], type = p[2];
+
+ DEBUG(D_tls)
+ debug_printf("TLSA: %d %d %d size %d\n", usage, sel, type, rr->size);
+
+ if ( (usage != DANESSL_USAGE_DANE_TA && usage != DANESSL_USAGE_DANE_EE)
+ || (sel != 0 && sel != 1)
+ )
+ continue;
+ switch(type)
+ {
+ case 0: /* Full: cannot check at present */
+ break;
+ case 1: if (rr->size != 3 + 256/8) continue; /* sha2-256 */
+ break;
+ case 2: if (rr->size != 3 + 512/8) continue; /* sha2-512 */
+ break;
+ default: continue;
+ }
+
+ tls_out.tlsa_usage |= 1<<usage;
+ dane_data[i] = CS p;
+ dane_data_len[i++] = rr->size;
+ }
+
+if (!i) return FALSE;
+
+dane_data[i] = NULL;
+dane_data_len[i] = 0;
+
+state->dane_data = (char * const *)dane_data;
+state->dane_data_len = dane_data_len;
+return TRUE;
+}
+#endif
+
+
+
+#ifdef EXPERIMENTAL_TLS_RESUME
+/* On the client, get any stashed session for the given IP from hints db
+and apply it to the ssl-connection for attempted resumption. Although
+there is a gnutls_session_ticket_enable_client() interface it is
+documented as unnecessary (as of 3.6.7) as "session tickets are emabled
+by deafult". There seems to be no way to disable them, so even hosts not
+enabled by the transport option will be sent a ticket request. We will
+however avoid storing and retrieving session information. */
+
+static void
+tls_retrieve_session(tls_support * tlsp, gnutls_session_t session,
+ host_item * host, smtp_transport_options_block * ob)
+{
+tlsp->resumption = RESUME_SUPPORTED;
+if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, host) == OK)
+ {
+ dbdata_tls_session * dt;
+ int len, rc;
+ open_db dbblock, * dbm_file;
+
+ DEBUG(D_tls)
+ debug_printf("check for resumable session for %s\n", host->address);
+ tlsp->host_resumable = TRUE;
+ tlsp->resumption |= RESUME_CLIENT_REQUESTED;
+ if ((dbm_file = dbfn_open(US"tls", O_RDONLY, &dbblock, FALSE, FALSE)))
+ {
+ /* Key for the db is the IP. We'd like to filter the retrieved session
+ for ticket advisory expiry, but 3.6.1 seems to give no access to that */
+
+ if ((dt = dbfn_read_with_length(dbm_file, host->address, &len)))
+ if (!(rc = gnutls_session_set_data(session,
+ CUS dt->session, (size_t)len - sizeof(dbdata_tls_session))))
+ {
+ DEBUG(D_tls) debug_printf("good session\n");
+ tlsp->resumption |= RESUME_CLIENT_SUGGESTED;
+ }
+ else DEBUG(D_tls) debug_printf("setting session resumption data: %s\n",
+ US gnutls_strerror(rc));
+ dbfn_close(dbm_file);
+ }
+ }
+}
+
+
+static void
+tls_save_session(tls_support * tlsp, gnutls_session_t session, const host_item * host)
+{
+/* TLS 1.2 - we get both the callback and the direct posthandshake call,
+but this flag is not set until the second. TLS 1.3 it's the other way about.
+Keep both calls as the session data cannot be extracted before handshake
+completes. */
+
+if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)
+ {
+ gnutls_datum_t tkt;
+ int rc;
+
+ DEBUG(D_tls) debug_printf("server offered session ticket\n");
+ tlsp->ticket_received = TRUE;
+ tlsp->resumption |= RESUME_SERVER_TICKET;
+
+ if (tlsp->host_resumable)
+ if (!(rc = gnutls_session_get_data2(session, &tkt)))
+ {
+ open_db dbblock, * dbm_file;
+ int dlen = sizeof(dbdata_tls_session) + tkt.size;
+ dbdata_tls_session * dt = store_get(dlen);
+
+ DEBUG(D_tls) debug_printf("session data size %u\n", (unsigned)tkt.size);
+ memcpy(dt->session, tkt.data, tkt.size);
+ gnutls_free(tkt.data);
+
+ if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))
+ {
+ /* key for the db is the IP */
+ dbfn_delete(dbm_file, host->address);
+ dbfn_write(dbm_file, host->address, dt, dlen);
+ dbfn_close(dbm_file);
+
+ DEBUG(D_tls)
+ debug_printf("wrote session db (len %u)\n", (unsigned)dlen);
+ }
+ }
+ else DEBUG(D_tls)
+ debug_printf("extract session data: %s\n", US gnutls_strerror(rc));
+ }
+}
+
+
+/* With a TLS1.3 session, the ticket(s) are not seen until
+the first data read is attempted. And there's often two of them.
+Pick them up with this callback. We are also called for 1.2
+but we do nothing.
+*/
+static int
+tls_client_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
+ unsigned incoming, const gnutls_datum_t * msg)
+{
+exim_gnutls_state_st * state = gnutls_session_get_ptr(sess);
+tls_support * tlsp = state->tlsp;
+
+DEBUG(D_tls) debug_printf("newticket cb\n");
+
+if (!tlsp->ticket_received)
+ tls_save_session(tlsp, sess, state->host);
+return 0;
+}
+
+
+static void
+tls_client_resume_prehandshake(exim_gnutls_state_st * state,
+ tls_support * tlsp, host_item * host,
+ smtp_transport_options_block * ob)
+{
+gnutls_session_set_ptr(state->session, state);
+gnutls_handshake_set_hook_function(state->session,
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, GNUTLS_HOOK_POST, tls_client_ticket_cb);
+
+tls_retrieve_session(tlsp, state->session, host, ob);
+}
+
+static void
+tls_client_resume_posthandshake(exim_gnutls_state_st * state,
+ tls_support * tlsp, host_item * host)
+{
+if (gnutls_session_is_resumed(state->session))
+ {
+ DEBUG(D_tls) debug_printf("Session resumed\n");
+ tlsp->resumption |= RESUME_USED;
+ }
+
+tls_save_session(tlsp, state->session, host);
+}
+#endif /* EXPERIMENTAL_TLS_RESUME */
+
+
git://git.exim.org / exim.git / blobdiff