* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Portions Copyright (c) The OpenSSL Project 1999 */
if (rc < 0)
{
log_write(0, LOG_MAIN, "[%s] SSL verify error: internal error",
- tlsp == &tls_out ? deliver_host_address : sender_host_address);
+ deliver_host_address);
name = NULL;
}
break;
{
X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
uschar dn[256];
-#ifndef DISABLE_EVENT
int depth = X509_STORE_CTX_get_error_depth(x509ctx);
+#ifndef DISABLE_EVENT
BOOL dummy_called, optional = FALSE;
#endif
return TRUE;
/* "auto" needs to be handled carefully.
- * OpenSSL < 1.0.2: we do not select anything, but fallback to primve256v1
+ * OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1
* OpenSSL < 1.1.0: we have to call SSL_CTX_set_ecdh_auto
- * (openss/ssl.h defines SSL_CTRL_SET_ECDH_AUTO)
+ * (openssl/ssl.h defines SSL_CTRL_SET_ECDH_AUTO)
* OpenSSL >= 1.1.0: we do not set anything, the libray does autoselection
* https://github.com/openssl/openssl/commit/fe6ef2472db933f01b59cad82aa925736935984b
*/
OCSP_NOSIGS OCSP_NOVERIFY OCSP_NOCHAIN OCSP_NOCHECKS OCSP_NOEXPLICIT
OCSP_TRUSTOTHER OCSP_NOINTERN */
-/* This does a full verify on the OCSP proof before we load it for serviing
+/* This does a full verify on the OCSP proof before we load it for serving
up; possibly overkill - just date-checks might be nice enough.
OCSP_basic_verify takes a "store" arg, but does not
We do not free the stack since it could be needed a second time for
SNI handling.
-Seperately we might try to replace using OCSP_basic_verify() - which seems to not
+Separately we might try to replace using OCSP_basic_verify() - which seems to not
be a public interface into the OpenSSL library (there's no manual entry) -
But what with? We also use OCSP_basic_verify in the client stapling callback.
-And there we NEED it; we miust verify that status... unless the
+And there we NEED it; we must verify that status... unless the
library does it for us anyway? */
if ((i = OCSP_basic_verify(basic_response, sk, NULL, verify_flags)) < 0)
if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL)))
goto err;
-where = US"assiging pkey";
+where = US"assigning pkey";
if (!EVP_PKEY_assign_RSA(pkey, rsa))
goto err;
{
long init_options;
int rc;
-BOOL okay;
tls_ext_ctx_cb * cbinfo;
cbinfo = store_malloc(sizeof(tls_ext_ctx_cb));
No OpenSSL version number checks: the options we accept depend upon the
availability of the option value macros from OpenSSL. */
-okay = tls_openssl_options_parse(openssl_options, &init_options);
-if (!okay)
+if (!tls_openssl_options_parse(openssl_options, &init_options))
return tls_error(US"openssl_options parsing failed", host, NULL);
if (init_options)
else
DEBUG(D_tls) debug_printf("no SSL CTX options to set\n");
+/* Disable session cache unconditionally */
+
+(void) SSL_CTX_set_session_cache_mode(*ctxp, SSL_SESS_CACHE_OFF);
+
/* Initialize with DH parameters if supplied */
/* Initialize ECDH temp key parameter selection */
callback is invoked. */
if (cbinfo->u_ocsp.server.file)
{
- SSL_CTX_set_tlsext_status_cb(server_ctx, tls_server_stapling_cb);
- SSL_CTX_set_tlsext_status_arg(server_ctx, cbinfo);
+ SSL_CTX_set_tlsext_status_cb(*ctxp, tls_server_stapling_cb);
+ SSL_CTX_set_tlsext_status_arg(*ctxp, cbinfo);
}
# endif
/* We always do this, so that $tls_sni is available even if not used in
variant.
If a list isn't loaded into the server, but
some verify locations are set, the server end appears to make
- a wildcard reqest for client certs.
+ a wildcard request for client certs.
Meanwhile, the client library as default behaviour *ignores* the list
we send over the wire - see man SSL_CTX_set_client_cert_cb.
Because of this, and that the dir variant is likely only used for
Returns: OK on success
DEFER for errors before the start of the negotiation
- FAIL for errors during the negotation; the server can't
+ FAIL for errors during the negotiation; the server can't
continue running.
*/
/* This gets the next byte from the TLS input buffer. If the buffer is empty,
it refills the buffer via the SSL reading function.
-Arguments: none
+Arguments: lim Maximum amount to read/buffer
Returns: the next character or EOF
Only used by the server-side TLS.
*/
int
-tls_getc(void)
+tls_getc(unsigned lim)
{
if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm)
{
ssl_xfer_buffer, ssl_xfer_buffer_size);
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
- inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size);
+ inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer,
+ MIN(ssl_xfer_buffer_size, lim));
error = SSL_get_error(server_ssl, inbytes);
alarm(0);
tls_in.peerdn = NULL;
tls_in.sni = NULL;
- return smtp_getc();
+ return smtp_getc(lim);
}
/* Handle genuine errors */
uschar keep_c;
BOOL adding, item_parsed;
-result = 0L;
+result = SSL_OP_NO_TICKET;
/* Prior to 4.80 we or'd in SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; removed
* from default because it increases BEAST susceptibility. */
#ifdef SSL_OP_NO_SSLv2
result |= SSL_OP_SINGLE_DH_USE;
#endif
-if (option_spec == NULL)
+if (!option_spec)
{
*results = result;
return TRUE;
git://git.exim.org / exim.git / blobdiff