git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
build: use pkg-config for i18n
[exim.git]
/
src
/
src
/
tls-gnu.c
diff --git
a/src/src/tls-gnu.c
b/src/src/tls-gnu.c
index 56ea93935ee7d204bdc3442f97dce58c51ade0b0..7963e2c97bb5664824c990bd5e1ce3df1508dba3 100644
(file)
--- a/
src/src/tls-gnu.c
+++ b/
src/src/tls-gnu.c
@@
-2,7
+2,7
@@
* Exim - an Internet mail transport agent *
*************************************************/
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) The Exim Maintainers 2020 - 202
3
*/
+/* Copyright (c) The Exim Maintainers 2020 - 202
4
*/
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) Phil Pennock 2012 */
/* See the file NOTICE for conditions of use and distribution. */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) Phil Pennock 2012 */
/* See the file NOTICE for conditions of use and distribution. */
@@
-1185,6
+1185,8
@@
tls_server_servercerts_cb(gnutls_session_t session, unsigned int htype,
# ifdef notdef_crashes
/*XXX crashes */
return gnutls_ext_raw_parse(NULL, tls_server_servercerts_ext, msg, 0);
# ifdef notdef_crashes
/*XXX crashes */
return gnutls_ext_raw_parse(NULL, tls_server_servercerts_ext, msg, 0);
+# else
+return GNUTLS_E_SUCCESS;
# endif
}
#endif /*SUPPORT_GNUTLS_EXT_RAW_PARSE*/
# endif
}
#endif /*SUPPORT_GNUTLS_EXT_RAW_PARSE*/
@@
-1233,7
+1235,7
@@
switch (htype)
return tls_server_ticket_cb(sess, htype, when, incoming, msg);
# endif
default:
return tls_server_ticket_cb(sess, htype, when, incoming, msg);
# endif
default:
- return
0
;
+ return
GNUTLS_E_SUCCESS
;
}
}
#endif
}
}
#endif
@@
-1628,7
+1630,8
@@
and there seems little downside. */
static void
tls_client_creds_init(transport_instance * t, BOOL watch)
{
static void
tls_client_creds_init(transport_instance * t, BOOL watch)
{
-smtp_transport_options_block * ob = t->options_block;
+smtp_transport_options_block * ob = t->drinst.options_block;
+const uschar * trname = t->drinst.name;
exim_gnutls_state_st tpt_dummy_state;
host_item * dummy_host = (host_item *)1;
uschar * dummy_errstr;
exim_gnutls_state_st tpt_dummy_state;
host_item * dummy_host = (host_item *)1;
uschar * dummy_errstr;
@@
-1661,7
+1664,7
@@
if ( opt_set_and_noexpand(ob->tls_certificate)
const uschar * pkey = ob->tls_privatekey;
DEBUG(D_tls)
const uschar * pkey = ob->tls_privatekey;
DEBUG(D_tls)
- debug_printf("TLS: preloading client certs for transport '%s'\n", t
->
name);
+ debug_printf("TLS: preloading client certs for transport '%s'\n", t
r
name);
/* The state->lib_state.x509_cred is used for the certs load, and is the sole
structure element used. So we can set up a dummy. The hoat arg only
/* The state->lib_state.x509_cred is used for the certs load, and is the sole
structure element used. So we can set up a dummy. The hoat arg only
@@
-1675,7
+1678,7
@@
if ( opt_set_and_noexpand(ob->tls_certificate)
}
else
DEBUG(D_tls)
}
else
DEBUG(D_tls)
- debug_printf("TLS: not preloading client certs, for transport '%s'\n", t
->
name);
+ debug_printf("TLS: not preloading client certs, for transport '%s'\n", t
r
name);
/* If tls_verify_certificates is non-empty and has no $, load CAs.
If none was configured and we can't handle "system", treat as empty. */
/* If tls_verify_certificates is non-empty and has no $, load CAs.
If none was configured and we can't handle "system", treat as empty. */
@@
-1689,7
+1692,7
@@
if ( opt_set_and_noexpand(ob->tls_verify_certificates)
if (!watch || tls_set_watch(ob->tls_verify_certificates, FALSE))
{
DEBUG(D_tls)
if (!watch || tls_set_watch(ob->tls_verify_certificates, FALSE))
{
DEBUG(D_tls)
- debug_printf("TLS: preloading CA bundle for transport '%s'\n", t
->
name);
+ debug_printf("TLS: preloading CA bundle for transport '%s'\n", t
r
name);
if (creds_load_cabundle(&tpt_dummy_state, ob->tls_verify_certificates,
dummy_host, &dummy_errstr) != OK)
return;
if (creds_load_cabundle(&tpt_dummy_state, ob->tls_verify_certificates,
dummy_host, &dummy_errstr) != OK)
return;
@@
-1699,19
+1702,19
@@
if ( opt_set_and_noexpand(ob->tls_verify_certificates)
{
if (!watch || tls_set_watch(ob->tls_crl, FALSE))
{
{
if (!watch || tls_set_watch(ob->tls_crl, FALSE))
{
- DEBUG(D_tls) debug_printf("TLS: preloading CRL for transport '%s'\n", t
->
name);
+ DEBUG(D_tls) debug_printf("TLS: preloading CRL for transport '%s'\n", t
r
name);
if (creds_load_crl(&tpt_dummy_state, ob->tls_crl, &dummy_errstr) != OK)
return;
ob->tls_preload.crl = TRUE;
}
}
else
if (creds_load_crl(&tpt_dummy_state, ob->tls_crl, &dummy_errstr) != OK)
return;
ob->tls_preload.crl = TRUE;
}
}
else
- DEBUG(D_tls) debug_printf("TLS: not preloading CRL, for transport '%s'\n", t
->
name);
+ DEBUG(D_tls) debug_printf("TLS: not preloading CRL, for transport '%s'\n", t
r
name);
}
}
else
DEBUG(D_tls)
}
}
else
DEBUG(D_tls)
- debug_printf("TLS: not preloading CA bundle, for transport '%s'\n", t
->
name);
+ debug_printf("TLS: not preloading CA bundle, for transport '%s'\n", t
r
name);
/* We do not preload tls_require_ciphers to to the transport as it implicitly
depends on DANE or plain usage. */
/* We do not preload tls_require_ciphers to to the transport as it implicitly
depends on DANE or plain usage. */
@@
-1740,7
+1743,7
@@
state_server.lib_state = null_tls_preload;
static void
tls_client_creds_invalidate(transport_instance * t)
{
static void
tls_client_creds_invalidate(transport_instance * t)
{
-smtp_transport_options_block * ob = t->options_block;
+smtp_transport_options_block * ob = t->
drinst.
options_block;
if (ob->tls_preload.x509_cred)
gnutls_certificate_free_credentials(ob->tls_preload.x509_cred);
ob->tls_preload = null_tls_preload;
if (ob->tls_preload.x509_cred)
gnutls_certificate_free_credentials(ob->tls_preload.x509_cred);
ob->tls_preload = null_tls_preload;
@@
-2312,8
+2315,9
@@
old_pool = store_pool;
if (*s) s++; /* now on _ between groups */
while ((c = *s))
{
if (*s) s++; /* now on _ between groups */
while ((c = *s))
{
- for (*++s && ++s; (c = *s) && c != ')'; s++)
- g = string_catn(g, c == '-' ? US"_" : s, 1);
+ if (*++s)
+ for (++s; (c = *s) && c != ')'; s++)
+ g = string_catn(g, c == '-' ? US"_" : s, 1);
/* now on ) closing group */
if ((c = *s) && *++s == '-') g = string_catn(g, US"__", 2);
/* now on _ between groups */
/* now on ) closing group */
if ((c = *s) && *++s == '-') g = string_catn(g, US"__", 2);
/* now on _ between groups */
@@
-3383,7
+3387,7
@@
if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)
memcpy(dt->session, tkt.data, tkt.size);
gnutls_free(tkt.data);
memcpy(dt->session, tkt.data, tkt.size);
gnutls_free(tkt.data);
- if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))
+ if ((dbm_file = dbfn_open(US"tls", O_RDWR
|O_CREAT
, &dbblock, FALSE, FALSE)))
{
/* key for the db is the IP */
dbfn_write(dbm_file, tlsp->resume_index, dt, dlen);
{
/* key for the db is the IP */
dbfn_write(dbm_file, tlsp->resume_index, dt, dlen);
@@
-3475,7
+3479,7
@@
tls_client_start(client_conn_ctx * cctx, smtp_connect_args * conn_args,
host_item * host = conn_args->host; /* for msgs and option-tests */
transport_instance * tb = conn_args->tblock; /* always smtp or NULL */
smtp_transport_options_block * ob = tb
host_item * host = conn_args->host; /* for msgs and option-tests */
transport_instance * tb = conn_args->tblock; /* always smtp or NULL */
smtp_transport_options_block * ob = tb
- ?
(smtp_transport_options_block *)tb->
options_block
+ ?
tb->drinst.
options_block
: &smtp_transport_option_defaults;
int rc;
exim_gnutls_state_st * state = NULL;
: &smtp_transport_option_defaults;
int rc;
exim_gnutls_state_st * state = NULL;
@@
-3900,7
+3904,7
@@
else if (inbytes < 0)
return FALSE;
}
#ifndef DISABLE_DKIM
return FALSE;
}
#ifndef DISABLE_DKIM
-
dkim_exim
_verify_feed(state->xfer_buffer, inbytes);
+
smtp
_verify_feed(state->xfer_buffer, inbytes);
#endif
state->xfer_buffer_hwm = (int) inbytes;
state->xfer_buffer_lwm = 0;
#endif
state->xfer_buffer_hwm = (int) inbytes;
state->xfer_buffer_lwm = 0;
@@
-3976,7
+3980,7
@@
int n = state->xfer_buffer_hwm - state->xfer_buffer_lwm;
if (n > lim)
n = lim;
if (n > 0)
if (n > lim)
n = lim;
if (n > 0)
-
dkim_exim
_verify_feed(state->xfer_buffer+state->xfer_buffer_lwm, n);
+
smtp
_verify_feed(state->xfer_buffer+state->xfer_buffer_lwm, n);
#endif
}
#endif
}