* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2024 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
-/* See the file NOTICE for conditions of use and distribution. */
-
/* Copyright (c) Phil Pennock 2012 */
+/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* This file provides TLS/SSL support for Exim using the GnuTLS library,
one of the available supported implementations. This file is #included into
#if GNUTLS_VERSION_NUMBER >= 0x030506 && !defined(DISABLE_OCSP)
# define SUPPORT_SRV_OCSP_STACK
#endif
-#if GNUTLS_VERSION_NUMBER >= 0x030600
-# define GNUTLS_AUTO_DHPARAMS
-#endif
#if GNUTLS_VERSION_NUMBER >= 0x030603
# define EXIM_HAVE_TLS1_3
# define SUPPORT_GNUTLS_EXT_RAW_PARSE
# endif
#endif
-#ifdef EXPERIMENTAL_TLS_RESUME
-# if GNUTLS_VERSION_NUMBER < 0x030603
-# error GNUTLS version too early for session-resumption
+#ifndef DISABLE_TLS_RESUME
+# if GNUTLS_VERSION_NUMBER >= 0x030603
+# define EXIM_HAVE_TLS_RESUME
+# else
+# warning "GnuTLS library version too old; resumption unsupported"
+# endif
+#endif
+
+#if GNUTLS_VERSION_NUMBER >= 0x030200
+# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
+# define EXIM_HAVE_ALPN
# endif
#endif
+#if GNUTLS_VERSION_NUMBER >= 0x030702
+# define HAVE_GNUTLS_EXPORTER
+#endif
+
#ifndef DISABLE_OCSP
# include <gnutls/ocsp.h>
#endif
void
options_tls(void)
{
-# ifdef EXPERIMENTAL_TLS_RESUME
+# ifndef DISABLE_TLS_RESUME
builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );
# endif
# ifdef EXIM_HAVE_TLS1_3
# ifdef SUPPORT_SRV_OCSP_STACK
builtin_macro_create(US"_HAVE_TLS_OCSP_LIST");
# endif
+#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
+builtin_macro_create(US"_HAVE_TLS_CA_CACHE");
+# endif
+# ifdef EXIM_HAVE_ALPN
+builtin_macro_create(US"_HAVE_TLS_ALPN");
+# endif
}
#else
typedef struct exim_gnutls_state {
gnutls_session_t session;
- gnutls_certificate_credentials_t x509_cred;
- gnutls_priority_t priority_cache;
+
+ exim_tlslib_state lib_state;
+#define x509_cred libdata0
+#define pri_cache libdata1
+
enum peer_verify_requirement verify_requirement;
int fd_in;
int fd_out;
XXX But see gnutls_session_get_ptr()
*/
-static exim_gnutls_state_st state_server;
+static exim_gnutls_state_st state_server = {
+ /* all elements not explicitly intialised here get 0/NULL/FALSE */
+ .fd_in = -1,
+ .fd_out = -1,
+};
-#ifndef GNUTLS_AUTO_DHPARAMS
/* dh_params are initialised once within the lifetime of a process using TLS;
if we used TLS in a long-lived daemon, we'd have to reconsider this. But we
don't want to repeat this. */
static gnutls_dh_params_t dh_server_params = NULL;
-#endif
static int ssl_session_timeout = 7200; /* Two hours */
static BOOL exim_testharness_disable_ocsp_validity_check = FALSE;
#endif
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifdef EXIM_HAVE_ALPN
+static int server_seen_alpn = -1; /* count of names */
+#endif
+#ifdef EXIM_HAVE_TLS_RESUME
static gnutls_datum_t server_sessticket_key;
#endif
+
/* ------------------------------------------------------------------------ */
/* macros */
# define EXIM_SERVER_DH_BITS_PRE2_12 1024
#endif
-#define expand_check_tlsvar(Varname, errstr) \
+#define Expand_check_tlsvar(Varname, errstr) \
expand_check(state->Varname, US #Varname, &state->exp_##Varname, errstr)
#if GNUTLS_VERSION_NUMBER >= 0x020c00
# endif /* AVOID_GNUTLS_PKCS11 */
#endif
+#if GNUTLS_VERSION_NUMBER >= 0x030404
+# define HAVE_GNUTLS_PRF_RFC5705
+#endif
static int exim_sni_handling_cb(gnutls_session_t session);
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
static int
tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
unsigned incoming, const gnutls_datum_t * msg);
#endif
-/* Daemon one-time initialisation */
-void
-tls_daemon_init(void)
-{
-#ifdef EXPERIMENTAL_TLS_RESUME
-/* We are dependent on the GnuTLS implementation of the Session Ticket
-encryption; both the strength and the key rotation period. We hope that
-the strength at least matches that of the ciphersuite (but GnuTLS does not
-document this). */
-
-static BOOL once = FALSE;
-if (once) return;
-once = TRUE;
-gnutls_session_ticket_key_generate(&server_sessticket_key); /* >= 2.10.0 */
-if (f.running_in_test_harness) ssl_session_timeout = 6;
-#endif
-}
-
-/* ------------------------------------------------------------------------ */
-/* Static functions */
-
/*************************************************
* Handle TLS error *
*************************************************/
the connected host if setting up a client
errstr pointer to returned error string
-Returns: OK/DEFER/FAIL
+Returns: DEFER/FAIL
*/
static int
}
+/* Returns: DEFER/FAIL */
static int
-tls_error_gnu(const uschar *prefix, int err, const host_item *host,
+tls_error_gnu(exim_gnutls_state_st * state, const uschar *prefix, int err,
uschar ** errstr)
{
-return tls_error(prefix, US gnutls_strerror(err), host, errstr);
+return tls_error(prefix,
+ state && err == GNUTLS_E_FATAL_ALERT_RECEIVED
+ ? string_sprintf("rxd alert: %s",
+ US gnutls_alert_get_name(gnutls_alert_get(state->session)))
+ : US gnutls_strerror(err),
+ state ? state->host : NULL,
+ errstr);
}
static int
}
+/* ------------------------------------------------------------------------ */
+/* Initialisation */
+
+#ifndef DISABLE_OCSP
+
+static BOOL
+tls_is_buggy_ocsp(void)
+{
+const uschar * s;
+uschar maj, mid, mic;
+
+s = CUS gnutls_check_version(NULL);
+maj = atoi(CCS s);
+if (maj == 3)
+ {
+ while (*s && *s != '.') s++;
+ mid = atoi(CCS ++s);
+ if (mid <= 2)
+ return TRUE;
+ else if (mid >= 5)
+ return FALSE;
+ else
+ {
+ while (*s && *s != '.') s++;
+ mic = atoi(CCS ++s);
+ return mic <= (mid == 3 ? 16 : 3);
+ }
+ }
+return FALSE;
+}
+
+#endif
+
+
+static int
+tls_g_init(uschar ** errstr)
+{
+int rc;
+DEBUG(D_tls) debug_printf("GnuTLS global init required\n");
+
+#if defined(HAVE_GNUTLS_PKCS11) && !defined(GNUTLS_AUTO_PKCS11_MANUAL)
+/* By default, gnutls_global_init will init PKCS11 support in auto mode,
+which loads modules from a config file, which sounds good and may be wanted
+by some sysadmin, but also means in common configurations that GNOME keyring
+environment variables are used and so breaks for users calling mailq.
+To prevent this, we init PKCS11 first, which is the documented approach. */
+
+if (!gnutls_allow_auto_pkcs11)
+ if ((rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL)))
+ return tls_error_gnu(NULL, US"gnutls_pkcs11_init", rc, errstr);
+#endif
+
+#ifndef GNUTLS_AUTO_GLOBAL_INIT
+if ((rc = gnutls_global_init()))
+ return tls_error_gnu(NULL, US"gnutls_global_init", rc, errstr);
+#endif
+
+#if EXIM_GNUTLS_LIBRARY_LOG_LEVEL >= 0
+DEBUG(D_tls)
+ {
+ gnutls_global_set_log_function(exim_gnutls_logger_cb);
+ /* arbitrarily chosen level; bump up to 9 for more */
+ gnutls_global_set_log_level(EXIM_GNUTLS_LIBRARY_LOG_LEVEL);
+ }
+#endif
+
+#ifndef DISABLE_OCSP
+if (tls_ocsp_file && (gnutls_buggy_ocsp = tls_is_buggy_ocsp()))
+ log_write(0, LOG_MAIN, "OCSP unusable with this GnuTLS library version");
+#endif
+
+exim_gnutls_base_init_done = TRUE;
+return OK;
+}
+
+
+
+/* Daemon-call before each connection. Nothing to do for GnuTLS. */
+
+static void
+tls_per_lib_daemon_tick(void)
+{
+}
+
+/* Daemon one-time initialisation */
+
+static void
+tls_per_lib_daemon_init(void)
+{
+uschar * dummy_errstr;
+static BOOL once = FALSE;
+
+if (!exim_gnutls_base_init_done)
+ tls_g_init(&dummy_errstr);
+
+if (!once)
+ {
+ once = TRUE;
+
+#ifdef EXIM_HAVE_TLS_RESUME
+ /* We are dependent on the GnuTLS implementation of the Session Ticket
+ encryption; both the strength and the key rotation period. We hope that
+ the strength at least matches that of the ciphersuite (but GnuTLS does not
+ document this). */
+
+ gnutls_session_ticket_key_generate(&server_sessticket_key); /* >= 2.10.0 */
+ if (f.running_in_test_harness) ssl_session_timeout = 6;
+#endif
+
+ tls_daemon_creds_reload();
+ }
+}
+
+/* ------------------------------------------------------------------------ */
+
/*************************************************
* Deal with logging errors during I/O *
*************************************************/
const uschar * msg;
uschar * errstr;
-if (rc == GNUTLS_E_FATAL_ALERT_RECEIVED)
- msg = string_sprintf("A TLS fatal alert has been received: %s",
- US gnutls_alert_get_name(gnutls_alert_get(state->session)));
-else
- msg = US gnutls_strerror(rc);
+if (rc == GNUTLS_E_INVALID_SESSION && errno == 0)
+ {
+ DEBUG(D_tls) debug_printf("- INVALID_SESSION with zero errno\n");
+ return;
+ }
+
+msg = rc == GNUTLS_E_FATAL_ALERT_RECEIVED
+ ? string_sprintf("A TLS fatal alert has been received: %s",
+ US gnutls_alert_get_name(gnutls_alert_get(state->session)))
+#ifdef GNUTLS_E_PREMATURE_TERMINATION
+ : rc == GNUTLS_E_PREMATURE_TERMINATION && errno
+ ? string_sprintf("%s: syscall: %s", US gnutls_strerror(rc), strerror(errno))
+#endif
+ : US gnutls_strerror(rc);
(void) tls_error(when, msg, state->host, &errstr);
static void
extract_exim_vars_from_tls_state(exim_gnutls_state_st * state)
{
-#ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING
-int old_pool;
-int rc;
-gnutls_datum_t channel;
-#endif
tls_support * tlsp = state->tlsp;
tlsp->active.sock = state->fd_out;
tlsp->channelbinding = NULL;
#ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING
-channel.data = NULL;
-channel.size = 0;
-if ((rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, &channel)))
- { DEBUG(D_tls) debug_printf("Channel binding error: %s\n", gnutls_strerror(rc)); }
-else
{
- /* Declare the taintedness of the binding info. On server, untainted; on
- client, tainted - being the Finish msg from the server. */
+ gnutls_datum_t channel = {.data = NULL, .size = 0};
+ int rc;
- old_pool = store_pool;
- store_pool = POOL_PERM;
- tlsp->channelbinding = b64encode_taint(CUS channel.data, (int)channel.size,
- !!state->host);
- store_pool = old_pool;
- DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n");
+# ifdef HAVE_GNUTLS_EXPORTER
+ if (gnutls_protocol_get_version(state->session) >= GNUTLS_TLS1_3)
+ {
+ rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_EXPORTER, &channel);
+ tlsp->channelbind_exporter = TRUE;
+ }
+ else
+# elif defined(HAVE_GNUTLS_PRF_RFC5705)
+ /* Older libraries may not have GNUTLS_TLS1_3 defined! */
+ if (gnutls_protocol_get_version(state->session) > GNUTLS_TLS1_2)
+ {
+ uschar * buf = store_get(32, state->host ? GET_TAINTED : GET_UNTAINTED);
+ rc = gnutls_prf_rfc5705(state->session,
+ (size_t)24, "EXPORTER-Channel-Binding", (size_t)0, "",
+ 32, CS buf);
+ channel.data = buf;
+ channel.size = 32;
+ }
+ else
+# endif
+ rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, &channel);
+
+ if (rc)
+ { DEBUG(D_tls) debug_printf("extracting channel binding: %s\n", gnutls_strerror(rc)); }
+ else
+ {
+ int old_pool = store_pool;
+ /* Declare the taintedness of the binding info. On server, untainted; on
+ client, tainted if we used the Finish msg from the server. */
+
+ store_pool = POOL_PERM;
+ tlsp->channelbinding = b64encode_taint(CUS channel.data, (int)channel.size,
+ !tlsp->channelbind_exporter && state->host ? GET_TAINTED : GET_UNTAINTED);
+ store_pool = old_pool;
+ DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n");
+ }
}
#endif
/* peercert is set in peer_status() */
tlsp->peerdn = state->peerdn;
-tlsp->sni = state->received_sni;
+
+/* do not corrupt sni sent by client; record sni rxd by server */
+if (!state->host)
+ tlsp->sni = state->received_sni;
/* record our certificate */
{
-#ifndef GNUTLS_AUTO_DHPARAMS
/*************************************************
* Setup up DH parameters *
*************************************************/
waste a bit of effort, but it doesn't seem worth messing around with locking to
prevent this.
-Returns: OK/DEFER/FAIL
+Returns: OK/DEFER (expansion issue)/FAIL (requested none)
*/
static int
{
int fd, rc;
unsigned int dh_bits;
-gnutls_datum_t m = {.data = NULL, .size = 0};
+gnutls_datum_t m;
uschar filename_buf[PATH_MAX];
uschar *filename = NULL;
size_t sz;
BOOL use_file_in_spool = FALSE;
host_item *host = NULL; /* dummy for macros */
-DEBUG(D_tls) debug_printf("Initialising GnuTLS server params.\n");
+DEBUG(D_tls) debug_printf("Initialising GnuTLS server params\n");
if ((rc = gnutls_dh_params_init(&dh_server_params)))
- return tls_error_gnu(US"gnutls_dh_params_init", rc, host, errstr);
+ return tls_error_gnu(NULL, US"gnutls_dh_params_init", rc, errstr);
+
+m.data = NULL;
+m.size = 0;
if (!expand_check(tls_dhparam, US"tls_dhparam", &exp_tls_dhparam, errstr))
return DEFER;
use_file_in_spool = TRUE;
else if (Ustrcmp(exp_tls_dhparam, "none") == 0)
{
- DEBUG(D_tls) debug_printf("Requested no DH parameters.\n");
- return OK;
+ DEBUG(D_tls) debug_printf("Requested no DH parameters\n");
+ return FAIL;
}
else if (exp_tls_dhparam[0] != '/')
{
if (m.data)
{
if ((rc = gnutls_dh_params_import_pkcs3(dh_server_params, &m, GNUTLS_X509_FMT_PEM)))
- return tls_error_gnu(US"gnutls_dh_params_import_pkcs3", rc, host, errstr);
+ return tls_error_gnu(NULL, US"gnutls_dh_params_import_pkcs3", rc, errstr);
DEBUG(D_tls) debug_printf("Loaded fixed standard D-H parameters\n");
return OK;
}
if (!(dh_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL)))
return tls_error(US"gnutls_sec_param_to_pk_bits() failed", NULL, NULL, errstr);
DEBUG(D_tls)
- debug_printf("GnuTLS tells us that for D-H PK, NORMAL is %d bits.\n",
+ debug_printf("GnuTLS tells us that for D-H PK, NORMAL is %d bits\n",
dh_bits);
#else
dh_bits = EXIM_SERVER_DH_BITS_PRE2_12;
DEBUG(D_tls)
- debug_printf("GnuTLS lacks gnutls_sec_param_to_pk_bits(), using %d bits.\n",
+ debug_printf("GnuTLS lacks gnutls_sec_param_to_pk_bits(), using %d bits\n",
dh_bits);
#endif
if (dh_bits > tls_dh_max_bits)
{
DEBUG(D_tls)
- debug_printf("tls_dh_max_bits clamping override, using %d bits instead.\n",
+ debug_printf("tls_dh_max_bits clamping override, using %d bits instead\n",
tls_dh_max_bits);
dh_bits = tls_dh_max_bits;
}
rc = gnutls_dh_params_import_pkcs3(dh_server_params, &m, GNUTLS_X509_FMT_PEM);
store_free(m.data);
if (rc)
- return tls_error_gnu(US"gnutls_dh_params_import_pkcs3", rc, host, errstr);
+ return tls_error_gnu(NULL, US"gnutls_dh_params_import_pkcs3", rc, errstr);
DEBUG(D_tls) debug_printf("read D-H parameters from file \"%s\"\n", filename);
}
debug_printf("D-H parameter cache file \"%s\" does not exist\n", filename);
}
else
- return tls_error(string_open_failed(errno, "\"%s\" for reading", filename),
+ return tls_error(string_open_failed("\"%s\" for reading", filename),
NULL, NULL, errstr);
/* If ret < 0, either the cache file does not exist, or the data it contains
return tls_error(US"Filename too long to generate replacement",
filename, NULL, errstr);
- temp_fn = string_copy(US"%s.XXXXXXX");
+ temp_fn = string_copy(US"exim-dh.XXXXXXX");
if ((fd = mkstemp(CS temp_fn)) < 0) /* modifies temp_fn */
return tls_error_sys(US"Unable to open temp file", errno, NULL, errstr);
(void)exim_chown(temp_fn, exim_uid, exim_gid); /* Probably not necessary */
- /* GnuTLS overshoots! If we ask for 2236, we might get 2237 or more. But
- there's no way to ask GnuTLS how many bits there really are. We can ask
- how many bits were used in a TLS session, but that's it! The prime itself
- is hidden behind too much abstraction. So we ask for less, and proceed on
- a wing and a prayer. First attempt, subtracted 3 for 2233 and got 2240. */
-
+ /* GnuTLS overshoots!
+ * If we ask for 2236, we might get 2237 or more.
+ * But there's no way to ask GnuTLS how many bits there really are.
+ * We can ask how many bits were used in a TLS session, but that's it!
+ * The prime itself is hidden behind too much abstraction.
+ * So we ask for less, and proceed on a wing and a prayer.
+ * First attempt, subtracted 3 for 2233 and got 2240.
+ */
if (dh_bits >= EXIM_CLIENT_DH_MIN_BITS + 10)
{
dh_bits_gen = dh_bits - 10;
debug_printf("requesting generation of %d bit Diffie-Hellman prime ...\n",
dh_bits_gen);
if ((rc = gnutls_dh_params_generate2(dh_server_params, dh_bits_gen)))
- return tls_error_gnu(US"gnutls_dh_params_generate2", rc, host, errstr);
+ return tls_error_gnu(NULL, US"gnutls_dh_params_generate2", rc, errstr);
/* gnutls_dh_params_export_pkcs3() will tell us the exact size, every time,
and I confirmed that a NULL call to get the size first is how the GnuTLS
if ( (rc = gnutls_dh_params_export_pkcs3(dh_server_params,
GNUTLS_X509_FMT_PEM, m.data, &sz))
&& rc != GNUTLS_E_SHORT_MEMORY_BUFFER)
- return tls_error_gnu(US"gnutls_dh_params_export_pkcs3(NULL) sizing",
- rc, host, errstr);
+ return tls_error_gnu(NULL, US"gnutls_dh_params_export_pkcs3(NULL) sizing",
+ rc, errstr);
m.size = sz;
if (!(m.data = store_malloc(m.size)))
return tls_error_sys(US"memory allocation failed", errno, NULL, errstr);
m.data, &sz)))
{
store_free(m.data);
- return tls_error_gnu(US"gnutls_dh_params_export_pkcs3() real", rc, host, errstr);
+ return tls_error_gnu(NULL, US"gnutls_dh_params_export_pkcs3() real", rc, errstr);
}
m.size = sz; /* shrink by 1, probably */
DEBUG(D_tls) debug_printf("initialized server D-H parameters\n");
return OK;
}
-#endif
-/* Create and install a selfsigned certificate, for use in server mode */
+/* Create and install a selfsigned certificate, for use in server mode. */
static int
tls_install_selfsign(exim_gnutls_state_st * state, uschar ** errstr)
if (TRUE) goto err;
#endif
+DEBUG(D_tls) debug_printf("TLS: generating selfsigned server cert\n");
where = US"initialising pkey";
if ((rc = gnutls_x509_privkey_init(&pkey))) goto err;
if ( (rc = gnutls_x509_crt_set_version(cert, 3))
|| (rc = gnutls_x509_crt_set_serial(cert, &now, sizeof(now)))
|| (rc = gnutls_x509_crt_set_activation_time(cert, now = time(NULL)))
- || (rc = gnutls_x509_crt_set_expiration_time(cert, now + 60 * 60)) /* 1 hr */
+ || (rc = gnutls_x509_crt_set_expiration_time(cert, now + (long)2 * 60 * 60)) /* 2 hour */
|| (rc = gnutls_x509_crt_set_key(cert, pkey))
|| (rc = gnutls_x509_crt_set_dn_by_oid(cert,
where = US"installing selfsign cert";
/* Since: 2.4.0 */
-if ((rc = gnutls_certificate_set_x509_key(state->x509_cred, &cert, 1, pkey)))
+if ((rc = gnutls_certificate_set_x509_key(state->lib_state.x509_cred,
+ &cert, 1, pkey)))
goto err;
rc = OK;
return rc;
err:
- rc = tls_error_gnu(where, rc, NULL, errstr);
+ rc = tls_error_gnu(state, where, rc, errstr);
goto out;
}
static int
tls_add_certfile(exim_gnutls_state_st * state, const host_item * host,
- uschar * certfile, uschar * keyfile, uschar ** errstr)
+ const uschar * certfile, const uschar * keyfile, uschar ** errstr)
{
-int rc = gnutls_certificate_set_x509_key_file(state->x509_cred,
- CS certfile, CS keyfile, GNUTLS_X509_FMT_PEM);
+int rc = gnutls_certificate_set_x509_key_file(state->lib_state.x509_cred,
+ CCS certfile, CCS keyfile, GNUTLS_X509_FMT_PEM);
if (rc < 0)
- return tls_error_gnu(
+ return tls_error_gnu(state,
string_sprintf("cert/key setup: cert=%s key=%s", certfile, keyfile),
- rc, host, errstr);
+ rc, errstr);
return -rc;
}
/* Make a note that we saw a status-request */
static int
tls_server_clienthello_ext(void * ctx, unsigned tls_id,
- const unsigned char *data, unsigned size)
+ const uschar * data, unsigned size)
{
-/* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */
-if (tls_id == 5) /* status_request */
+/* The values for tls_id are documented here:
+https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */
+switch (tls_id)
{
- DEBUG(D_tls) debug_printf("Seen status_request extension from client\n");
- tls_in.ocsp = OCSP_NOT_RESP;
+ case 5: /* Status Request */
+ DEBUG(D_tls) debug_printf("Seen status_request extension from client\n");
+ tls_in.ocsp = OCSP_NOT_RESP;
+ break;
+#ifdef EXIM_HAVE_ALPN
+ case 16: /* Application Layer Protocol Notification */
+ /* The format of "data" here doesn't seem to be documented, but appears
+ to be a 2-byte field with a (redundant, given the "size" arg) total length
+ then a sequence of one-byte size then string (not nul-term) names. The
+ latter is as described in OpenSSL documentation.
+ Note that we do not get called for a match_fail, making it hard to log
+ a single bad ALPN being offered (the common case). */
+ {
+ gstring * g = NULL;
+
+ DEBUG(D_tls) debug_printf("Seen ALPN extension from client (s=%u):", size);
+ for (const uschar * s = data+2; s-data < size-1; s += *s + 1)
+ {
+ server_seen_alpn++;
+ g = string_append_listele_n(g, ':', s+1, *s);
+ DEBUG(D_tls) debug_printf(" '%.*s'", (int)*s, s+1);
+ }
+ DEBUG(D_tls) debug_printf("\n");
+ if (server_seen_alpn > 1)
+ {
+ log_write(0, LOG_MAIN, "TLS ALPN (%Y) rejected", g);
+ DEBUG(D_tls) debug_printf("TLS: too many ALPNs presented in handshake\n");
+ return GNUTLS_E_NO_APPLICATION_PROTOCOL;
+ }
+ break;
+ }
+#endif
}
return 0;
}
unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
{
/* Call fn for each extension seen. 3.6.3 onwards */
-return gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg,
+int rc = gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg,
GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO);
+return rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE ? 0 : rc;
}
+# ifdef notdef_crashes
/* Make a note that we saw a status-response */
static int
tls_server_servercerts_ext(void * ctx, unsigned tls_id,
}
return 0;
}
+# endif
/* Callback for certificates packet, on server, if we think we might serve stapled-OCSP */
static int
unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
{
/* Call fn for each extension seen. 3.6.3 onwards */
-#ifdef notdef
-/*XXX crashes */
+# ifdef notdef_crashes
+ /*XXX crashes */
return gnutls_ext_raw_parse(NULL, tls_server_servercerts_ext, msg, 0);
-#endif
+# else
+return GNUTLS_E_SUCCESS;
+# endif
}
-#endif
+#endif /*SUPPORT_GNUTLS_EXT_RAW_PARSE*/
/*XXX in tls1.3 the cert-status travel as an extension next to the cert, in the
"Handshake Protocol: Certificate" record.
So we need to spot the Certificate handshake message, parse it and spot any status_request extension(s)
-This is different to tls1.2 - where it is a separate record (wireshake term) / handshake message (gnutls term).
+This is different to tls1.2 - where it is a separate record (wireshark term) / handshake message (gnutls term).
*/
-#if defined(EXPERIMENTAL_TLS_RESUME) || defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
+#if defined(EXIM_HAVE_TLS_RESUME) || defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
/* Callback for certificate-status, on server. We sent stapled OCSP. */
static int
tls_server_certstatus_cb(gnutls_session_t session, unsigned int htype,
unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
{
DEBUG(D_tls) debug_printf("Sending certificate-status\n"); /*XXX we get this for tls1.2 but not for 1.3 */
-#ifdef SUPPORT_SRV_OCSP_STACK
+# ifdef SUPPORT_SRV_OCSP_STACK
tls_in.ocsp = exim_testharness_disable_ocsp_validity_check
? OCSP_VFY_NOT_TRIED : OCSP_VFIED; /* We know that GnuTLS verifies responses */
-#else
+# else
tls_in.ocsp = OCSP_VFY_NOT_TRIED;
-#endif
+# endif
return 0;
}
# endif
case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
return tls_server_certstatus_cb(sess, htype, when, incoming, msg);
-# ifdef EXPERIMENTAL_TLS_RESUME
+# ifdef EXIM_HAVE_TLS_RESUME
case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
return tls_server_ticket_cb(sess, htype, when, incoming, msg);
# endif
default:
- return 0;
+ return GNUTLS_E_SUCCESS;
}
}
#endif
}
#endif
-/*************************************************
-* Variables re-expanded post-SNI *
-*************************************************/
-
-/* Called from both server and client code, via tls_init(), and also from
-the SNI callback after receiving an SNI, if tls_certificate includes "tls_sni".
-
-We can tell the two apart by state->received_sni being non-NULL in callback.
-
-The callback should not call us unless state->trigger_sni_changes is true,
-which we are responsible for setting on the first pass through.
-
-Arguments:
- state exim_gnutls_state_st *
- errstr error string pointer
-
-Returns: OK/DEFER/FAIL
-*/
+/**************************************************
+* One-time init credentials for server and client *
+**************************************************/
-static int
-tls_expand_session_files(exim_gnutls_state_st * state, uschar ** errstr)
+static void
+creds_basic_init(gnutls_certificate_credentials_t x509_cred, BOOL server)
{
-struct stat statbuf;
-int rc;
-const host_item *host = state->host; /* macro should be reconsidered? */
-uschar *saved_tls_certificate = NULL;
-uschar *saved_tls_privatekey = NULL;
-uschar *saved_tls_verify_certificates = NULL;
-uschar *saved_tls_crl = NULL;
-int cert_count;
-
-/* We check for tls_sni *before* expansion. */
-if (!host) /* server */
- if (!state->received_sni)
- {
- if ( state->tls_certificate
- && ( Ustrstr(state->tls_certificate, US"tls_sni")
- || Ustrstr(state->tls_certificate, US"tls_in_sni")
- || Ustrstr(state->tls_certificate, US"tls_out_sni")
- ) )
- {
- DEBUG(D_tls) debug_printf("We will re-expand TLS session files if we receive SNI.\n");
- state->trigger_sni_changes = TRUE;
- }
- }
- else
- {
- /* useful for debugging */
- saved_tls_certificate = state->exp_tls_certificate;
- saved_tls_privatekey = state->exp_tls_privatekey;
- saved_tls_verify_certificates = state->exp_tls_verify_certificates;
- saved_tls_crl = state->exp_tls_crl;
- }
-
-if ((rc = gnutls_certificate_allocate_credentials(&state->x509_cred)))
- return tls_error_gnu(US"gnutls_certificate_allocate_credentials",
- rc, host, errstr);
-
#ifdef SUPPORT_SRV_OCSP_STACK
-gnutls_certificate_set_flags(state->x509_cred, GNUTLS_CERTIFICATE_API_V2);
+gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_API_V2);
# if !defined(DISABLE_OCSP) && defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
-if (!host && tls_ocsp_file)
+if (server && tls_ocsp_file)
{
if (f.running_in_test_harness)
tls_server_testharness_ocsp_fiddle();
if (exim_testharness_disable_ocsp_validity_check)
- gnutls_certificate_set_flags(state->x509_cred,
+ gnutls_certificate_set_flags(x509_cred,
GNUTLS_CERTIFICATE_API_V2 | GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK);
}
# endif
#endif
+DEBUG(D_tls)
+ debug_printf("TLS: basic cred init, %s\n", server ? "server" : "client");
+}
-/* remember: expand_check_tlsvar() is expand_check() but fiddling with
-state members, assuming consistent naming; and expand_check() returns
-false if expansion failed, unless expansion was forced to fail. */
-
-/* check if we at least have a certificate, before doing expensive
-D-H generation. */
+/* Returns OK/DEFER/FAIL */
+static int
+creds_load_server_certs(exim_gnutls_state_st * state, const uschar * cert,
+ const uschar * pkey, const uschar * ocsp, uschar ** errstr)
+{
+const uschar * clist = cert;
+const uschar * klist = pkey;
+const uschar * olist;
+int csep = 0, ksep = 0, osep = 0, cnt = 0, rc;
+uschar * cfile, * kfile, * ofile;
+#ifndef DISABLE_OCSP
+# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
+gnutls_x509_crt_fmt_t ocsp_fmt = GNUTLS_X509_FMT_DER;
+# endif
-if (!expand_check_tlsvar(tls_certificate, errstr))
+if (!expand_check(ocsp, US"tls_ocsp_file", &ofile, errstr))
return DEFER;
+olist = ofile;
+#endif
-/* certificate is mandatory in server, optional in client */
+while (cfile = string_nextinlist(&clist, &csep, NULL, 0))
-if ( !state->exp_tls_certificate
- || !*state->exp_tls_certificate
- )
- if (!host)
- return tls_install_selfsign(state, errstr);
+ if (!(kfile = string_nextinlist(&klist, &ksep, NULL, 0)))
+ return tls_error(US"cert/key setup: out of keys", NULL, NULL, errstr);
+ else if ((rc = tls_add_certfile(state, NULL, cfile, kfile, errstr)) > OK)
+ return rc;
else
- DEBUG(D_tls) debug_printf("TLS: no client certificate specified; okay\n");
+ {
+ int gnutls_cert_index = -rc;
+ DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n",
+ gnutls_cert_index, cfile);
-if (state->tls_privatekey && !expand_check_tlsvar(tls_privatekey, errstr))
- return DEFER;
+#ifndef DISABLE_OCSP
+ if (ocsp)
+ {
+ /* Set the OCSP stapling server info */
+ if (gnutls_buggy_ocsp)
+ {
+ DEBUG(D_tls)
+ debug_printf("GnuTLS library is buggy for OCSP; avoiding\n");
+ }
+ else if ((ofile = string_nextinlist(&olist, &osep, NULL, 0)))
+ {
+ DEBUG(D_tls) debug_printf("OCSP response file %d = %s\n",
+ gnutls_cert_index, ofile);
+# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
+ if (Ustrncmp(ofile, US"PEM ", 4) == 0)
+ {
+ ocsp_fmt = GNUTLS_X509_FMT_PEM;
+ ofile += 4;
+ }
+ else if (Ustrncmp(ofile, US"DER ", 4) == 0)
+ {
+ ocsp_fmt = GNUTLS_X509_FMT_DER;
+ ofile += 4;
+ }
-/* tls_privatekey is optional, defaulting to same file as certificate */
+ if ((rc = gnutls_certificate_set_ocsp_status_request_file2(
+ state->lib_state.x509_cred, CCS ofile, gnutls_cert_index,
+ ocsp_fmt)) < 0)
+ return tls_error_gnu(state,
+ US"gnutls_certificate_set_ocsp_status_request_file2",
+ rc, errstr);
+ DEBUG(D_tls)
+ debug_printf(" %d response%s loaded\n", rc, rc>1 ? "s":"");
-if (!state->tls_privatekey || !*state->tls_privatekey)
- {
- state->tls_privatekey = state->tls_certificate;
- state->exp_tls_privatekey = state->exp_tls_certificate;
- }
+ /* Arrange callbacks for OCSP request observability */
+ if (state->session)
+ gnutls_handshake_set_hook_function(state->session,
+ GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb);
+ else
+ state->lib_state.ocsp_hook = TRUE;
-if (state->exp_tls_certificate && *state->exp_tls_certificate)
- {
- DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
- state->exp_tls_certificate, state->exp_tls_privatekey);
- if (state->received_sni)
- if ( Ustrcmp(state->exp_tls_certificate, saved_tls_certificate) == 0
- && Ustrcmp(state->exp_tls_privatekey, saved_tls_privatekey) == 0
- )
- {
- DEBUG(D_tls) debug_printf("TLS SNI: cert and key unchanged\n");
- }
- else
- {
- DEBUG(D_tls) debug_printf("TLS SNI: have a changed cert/key pair.\n");
+# else
+# if defined(SUPPORT_SRV_OCSP_STACK)
+ if ((rc = gnutls_certificate_set_ocsp_status_request_function2(
+ state->lib_state.x509_cred, gnutls_cert_index,
+ server_ocsp_stapling_cb, ofile)))
+ return tls_error_gnu(state,
+ US"gnutls_certificate_set_ocsp_status_request_function2",
+ rc, errstr);
+ else
+# endif
+ {
+ if (cnt++ > 0)
+ {
+ DEBUG(D_tls)
+ debug_printf("oops; multiple OCSP files not supported\n");
+ break;
+ }
+ gnutls_certificate_set_ocsp_status_request_function(
+ state->lib_state.x509_cred, server_ocsp_stapling_cb, ofile);
+ }
+# endif /* SUPPORT_GNUTLS_EXT_RAW_PARSE */
+ }
+ else
+ DEBUG(D_tls) debug_printf("ran out of OCSP response files in list\n");
}
+#endif /* DISABLE_OCSP */
+ }
+return OK;
+}
- if (!host) /* server */
+static int
+creds_load_client_certs(exim_gnutls_state_st * state, const host_item * host,
+ const uschar * cert, const uschar * pkey, uschar ** errstr)
+{
+int rc = tls_add_certfile(state, host, cert, pkey, errstr);
+if (rc > 0) return rc;
+DEBUG(D_tls) debug_printf("TLS: cert/key registered\n");
+return OK;
+}
+
+static int
+creds_load_cabundle(exim_gnutls_state_st * state, const uschar * bundle,
+ const host_item * host, uschar ** errstr)
+{
+int cert_count;
+struct stat statbuf;
+
+#ifdef SUPPORT_SYSDEFAULT_CABUNDLE
+if (Ustrcmp(bundle, "system") == 0 || Ustrncmp(bundle, "system,", 7) == 0)
+ cert_count = gnutls_certificate_set_x509_system_trust(state->lib_state.x509_cred);
+else
+#endif
+ {
+ if (Ustat(bundle, &statbuf) < 0)
{
- const uschar * clist = state->exp_tls_certificate;
- const uschar * klist = state->exp_tls_privatekey;
- const uschar * olist;
- int csep = 0, ksep = 0, osep = 0, cnt = 0;
- uschar * cfile, * kfile, * ofile;
-#ifndef DISABLE_OCSP
-# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
- gnutls_x509_crt_fmt_t ocsp_fmt = GNUTLS_X509_FMT_DER;
-# endif
+ log_write(0, LOG_MAIN|LOG_PANIC, "could not stat '%s' "
+ "(tls_verify_certificates): %s", bundle, strerror(errno));
+ return DEFER;
+ }
- if (!expand_check(tls_ocsp_file, US"tls_ocsp_file", &ofile, errstr))
- return DEFER;
- olist = ofile;
+#ifndef SUPPORT_CA_DIR
+ /* The test suite passes in /dev/null; we could check for that path explicitly,
+ but who knows if someone has some weird FIFO which always dumps some certs, or
+ other weirdness. The thing we really want to check is that it's not a
+ directory, since while OpenSSL supports that, GnuTLS does not.
+ So s/!S_ISREG/S_ISDIR/ and change some messaging ... */
+ if (S_ISDIR(statbuf.st_mode))
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "tls_verify_certificates \"%s\" is a directory", bundle);
+ return DEFER;
+ }
#endif
- while (cfile = string_nextinlist(&clist, &csep, NULL, 0))
+ DEBUG(D_tls) debug_printf("verify certificates = %s size=" OFF_T_FMT "\n",
+ bundle, statbuf.st_size);
- if (!(kfile = string_nextinlist(&klist, &ksep, NULL, 0)))
- return tls_error(US"cert/key setup: out of keys", NULL, host, errstr);
- else if (0 < (rc = tls_add_certfile(state, host, cfile, kfile, errstr)))
- return rc;
- else
- {
- int gnutls_cert_index = -rc;
- DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n",
- gnutls_cert_index, cfile);
+ if (statbuf.st_size == 0)
+ {
+ DEBUG(D_tls)
+ debug_printf("cert file empty, no certs, no verification, ignoring any CRL\n");
+ return OK;
+ }
-#ifndef DISABLE_OCSP
- if (tls_ocsp_file)
- {
- /* Set the OCSP stapling server info */
- if (gnutls_buggy_ocsp)
- {
- DEBUG(D_tls)
- debug_printf("GnuTLS library is buggy for OCSP; avoiding\n");
- }
- else if ((ofile = string_nextinlist(&olist, &osep, NULL, 0)))
- {
- DEBUG(D_tls) debug_printf("OCSP response file %d = %s\n",
- gnutls_cert_index, ofile);
-# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
- if (Ustrncmp(ofile, US"PEM ", 4) == 0)
- {
- ocsp_fmt = GNUTLS_X509_FMT_PEM;
- ofile += 4;
- }
- else if (Ustrncmp(ofile, US"DER ", 4) == 0)
- {
- ocsp_fmt = GNUTLS_X509_FMT_DER;
- ofile += 4;
- }
-
- if ((rc = gnutls_certificate_set_ocsp_status_request_file2(
- state->x509_cred, CCS ofile, gnutls_cert_index,
- ocsp_fmt)) < 0)
- return tls_error_gnu(
- US"gnutls_certificate_set_ocsp_status_request_file2",
- rc, host, errstr);
- DEBUG(D_tls)
- debug_printf(" %d response%s loaded\n", rc, rc>1 ? "s":"");
+ cert_count =
+
+#ifdef SUPPORT_CA_DIR
+ (statbuf.st_mode & S_IFMT) == S_IFDIR
+ ?
+ gnutls_certificate_set_x509_trust_dir(state->lib_state.x509_cred,
+ CS bundle, GNUTLS_X509_FMT_PEM)
+ :
+#endif
+ gnutls_certificate_set_x509_trust_file(state->lib_state.x509_cred,
+ CS bundle, GNUTLS_X509_FMT_PEM);
+
+#ifdef SUPPORT_CA_DIR
+ /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list
+ when using the directory-of-certs config model. */
+
+ if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
+ if (state->session)
+ gnutls_certificate_send_x509_rdn_sequence(state->session, 1);
+ else
+ state->lib_state.ca_rdn_emulate = TRUE;
+#endif
+ }
+
+if (cert_count < 0)
+ return tls_error_gnu(state, US"setting certificate trust", cert_count, errstr);
+DEBUG(D_tls)
+ debug_printf("Added %d certificate authorities\n", cert_count);
- /* Arrange callbacks for OCSP request observability */
+return OK;
+}
- gnutls_handshake_set_hook_function(state->session,
- GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb);
+static int
+creds_load_crl(exim_gnutls_state_st * state, const uschar * crl, uschar ** errstr)
+{
+int cert_count;
+DEBUG(D_tls) debug_printf("loading CRL file = %s\n", crl);
+if ((cert_count = gnutls_certificate_set_x509_crl_file(state->lib_state.x509_cred,
+ CS crl, GNUTLS_X509_FMT_PEM)) < 0)
+ return tls_error_gnu(state, US"gnutls_certificate_set_x509_crl_file",
+ cert_count, errstr);
+
+DEBUG(D_tls) debug_printf("Processed %d CRLs\n", cert_count);
+return OK;
+}
+
+
+static int
+creds_load_pristring(exim_gnutls_state_st * state, const uschar * p,
+ const char ** errpos)
+{
+if (!p)
+ {
+ p = exim_default_gnutls_priority;
+ DEBUG(D_tls)
+ debug_printf("GnuTLS using default session cipher/priority \"%s\"\n", p);
+ }
+return gnutls_priority_init( (gnutls_priority_t *) &state->lib_state.pri_cache,
+ CCS p, errpos);
+}
+
+static unsigned
+tls_server_creds_init(void)
+{
+uschar * dummy_errstr;
+unsigned lifetime = 0;
+
+state_server.lib_state = null_tls_preload;
+if (gnutls_certificate_allocate_credentials(
+ (gnutls_certificate_credentials_t *) &state_server.lib_state.x509_cred))
+ {
+ state_server.lib_state.x509_cred = NULL;
+ return lifetime;
+ }
+creds_basic_init(state_server.lib_state.x509_cred, TRUE);
+
+#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
+/* If tls_certificate has any $ indicating expansions, it is not good.
+If tls_privatekey is set but has $, not good. Likewise for tls_ocsp_file.
+If all good (and tls_certificate set), load the cert(s). */
+
+if ( opt_set_and_noexpand(tls_certificate)
+# ifndef DISABLE_OCSP
+ && opt_unset_or_noexpand(tls_ocsp_file)
+# endif
+ && opt_unset_or_noexpand(tls_privatekey))
+ {
+ /* Set watches on the filenames. The implementation does de-duplication
+ so we can just blindly do them all.
+ */
+
+ if ( tls_set_watch(tls_certificate, TRUE)
+# ifndef DISABLE_OCSP
+ && tls_set_watch(tls_ocsp_file, TRUE)
+# endif
+ && tls_set_watch(tls_privatekey, TRUE))
+ {
+ DEBUG(D_tls) debug_printf("TLS: preloading server certs\n");
+ if (creds_load_server_certs(&state_server, tls_certificate,
+ tls_privatekey && *tls_privatekey ? tls_privatekey : tls_certificate,
+# ifdef DISABLE_OCSP
+ NULL,
# else
-# if defined(SUPPORT_SRV_OCSP_STACK)
- if ((rc = gnutls_certificate_set_ocsp_status_request_function2(
- state->x509_cred, gnutls_cert_index,
- server_ocsp_stapling_cb, ofile)))
- return tls_error_gnu(
- US"gnutls_certificate_set_ocsp_status_request_function2",
- rc, host, errstr);
- else
-# endif
- {
- if (cnt++ > 0)
- {
- DEBUG(D_tls)
- debug_printf("oops; multiple OCSP files not supported\n");
- break;
- }
- gnutls_certificate_set_ocsp_status_request_function(
- state->x509_cred, server_ocsp_stapling_cb, ofile);
- }
-# endif /* SUPPORT_GNUTLS_EXT_RAW_PARSE */
- }
- else
- DEBUG(D_tls) debug_printf("ran out of OCSP response files in list\n");
- }
-#endif /* DISABLE_OCSP */
- }
+ tls_ocsp_file,
+# endif
+ &dummy_errstr) == 0)
+ state_server.lib_state.conn_certs = TRUE;
}
- else /* client */
+ }
+else if ( !tls_certificate && !tls_privatekey
+# ifndef DISABLE_OCSP
+ && !tls_ocsp_file
+# endif
+ )
+ { /* Generate & preload a selfsigned cert. No files to watch. */
+ if ((tls_install_selfsign(&state_server, &dummy_errstr)) == OK)
{
- if (0 < (rc = tls_add_certfile(state, host,
- state->exp_tls_certificate, state->exp_tls_privatekey, errstr)))
- return rc;
- DEBUG(D_tls) debug_printf("TLS: cert/key registered\n");
+ state_server.lib_state.conn_certs = TRUE;
+ lifetime = f.running_in_test_harness ? 2 : 60 * 60; /* 1 hour */
}
+ }
+else
+ DEBUG(D_tls) debug_printf("TLS: not preloading server certs\n");
- } /* tls_certificate */
+/* If tls_verify_certificates is non-empty and has no $, load CAs.
+If none was configured and we can't handle "system", treat as empty. */
+if ( opt_set_and_noexpand(tls_verify_certificates)
+#ifndef SUPPORT_SYSDEFAULT_CABUNDLE
+ && Ustrcmp(tls_verify_certificates, "system") != 0
+#endif
+ )
+ {
+ if (tls_set_watch(tls_verify_certificates, FALSE))
+ {
+ DEBUG(D_tls) debug_printf("TLS: preloading CA bundle for server\n");
+ if (creds_load_cabundle(&state_server, tls_verify_certificates,
+ NULL, &dummy_errstr) != OK)
+ return lifetime;
+ state_server.lib_state.cabundle = TRUE;
-/* Set the trusted CAs file if one is provided, and then add the CRL if one is
-provided. Experiment shows that, if the certificate file is empty, an unhelpful
-error message is provided. However, if we just refrain from setting anything up
-in that case, certificate verification fails, which seems to be the correct
-behaviour. */
+ /* If CAs loaded and tls_crl is non-empty and has no $, load it */
-if (state->tls_verify_certificates && *state->tls_verify_certificates)
+ if (opt_set_and_noexpand(tls_crl))
+ {
+ if (tls_set_watch(tls_crl, FALSE))
+ {
+ DEBUG(D_tls) debug_printf("TLS: preloading CRL for server\n");
+ if (creds_load_crl(&state_server, tls_crl, &dummy_errstr) != OK)
+ return lifetime;
+ state_server.lib_state.crl = TRUE;
+ }
+ }
+ else
+ DEBUG(D_tls) debug_printf("TLS: not preloading CRL for server\n");
+ }
+ }
+else
+ DEBUG(D_tls) debug_printf("TLS: not preloading CA bundle for server\n");
+#endif /* EXIM_HAVE_INOTIFY */
+
+/* If tls_require_ciphers is non-empty and has no $, load the
+ciphers priority cache. If unset, load with the default.
+(server-only as the client one depends on non/DANE) */
+
+if (!tls_require_ciphers || opt_set_and_noexpand(tls_require_ciphers))
{
- if (!expand_check_tlsvar(tls_verify_certificates, errstr))
- return DEFER;
-#ifndef SUPPORT_SYSDEFAULT_CABUNDLE
- if (Ustrcmp(state->exp_tls_verify_certificates, "system") == 0)
- state->exp_tls_verify_certificates = NULL;
-#endif
- if (state->tls_crl && *state->tls_crl)
- if (!expand_check_tlsvar(tls_crl, errstr))
- return DEFER;
+ const char * dummy_errpos;
+ DEBUG(D_tls) debug_printf("TLS: preloading cipher list for server: %s\n",
+ tls_require_ciphers);
+ if ( creds_load_pristring(&state_server, tls_require_ciphers, &dummy_errpos)
+ == OK)
+ state_server.lib_state.pri_string = TRUE;
+ }
+else
+ DEBUG(D_tls) debug_printf("TLS: not preloading cipher list for server\n");
+return lifetime;
+}
+
+
+/* Preload whatever creds are static, onto a transport. The client can then
+just copy the pointer as it starts up. */
+
+/*XXX this is not called for a cmdline send. But one needing to use >1 conn would benefit,
+and there seems little downside. */
- if (!(state->exp_tls_verify_certificates &&
- *state->exp_tls_verify_certificates))
+static void
+tls_client_creds_init(transport_instance * t, BOOL watch)
+{
+smtp_transport_options_block * ob = t->drinst.options_block;
+const uschar * trname = t->drinst.name;
+exim_gnutls_state_st tpt_dummy_state;
+host_item * dummy_host = (host_item *)1;
+uschar * dummy_errstr;
+
+if ( !exim_gnutls_base_init_done
+ && tls_g_init(&dummy_errstr) != OK)
+ return;
+
+ob->tls_preload = null_tls_preload;
+if (gnutls_certificate_allocate_credentials(
+ (struct gnutls_certificate_credentials_st **)&ob->tls_preload.x509_cred))
+ {
+ ob->tls_preload.x509_cred = NULL;
+ return;
+ }
+creds_basic_init(ob->tls_preload.x509_cred, FALSE);
+
+tpt_dummy_state.session = NULL;
+tpt_dummy_state.lib_state = ob->tls_preload;
+
+#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
+if ( opt_set_and_noexpand(ob->tls_certificate)
+ && opt_unset_or_noexpand(ob->tls_privatekey))
+ {
+ if ( !watch
+ || ( tls_set_watch(ob->tls_certificate, FALSE)
+ && tls_set_watch(ob->tls_privatekey, FALSE)
+ ) )
{
+ const uschar * pkey = ob->tls_privatekey;
+
DEBUG(D_tls)
- debug_printf("TLS: tls_verify_certificates expanded empty, ignoring\n");
- /* With no tls_verify_certificates, we ignore tls_crl too */
- return OK;
+ debug_printf("TLS: preloading client certs for transport '%s'\n", trname);
+
+ /* The state->lib_state.x509_cred is used for the certs load, and is the sole
+ structure element used. So we can set up a dummy. The hoat arg only
+ selects a retcode in case of fail, so any value */
+
+ if (creds_load_client_certs(&tpt_dummy_state, dummy_host,
+ ob->tls_certificate, pkey ? pkey : ob->tls_certificate,
+ &dummy_errstr) == OK)
+ ob->tls_preload.conn_certs = TRUE;
}
}
else
- {
DEBUG(D_tls)
- debug_printf("TLS: tls_verify_certificates not set or empty, ignoring\n");
- return OK;
- }
+ debug_printf("TLS: not preloading client certs, for transport '%s'\n", trname);
-#ifdef SUPPORT_SYSDEFAULT_CABUNDLE
-if (Ustrcmp(state->exp_tls_verify_certificates, "system") == 0)
- cert_count = gnutls_certificate_set_x509_system_trust(state->x509_cred);
+/* If tls_verify_certificates is non-empty and has no $, load CAs.
+If none was configured and we can't handle "system", treat as empty. */
+
+if ( opt_set_and_noexpand(ob->tls_verify_certificates)
+#ifndef SUPPORT_SYSDEFAULT_CABUNDLE
+ && Ustrcmp(ob->tls_verify_certificates, "system") != 0
+#endif
+ )
+ {
+ if (!watch || tls_set_watch(ob->tls_verify_certificates, FALSE))
+ {
+ DEBUG(D_tls)
+ debug_printf("TLS: preloading CA bundle for transport '%s'\n", trname);
+ if (creds_load_cabundle(&tpt_dummy_state, ob->tls_verify_certificates,
+ dummy_host, &dummy_errstr) != OK)
+ return;
+ ob->tls_preload.cabundle = TRUE;
+
+ if (opt_set_and_noexpand(ob->tls_crl))
+ {
+ if (!watch || tls_set_watch(ob->tls_crl, FALSE))
+ {
+ DEBUG(D_tls) debug_printf("TLS: preloading CRL for transport '%s'\n", trname);
+ if (creds_load_crl(&tpt_dummy_state, ob->tls_crl, &dummy_errstr) != OK)
+ return;
+ ob->tls_preload.crl = TRUE;
+ }
+ }
+ else
+ DEBUG(D_tls) debug_printf("TLS: not preloading CRL, for transport '%s'\n", trname);
+ }
+ }
else
+ DEBUG(D_tls)
+ debug_printf("TLS: not preloading CA bundle, for transport '%s'\n", trname);
+
+/* We do not preload tls_require_ciphers to to the transport as it implicitly
+depends on DANE or plain usage. */
+
+#endif
+}
+
+
+#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
+/* Invalidate the creds cached, by dropping the current ones.
+Call when we notice one of the source files has changed. */
+
+static void
+tls_server_creds_invalidate(void)
+{
+if (state_server.lib_state.pri_cache)
+ gnutls_priority_deinit(state_server.lib_state.pri_cache);
+state_server.lib_state.pri_cache = NULL;
+
+if (state_server.lib_state.x509_cred)
+ gnutls_certificate_free_credentials(state_server.lib_state.x509_cred);
+state_server.lib_state = null_tls_preload;
+}
+
+
+static void
+tls_client_creds_invalidate(transport_instance * t)
+{
+smtp_transport_options_block * ob = t->drinst.options_block;
+if (ob->tls_preload.x509_cred)
+ gnutls_certificate_free_credentials(ob->tls_preload.x509_cred);
+ob->tls_preload = null_tls_preload;
+}
#endif
+
+
+/*************************************************
+* Variables re-expanded post-SNI *
+*************************************************/
+
+/* Called from both server and client code, via tls_init(), and also from
+the SNI callback after receiving an SNI, if tls_certificate includes "tls_sni".
+
+We can tell the two apart by state->received_sni being non-NULL in callback.
+
+The callback should not call us unless state->trigger_sni_changes is true,
+which we are responsible for setting on the first pass through.
+
+Arguments:
+ state exim_gnutls_state_st *
+ errstr error string pointer
+
+Returns: OK/DEFER/FAIL
+*/
+
+static int
+tls_expand_session_files(exim_gnutls_state_st * state, uschar ** errstr)
+{
+int rc;
+const host_item *host = state->host; /* macro should be reconsidered? */
+const uschar *saved_tls_certificate = NULL;
+const uschar *saved_tls_privatekey = NULL;
+const uschar *saved_tls_verify_certificates = NULL;
+const uschar *saved_tls_crl = NULL;
+int cert_count;
+
+/* We check for tls_sni *before* expansion. */
+if (!host) /* server */
+ if (!state->received_sni)
+ {
+ if ( state->tls_certificate
+ && ( Ustrstr(state->tls_certificate, US"tls_sni")
+ || Ustrstr(state->tls_certificate, US"tls_in_sni")
+ || Ustrstr(state->tls_certificate, US"tls_out_sni")
+ ) )
+ {
+ DEBUG(D_tls) debug_printf("We will re-expand TLS session files if we receive SNI\n");
+ state->trigger_sni_changes = TRUE;
+ }
+ }
+ else /* SNI callback case */
+ {
+ /* useful for debugging */
+ saved_tls_certificate = state->exp_tls_certificate;
+ saved_tls_privatekey = state->exp_tls_privatekey;
+ saved_tls_verify_certificates = state->exp_tls_verify_certificates;
+ saved_tls_crl = state->exp_tls_crl;
+ }
+
+if (!state->lib_state.x509_cred)
{
- if (Ustat(state->exp_tls_verify_certificates, &statbuf) < 0)
+ if ((rc = gnutls_certificate_allocate_credentials(
+ (gnutls_certificate_credentials_t *) &state->lib_state.x509_cred)))
+ return tls_error_gnu(state, US"gnutls_certificate_allocate_credentials",
+ rc, errstr);
+ creds_basic_init(state->lib_state.x509_cred, !host);
+ }
+
+
+/* remember: Expand_check_tlsvar() is expand_check() but fiddling with
+state members, assuming consistent naming; and expand_check() returns
+false if expansion failed, unless expansion was forced to fail. */
+
+/* check if we at least have a certificate, before doing expensive
+D-H generation. */
+
+if (!state->lib_state.conn_certs)
+ {
+ if ( !Expand_check_tlsvar(tls_certificate, errstr)
+ || f.expand_string_forcedfail)
{
- log_write(0, LOG_MAIN|LOG_PANIC, "could not stat '%s' "
- "(tls_verify_certificates): %s", state->exp_tls_verify_certificates,
- strerror(errno));
+ if (f.expand_string_forcedfail)
+ *errstr = US"expansion of tls_certificate failed";
return DEFER;
}
-#ifndef SUPPORT_CA_DIR
- /* The test suite passes in /dev/null; we could check for that path explicitly,
- but who knows if someone has some weird FIFO which always dumps some certs, or
- other weirdness. The thing we really want to check is that it's not a
- directory, since while OpenSSL supports that, GnuTLS does not.
- So s/!S_ISREG/S_ISDIR/ and change some messaging ... */
- if (S_ISDIR(statbuf.st_mode))
+ /* certificate is mandatory in server, optional in client */
+
+ if ( !state->exp_tls_certificate
+ || !*state->exp_tls_certificate
+ )
+ if (!host)
+ return tls_install_selfsign(state, errstr);
+ else
+ DEBUG(D_tls) debug_printf("TLS: no client certificate specified; okay\n");
+
+ if ( state->tls_privatekey && !Expand_check_tlsvar(tls_privatekey, errstr)
+ || f.expand_string_forcedfail
+ )
{
- DEBUG(D_tls)
- debug_printf("verify certificates path is a dir: \"%s\"\n",
- state->exp_tls_verify_certificates);
- log_write(0, LOG_MAIN|LOG_PANIC,
- "tls_verify_certificates \"%s\" is a directory",
- state->exp_tls_verify_certificates);
+ if (f.expand_string_forcedfail)
+ *errstr = US"expansion of tls_privatekey failed";
return DEFER;
}
+
+ /* tls_privatekey is optional, defaulting to same file as certificate */
+
+ if (!state->tls_privatekey || !*state->tls_privatekey)
+ {
+ state->tls_privatekey = state->tls_certificate;
+ state->exp_tls_privatekey = state->exp_tls_certificate;
+ }
+
+ if (state->exp_tls_certificate && *state->exp_tls_certificate)
+ {
+ BOOL load = TRUE;
+ DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
+ state->exp_tls_certificate, state->exp_tls_privatekey);
+
+ if (state->received_sni)
+ if ( Ustrcmp(state->exp_tls_certificate, saved_tls_certificate) == 0
+ && Ustrcmp(state->exp_tls_privatekey, saved_tls_privatekey) == 0
+ )
+ {
+ DEBUG(D_tls) debug_printf("TLS SNI: cert and key unchanged\n");
+ load = FALSE; /* avoid re-loading the same certs */
+ }
+ else /* unload the pre-SNI certs before loading new ones */
+ {
+ DEBUG(D_tls) debug_printf("TLS SNI: have a changed cert/key pair\n");
+ gnutls_certificate_free_keys(state->lib_state.x509_cred);
+ }
+
+ if ( load
+ && (rc = host
+ ? creds_load_client_certs(state, host, state->exp_tls_certificate,
+ state->exp_tls_privatekey, errstr)
+ : creds_load_server_certs(state, state->exp_tls_certificate,
+ state->exp_tls_privatekey,
+#ifdef DISABLE_OCSP
+ NULL,
+#else
+ tls_ocsp_file,
+#endif
+ errstr)
+ ) )
+ {
+ DEBUG(D_tls) debug_printf("load-cert: '%s'\n", *errstr);
+ return rc;
+ }
+ }
+ }
+else
+ {
+ DEBUG(D_tls)
+ debug_printf("%s certs were preloaded\n", host ? "client" : "server");
+
+ if (!state->tls_privatekey) state->tls_privatekey = state->tls_certificate;
+ state->exp_tls_certificate = US state->tls_certificate;
+ state->exp_tls_privatekey = US state->tls_privatekey;
+
+#ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
+ if (state->lib_state.ocsp_hook)
+ gnutls_handshake_set_hook_function(state->session,
+ GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb);
#endif
+ }
- DEBUG(D_tls) debug_printf("verify certificates = %s size=" OFF_T_FMT "\n",
- state->exp_tls_verify_certificates, statbuf.st_size);
- if (statbuf.st_size == 0)
+/* Set the trusted CAs file if one is provided, and then add the CRL if one is
+provided. Experiment shows that, if the certificate file is empty, an unhelpful
+error message is provided. However, if we just refrain from setting anything up
+in that case, certificate verification fails, which seems to be the correct
+behaviour.
+If none was configured and we can't handle "system", treat as empty. */
+
+if (!state->lib_state.cabundle)
+ {
+ if (state->tls_verify_certificates && *state->tls_verify_certificates)
+ {
+ if (!Expand_check_tlsvar(tls_verify_certificates, errstr))
+ return DEFER;
+#ifndef SUPPORT_SYSDEFAULT_CABUNDLE
+ if (Ustrcmp(state->exp_tls_verify_certificates, "system") == 0)
+ state->exp_tls_verify_certificates = NULL;
+#endif
+ if (state->tls_crl && *state->tls_crl)
+ if (!Expand_check_tlsvar(tls_crl, errstr))
+ return DEFER;
+
+ if (!(state->exp_tls_verify_certificates &&
+ *state->exp_tls_verify_certificates))
+ {
+ DEBUG(D_tls)
+ debug_printf("TLS: tls_verify_certificates expanded empty, ignoring\n");
+ /* With no tls_verify_certificates, we ignore tls_crl too */
+ return OK;
+ }
+ }
+ else
{
DEBUG(D_tls)
- debug_printf("cert file empty, no certs, no verification, ignoring any CRL\n");
+ debug_printf("TLS: tls_verify_certificates not set or empty, ignoring\n");
return OK;
}
-
- cert_count =
-
-#ifdef SUPPORT_CA_DIR
- (statbuf.st_mode & S_IFMT) == S_IFDIR
- ?
- gnutls_certificate_set_x509_trust_dir(state->x509_cred,
- CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM)
- :
-#endif
- gnutls_certificate_set_x509_trust_file(state->x509_cred,
- CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM);
+ rc = creds_load_cabundle(state, state->exp_tls_verify_certificates, host, errstr);
+ if (rc != OK) return rc;
+ }
+else
+ {
+ DEBUG(D_tls)
+ debug_printf("%s CA bundle was preloaded\n", host ? "client" : "server");
+ state->exp_tls_verify_certificates = US state->tls_verify_certificates;
#ifdef SUPPORT_CA_DIR
- /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list
- when using the directory-of-certs config model. */
-
- if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
- gnutls_certificate_send_x509_rdn_sequence(state->session, 1);
+/* Mimic the behaviour with OpenSSL of not advertising a usable-cert list
+when using the directory-of-certs config model. */
+ if (state->lib_state.ca_rdn_emulate)
+ gnutls_certificate_send_x509_rdn_sequence(state->session, 1);
#endif
}
-if (cert_count < 0)
- return tls_error_gnu(US"setting certificate trust", cert_count, host, errstr);
-DEBUG(D_tls)
- debug_printf("Added %d certificate authorities.\n", cert_count);
-if (state->tls_crl && *state->tls_crl &&
- state->exp_tls_crl && *state->exp_tls_crl)
+if (!state->lib_state.crl)
{
- DEBUG(D_tls) debug_printf("loading CRL file = %s\n", state->exp_tls_crl);
- if ((cert_count = gnutls_certificate_set_x509_crl_file(state->x509_cred,
- CS state->exp_tls_crl, GNUTLS_X509_FMT_PEM)) < 0)
- return tls_error_gnu(US"gnutls_certificate_set_x509_crl_file",
- cert_count, host, errstr);
-
- DEBUG(D_tls) debug_printf("Processed %d CRLs.\n", cert_count);
+ if ( state->tls_crl && *state->tls_crl
+ && state->exp_tls_crl && *state->exp_tls_crl)
+ return creds_load_crl(state, state->exp_tls_crl, errstr);
+ }
+else
+ {
+ DEBUG(D_tls)
+ debug_printf("%s CRL was preloaded\n", host ? "client" : "server");
+ state->exp_tls_crl = US state->tls_crl;
}
return OK;
*/
static int
-tls_set_remaining_x509(exim_gnutls_state_st *state, uschar ** errstr)
+tls_set_remaining_x509(exim_gnutls_state_st * state, uschar ** errstr)
{
-int rc;
-const host_item *host = state->host; /* macro should be reconsidered? */
+int rc = OK;
+const host_item * host = state->host; /* macro should be reconsidered? */
-#ifndef GNUTLS_AUTO_DHPARAMS
/* Create D-H parameters, or read them from the cache file. This function does
its own SMTP error messaging. This only happens for the server, TLS D-H ignores
client-side params. */
if (!state->host)
{
if (!dh_server_params)
- if ((rc = init_server_dh(errstr)) != OK) return rc;
+ if ((rc = init_server_dh(errstr)) == DEFER) return rc;
+
+ /* Unnecessary & discouraged with 3.6.0 or later, according to docs. But without it,
+ no DHE- ciphers are advertised. */
- /* Unnecessary & discouraged with 3.6.0 or later */
- gnutls_certificate_set_dh_params(state->x509_cred, dh_server_params);
+ if (rc == OK)
+ gnutls_certificate_set_dh_params(state->lib_state.x509_cred, dh_server_params);
}
-#endif
/* Link the credentials to the session. */
if ((rc = gnutls_credentials_set(state->session,
- GNUTLS_CRD_CERTIFICATE, state->x509_cred)))
- return tls_error_gnu(US"gnutls_credentials_set", rc, host, errstr);
+ GNUTLS_CRD_CERTIFICATE, state->lib_state.x509_cred)))
+ return tls_error_gnu(state, US"gnutls_credentials_set", rc, errstr);
return OK;
}
*************************************************/
-#ifndef DISABLE_OCSP
-
-static BOOL
-tls_is_buggy_ocsp(void)
-{
-const uschar * s;
-uschar maj, mid, mic;
-
-s = CUS gnutls_check_version(NULL);
-maj = atoi(CCS s);
-if (maj == 3)
- {
- while (*s && *s != '.') s++;
- mid = atoi(CCS ++s);
- if (mid <= 2)
- return TRUE;
- else if (mid >= 5)
- return FALSE;
- else
- {
- while (*s && *s != '.') s++;
- mic = atoi(CCS ++s);
- return mic <= (mid == 3 ? 16 : 3);
- }
- }
-return FALSE;
-}
-
-#endif
-
-
/* Called from both server and client code. In the case of a server, errors
before actual TLS negotiation return DEFER.
Arguments:
host connected host, if client; NULL if server
- certificate certificate file
- privatekey private key file
- sni TLS SNI to send, sometimes when client; else NULL
- cas CA certs file
- crl CRL file
+ ob tranport options block, if client; NULL if server
require_ciphers tls_require_ciphers setting
caller_state returned state-info structure
errstr error string pointer
static int
tls_init(
const host_item *host,
- const uschar *certificate,
- const uschar *privatekey,
- const uschar *sni,
- const uschar *cas,
- const uschar *crl,
- const uschar *require_ciphers,
+ smtp_transport_options_block * ob,
+ const uschar * require_ciphers,
exim_gnutls_state_st **caller_state,
tls_support * tlsp,
uschar ** errstr)
exim_gnutls_state_st * state;
int rc;
size_t sz;
-const char * errpos;
-const uschar * p;
-if (!exim_gnutls_base_init_done)
- {
- DEBUG(D_tls) debug_printf("GnuTLS global init required.\n");
-
-#if defined(HAVE_GNUTLS_PKCS11) && !defined(GNUTLS_AUTO_PKCS11_MANUAL)
- /* By default, gnutls_global_init will init PKCS11 support in auto mode,
- which loads modules from a config file, which sounds good and may be wanted
- by some sysadmin, but also means in common configurations that GNOME keyring
- environment variables are used and so breaks for users calling mailq.
- To prevent this, we init PKCS11 first, which is the documented approach. */
- if (!gnutls_allow_auto_pkcs11)
- if ((rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL)))
- return tls_error_gnu(US"gnutls_pkcs11_init", rc, host, errstr);
-#endif
-
-#ifndef GNUTLS_AUTO_GLOBAL_INIT
- if ((rc = gnutls_global_init()))
- return tls_error_gnu(US"gnutls_global_init", rc, host, errstr);
-#endif
-
-#if EXIM_GNUTLS_LIBRARY_LOG_LEVEL >= 0
- DEBUG(D_tls)
- {
- gnutls_global_set_log_function(exim_gnutls_logger_cb);
- /* arbitrarily chosen level; bump up to 9 for more */
- gnutls_global_set_log_level(EXIM_GNUTLS_LIBRARY_LOG_LEVEL);
- }
-#endif
-
-#ifndef DISABLE_OCSP
- if (tls_ocsp_file && (gnutls_buggy_ocsp = tls_is_buggy_ocsp()))
- log_write(0, LOG_MAIN, "OCSP unusable with this GnuTLS library version");
-#endif
-
- exim_gnutls_base_init_done = TRUE;
- }
+if ( !exim_gnutls_base_init_done
+ && (rc = tls_g_init(errstr)) != OK)
+ return rc;
if (host)
{
/* For client-side sessions we allocate a context. This lets us run
several in parallel. */
+
int old_pool = store_pool;
store_pool = POOL_PERM;
- state = store_get(sizeof(exim_gnutls_state_st), FALSE);
+ state = store_get(sizeof(exim_gnutls_state_st), GET_UNTAINTED);
store_pool = old_pool;
memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
+ state->lib_state = ob->tls_preload;
state->tlsp = tlsp;
DEBUG(D_tls) debug_printf("initialising GnuTLS client session\n");
rc = gnutls_init(&state->session, GNUTLS_CLIENT);
+
+ state->tls_certificate = ob->tls_certificate;
+ state->tls_privatekey = ob->tls_privatekey;
+ state->tls_sni = ob->tls_sni;
+ state->tls_verify_certificates = ob->tls_verify_certificates;
+ state->tls_crl = ob->tls_crl;
}
else
{
+ /* Server operations always use the one state_server context. It is not
+ shared because we have forked a fresh process for every receive. However it
+ can get re-used for successive TLS sessions on a single TCP connection. */
+
state = &state_server;
- memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
state->tlsp = tlsp;
DEBUG(D_tls) debug_printf("initialising GnuTLS server session\n");
rc = gnutls_init(&state->session, GNUTLS_SERVER);
+
+ state->tls_certificate = tls_certificate;
+ state->tls_privatekey = tls_privatekey;
+ state->tls_sni = NULL;
+ state->tls_verify_certificates = tls_verify_certificates;
+ state->tls_crl = tls_crl;
}
if (rc)
- return tls_error_gnu(US"gnutls_init", rc, host, errstr);
+ return tls_error_gnu(state, US"gnutls_init", rc, errstr);
+state->tls_require_ciphers = require_ciphers;
state->host = host;
-state->tls_certificate = certificate;
-state->tls_privatekey = privatekey;
-state->tls_require_ciphers = require_ciphers;
-state->tls_sni = sni;
-state->tls_verify_certificates = cas;
-state->tls_crl = crl;
-
/* This handles the variables that might get re-expanded after TLS SNI;
-that's tls_certificate, tls_privatekey, tls_verify_certificates, tls_crl */
+tls_certificate, tls_privatekey, tls_verify_certificates, tls_crl */
DEBUG(D_tls)
- debug_printf("Expanding various TLS configuration options for session credentials.\n");
+ debug_printf("Expanding various TLS configuration options for session credentials\n");
if ((rc = tls_expand_session_files(state, errstr)) != OK) return rc;
/* These are all other parts of the x509_cred handling, since SNI in GnuTLS
/* set SNI in client, only */
if (host)
{
- if (!expand_check(sni, US"tls_out_sni", &state->tlsp->sni, errstr))
+ if (!expand_check(state->tls_sni, US"tls_out_sni", &state->tlsp->sni, errstr))
return DEFER;
if (state->tlsp->sni && *state->tlsp->sni)
{
sz = Ustrlen(state->tlsp->sni);
if ((rc = gnutls_server_name_set(state->session,
GNUTLS_NAME_DNS, state->tlsp->sni, sz)))
- return tls_error_gnu(US"gnutls_server_name_set", rc, host, errstr);
+ return tls_error_gnu(state, US"gnutls_server_name_set", rc, errstr);
}
}
else if (state->tls_sni)
DEBUG(D_tls) debug_printf("*** PROBABLY A BUG *** " \
"have an SNI set for a server [%s]\n", state->tls_sni);
-/* This is the priority string support,
-http://www.gnutls.org/manual/html_node/Priority-Strings.html
-and replaces gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols.
-This was backwards incompatible, but means Exim no longer needs to track
-all algorithms and provide string forms for them. */
-
-p = NULL;
-if (state->tls_require_ciphers && *state->tls_require_ciphers)
+if (!state->lib_state.pri_string)
{
- if (!expand_check_tlsvar(tls_require_ciphers, errstr))
- return DEFER;
- if (state->exp_tls_require_ciphers && *state->exp_tls_require_ciphers)
+ const uschar * p = NULL;
+ const char * errpos;
+
+ /* This is the priority string support,
+ http://www.gnutls.org/manual/html_node/Priority-Strings.html
+ and replaces gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols.
+ This was backwards incompatible, but means Exim no longer needs to track
+ all algorithms and provide string forms for them. */
+
+ if (state->tls_require_ciphers && *state->tls_require_ciphers)
{
- p = state->exp_tls_require_ciphers;
- DEBUG(D_tls) debug_printf("GnuTLS session cipher/priority \"%s\"\n", p);
+ if (!Expand_check_tlsvar(tls_require_ciphers, errstr))
+ return DEFER;
+ if (state->exp_tls_require_ciphers && *state->exp_tls_require_ciphers)
+ {
+ p = state->exp_tls_require_ciphers;
+ DEBUG(D_tls) debug_printf("GnuTLS session cipher/priority \"%s\"\n", p);
+ }
}
+
+ if ((rc = creds_load_pristring(state, p, &errpos)))
+ return tls_error_gnu(state, string_sprintf(
+ "gnutls_priority_init(%s) failed at offset %ld, \"%.6s..\"",
+ p, (long)(errpos - CS p), errpos),
+ rc, errstr);
}
-if (!p)
+else
{
- p = exim_default_gnutls_priority;
- DEBUG(D_tls)
- debug_printf("GnuTLS using default session cipher/priority \"%s\"\n", p);
+ DEBUG(D_tls) debug_printf("cipher list preloaded\n");
+ state->exp_tls_require_ciphers = US state->tls_require_ciphers;
}
-if ((rc = gnutls_priority_init(&state->priority_cache, CCS p, &errpos)))
- return tls_error_gnu(string_sprintf(
- "gnutls_priority_init(%s) failed at offset %ld, \"%.6s..\"",
- p, errpos - CS p, errpos),
- rc, host, errstr);
-if ((rc = gnutls_priority_set(state->session, state->priority_cache)))
- return tls_error_gnu(US"gnutls_priority_set", rc, host, errstr);
+if ((rc = gnutls_priority_set(state->session, state->lib_state.pri_cache)))
+ return tls_error_gnu(state, US"gnutls_priority_set", rc, errstr);
/* This also sets the server ticket expiration time to the same, and
the STEK rotation time to 3x. */
for (s++; (c = *s) && c != ')'; s++) g = string_catn(g, s, 1);
- tlsp->ver = string_copyn(g->s, g->ptr);
+ tlsp->ver = string_copy_from_gstring(g);
for (uschar * p = US tlsp->ver; *p; p++)
if (*p == '-') { *p = '\0'; break; } /* TLS1.0-PKIX -> TLS1.0 */
if (*s) s++; /* now on _ between groups */
while ((c = *s))
{
- for (*++s && ++s; (c = *s) && c != ')'; s++)
- g = string_catn(g, c == '-' ? US"_" : s, 1);
+ if (*++s)
+ for (++s; (c = *s) && c != ')'; s++)
+ g = string_catn(g, c == '-' ? US"_" : s, 1);
/* now on ) closing group */
if ((c = *s) && *++s == '-') g = string_catn(g, US"__", 2);
/* now on _ between groups */
DEBUG(D_tls) debug_printf("TLS: peer cert problem: %s: %s\n", \
(Label), gnutls_strerror(rc)); \
if (state->verify_requirement >= VERIFY_REQUIRED) \
- return tls_error_gnu((Label), rc, state->host, errstr); \
+ return tls_error_gnu(state, (Label), rc, errstr); \
return OK; \
} \
} while (0)
exim_gnutls_peer_err(US"getting size for cert DN failed");
return FAIL; /* should not happen */
}
-dn_buf = store_get_perm(sz, TRUE); /* tainted */
+dn_buf = store_get_perm(sz, GET_TAINTED);
rc = gnutls_x509_crt_get_dn(crt, CS dn_buf, &sz);
exim_gnutls_peer_err(US"failed to extract certificate DN [gnutls_x509_crt_get_dn(cert 0)]");
for (nrec = 0; state->dane_data_len[nrec]; ) nrec++;
nrec++;
- dd = store_get(nrec * sizeof(uschar *), FALSE);
- ddl = store_get(nrec * sizeof(int), FALSE);
+ dd = store_get(nrec * sizeof(uschar *), GET_UNTAINTED);
+ ddl = store_get(nrec * sizeof(int), GET_UNTAINTED);
nrec--;
if ((rc = dane_state_init(&s, 0)))
)
{
DEBUG(D_tls)
- debug_printf("TLS certificate verification failed: cert name mismatch\n");
+ debug_printf("TLS certificate verification failed: cert name mismatch (per GnuTLS)\n");
if (state->verify_requirement >= VERIFY_REQUIRED)
goto badcert;
return TRUE;
{
DEBUG(D_tls)
if (rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- debug_printf("TLS: no SNI presented in handshake.\n");
+ debug_printf("TLS: no SNI presented in handshake\n");
else
debug_printf("TLS failure: gnutls_server_name_get(): %s [%d]\n",
gnutls_strerror(rc), rc);
/* We now have a UTF-8 string in sni_name */
old_pool = store_pool;
store_pool = POOL_PERM;
-state->received_sni = string_copy_taint(US sni_name, TRUE);
+state->received_sni = string_copy_taint(US sni_name, GET_TAINTED);
store_pool = old_pool;
/* We set this one now so that variable expansions below will work */
{
/* If the setup of certs/etc failed before handshake, TLS would not have
been offered. The best we can do now is abort. */
- return GNUTLS_E_APPLICATION_ERROR_MIN;
+ DEBUG(D_tls) debug_printf("expansion for SNI-dependent session files failed\n");
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
rc = tls_set_remaining_x509(state, &dummy_errstr);
-if (rc != OK) return GNUTLS_E_APPLICATION_ERROR_MIN;
+if (rc != OK) return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
return 0;
}
if ((cert_list = gnutls_certificate_get_peers(session, &cert_list_size)))
while (cert_list_size--)
- {
- if ((rc = import_cert(&cert_list[cert_list_size], &crt)) != GNUTLS_E_SUCCESS)
{
- DEBUG(D_tls) debug_printf("TLS: peer cert problem: depth %d: %s\n",
- cert_list_size, gnutls_strerror(rc));
- break;
- }
+ if ((rc = import_cert(&cert_list[cert_list_size], &crt)) != GNUTLS_E_SUCCESS)
+ {
+ DEBUG(D_tls) debug_printf("TLS: peer cert problem: depth %d: %s\n",
+ cert_list_size, gnutls_strerror(rc));
+ break;
+ }
- state->tlsp->peercert = crt;
- if ((yield = event_raise(state->event_action,
- US"tls:cert", string_sprintf("%d", cert_list_size))))
- {
- log_write(0, LOG_MAIN,
- "SSL verify denied by event-action: depth=%d: %s",
- cert_list_size, yield);
- return 1; /* reject */
+ state->tlsp->peercert = crt;
+ if ((yield = event_raise(state->event_action,
+ US"tls:cert", string_sprintf("%d", cert_list_size), &errno)))
+ {
+ log_write(0, LOG_MAIN,
+ "SSL verify denied by event-action: depth=%d: %s",
+ cert_list_size, yield);
+ return 1; /* reject */
+ }
+ state->tlsp->peercert = NULL;
}
- state->tlsp->peercert = NULL;
- }
return 0;
}
}
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
static int
tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
unsigned incoming, const gnutls_datum_t * msg)
{
-DEBUG(D_tls) debug_printf("newticket cb\n");
+DEBUG(D_tls) debug_printf("newticket cb (on server)\n");
tls_in.resumption |= RESUME_CLIENT_REQUESTED;
return 0;
}
{
if (gnutls_session_resumption_requested(state->session))
{
- /* This tells us the client sent a full ticket. We use a
+ /* This tells us the client sent a full (?) ticket. We use a
callback on session-ticket request, elsewhere, to tell
- if a client asked for a ticket. */
+ if a client asked for a ticket.
+ XXX As of GnuTLS 3.0.1 it seems to be returning true even for
+ a pure ticket-req (a zero-length Session Ticket extension
+ in the Client Hello, for 1.2) which mucks up our logic. */
tls_in.resumption |= RESUME_CLIENT_SUGGESTED;
DEBUG(D_tls) debug_printf("client requested resumption\n");
DEBUG(D_tls) debug_printf("Session resumed\n");
}
}
-#endif
+#endif /* EXIM_HAVE_TLS_RESUME */
+
+
+#ifdef EXIM_HAVE_ALPN
+/* Expand and convert an Exim list to a gnutls_datum list. False return for fail.
+NULL plist return for silent no-ALPN.
+*/
+
+static BOOL
+tls_alpn_plist(uschar ** tls_alpn, const gnutls_datum_t ** plist, unsigned * plen,
+ uschar ** errstr)
+{
+uschar * exp_alpn;
+
+if (!expand_check(*tls_alpn, US"tls_alpn", &exp_alpn, errstr))
+ return FALSE;
+
+if (!exp_alpn)
+ {
+ DEBUG(D_tls) debug_printf("Setting TLS ALPN forced to fail, not sending\n");
+ *plist = NULL;
+ }
+else
+ {
+ const uschar * list = exp_alpn;
+ int sep = 0;
+ unsigned cnt = 0;
+ gnutls_datum_t * p;
+ uschar * s;
+
+ while (string_nextinlist(&list, &sep, NULL, 0)) cnt++;
+
+ p = store_get(sizeof(gnutls_datum_t) * cnt, exp_alpn);
+ list = exp_alpn;
+ for (int i = 0; s = string_nextinlist(&list, &sep, NULL, 0); i++)
+ { p[i].data = s; p[i].size = Ustrlen(s); }
+ *plist = (*plen = cnt) ? p : NULL;
+ }
+return TRUE;
+}
+
+static void
+tls_server_set_acceptable_alpns(exim_gnutls_state_st * state, uschar ** errstr)
+{
+uschar * local_alpn = string_copy(tls_alpn);
+int rc;
+const gnutls_datum_t * plist;
+unsigned plen;
+
+if (tls_alpn_plist(&local_alpn, &plist, &plen, errstr) && plist)
+ {
+ /* This seems to be only mandatory if the client sends an ALPN extension;
+ not trying ALPN is ok. Need to decide how to support server-side must-alpn. */
+
+ server_seen_alpn = 0;
+ if (!(rc = gnutls_alpn_set_protocols(state->session, plist, plen,
+ GNUTLS_ALPN_MANDATORY)))
+ gnutls_handshake_set_hook_function(state->session,
+ GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb);
+ else
+ DEBUG(D_tls)
+ debug_printf("setting alpn protocols: %s\n", US gnutls_strerror(rc));
+ }
+}
+#endif /* EXIM_HAVE_ALPN */
+
/* ------------------------------------------------------------------------ */
/* Exported functions */
a TLS session.
Arguments:
- require_ciphers list of allowed ciphers or NULL
errstr pointer to error string
Returns: OK on success
*/
int
-tls_server_start(const uschar * require_ciphers, uschar ** errstr)
+tls_server_start(uschar ** errstr)
{
int rc;
exim_gnutls_state_st * state = NULL;
if (tls_in.active.sock >= 0)
{
tls_error(US"STARTTLS received after TLS started", US "", NULL, errstr);
- smtp_printf("554 Already in TLS\r\n", FALSE);
+ smtp_printf("554 Already in TLS\r\n", SP_NO_MORE);
return FAIL;
}
gettimeofday(&t0, NULL);
#endif
- if ((rc = tls_init(NULL, tls_certificate, tls_privatekey,
- NULL, tls_verify_certificates, tls_crl,
- require_ciphers, &state, &tls_in, errstr)) != OK) return rc;
+ if ((rc = tls_init(NULL, NULL,
+ tls_require_ciphers, &state, &tls_in, errstr)) != OK) return rc;
#ifdef MEASURE_TIMING
report_time_since(&t0, US"server tls_init (delta)");
#endif
}
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifdef EXIM_HAVE_ALPN
+tls_server_set_acceptable_alpns(state, errstr);
+#endif
+
+#ifdef EXIM_HAVE_TLS_RESUME
tls_server_resume_prehandshake(state);
#endif
if (verify_check_host(&tls_verify_hosts) == OK)
{
DEBUG(D_tls)
- debug_printf("TLS: a client certificate will be required.\n");
+ debug_printf("TLS: a client certificate will be required\n");
state->verify_requirement = VERIFY_REQUIRED;
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
}
else if (verify_check_host(&tls_try_verify_hosts) == OK)
{
DEBUG(D_tls)
- debug_printf("TLS: a client certificate will be requested but not required.\n");
+ debug_printf("TLS: a client certificate will be requested but not required\n");
state->verify_requirement = VERIFY_OPTIONAL;
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUEST);
}
else
{
DEBUG(D_tls)
- debug_printf("TLS: a client certificate will not be requested.\n");
+ debug_printf("TLS: a client certificate will not be requested\n");
state->verify_requirement = VERIFY_NONE;
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_IGNORE);
}
{
state->event_action = event_action;
gnutls_session_set_ptr(state->session, state);
- gnutls_certificate_set_verify_function(state->x509_cred, verify_cb);
+ gnutls_certificate_set_verify_function(state->lib_state.x509_cred, verify_cb);
}
#endif
if (!state->tlsp->on_connect)
{
- smtp_printf("220 TLS go ahead\r\n", FALSE);
+ smtp_printf("220 TLS go ahead\r\n", SP_NO_MORE);
fflush(smtp_out);
}
if (rc != GNUTLS_E_SUCCESS)
{
+ DEBUG(D_tls) debug_printf(" error %d from gnutls_handshake: %s\n",
+ rc, gnutls_strerror(rc));
+
/* It seems that, except in the case of a timeout, we have to close the
connection right here; otherwise if the other end is running OpenSSL it hangs
until the server times out. */
if (sigalrm_seen)
{
tls_error(US"gnutls_handshake", US"timed out", NULL, errstr);
+#ifndef DISABLE_EVENT
+ (void) event_raise(event_action, US"tls:fail:connect", *errstr, NULL);
+#endif
gnutls_db_remove_session(state->session);
}
else
{
- tls_error_gnu(US"gnutls_handshake", rc, NULL, errstr);
+ tls_error_gnu(state, US"gnutls_handshake", rc, errstr);
+#ifndef DISABLE_EVENT
+ (void) event_raise(event_action, US"tls:fail:connect", *errstr, NULL);
+#endif
(void) gnutls_alert_send_appropriate(state->session, rc);
gnutls_deinit(state->session);
- gnutls_certificate_free_credentials(state->x509_cred);
millisleep(500);
shutdown(state->fd_out, SHUT_WR);
for (int i = 1024; fgetc(smtp_in) != EOF && i > 0; ) i--; /* drain skt */
tls_in.ext_master_secret = TRUE;
#endif
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
tls_server_resume_posthandshake(state);
#endif
DEBUG(D_tls) post_handshake_debug(state);
+#ifdef EXIM_HAVE_ALPN
+if (server_seen_alpn > 0)
+ {
+ DEBUG(D_tls)
+ { /* The client offered ALPN. See what was negotiated. */
+ gnutls_datum_t p = {.size = 0};
+ int rc = gnutls_alpn_get_selected_protocol(state->session, &p);
+ if (!rc)
+ debug_printf("ALPN negotiated: %.*s\n", (int)p.size, p.data);
+ else
+ debug_printf("getting alpn protocol: %s\n", US gnutls_strerror(rc));
+
+ }
+ }
+else if (server_seen_alpn == 0)
+ if (verify_check_host(&hosts_require_alpn) == OK)
+ {
+ gnutls_alert_send(state->session, GNUTLS_AL_FATAL, GNUTLS_A_NO_APPLICATION_PROTOCOL);
+ tls_error(US"handshake", US"ALPN required but not negotiated", NULL, errstr);
+ return FAIL;
+ }
+ else
+ DEBUG(D_tls) debug_printf("TLS: no ALPN presented in handshake\n");
+else
+ DEBUG(D_tls) debug_printf("TLS: was not watching for ALPN\n");
+#endif
+
/* Verify after the fact */
if (!verify_certificate(state, errstr))
receive_getc = tls_getc;
receive_getbuf = tls_getbuf;
receive_get_cache = tls_get_cache;
+receive_hasc = tls_hasc;
receive_ungetc = tls_ungetc;
receive_feof = tls_feof;
receive_ferror = tls_ferror;
-receive_smtp_buffered = tls_smtp_buffered;
return OK;
}
{
state->exp_tls_verify_cert_hostnames =
#ifdef SUPPORT_I18N
- string_domain_utf8_to_alabel(host->name, NULL);
+ string_domain_utf8_to_alabel(host->certname, NULL);
#else
- host->name;
+ host->certname;
#endif
DEBUG(D_tls)
- debug_printf("TLS: server cert verification includes hostname: \"%s\".\n",
+ debug_printf("TLS: server cert verification includes hostname: \"%s\"\n",
state->exp_tls_verify_cert_hostnames);
}
}
rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
) if (rr->type == T_TLSA) i++;
-dane_data = store_get(i * sizeof(uschar *), FALSE);
-dane_data_len = store_get(i * sizeof(int), FALSE);
+dane_data = store_get(i * sizeof(uschar *), GET_UNTAINTED);
+dane_data_len = store_get(i * sizeof(int), GET_UNTAINTED);
i = 0;
for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
/* On the client, get any stashed session for the given IP from hints db
and apply it to the ssl-connection for attempted resumption. Although
there is a gnutls_session_ticket_enable_client() interface it is
static void
tls_retrieve_session(tls_support * tlsp, gnutls_session_t session,
- host_item * host, smtp_transport_options_block * ob)
+ smtp_connect_args * conn_args, smtp_transport_options_block * ob)
{
tlsp->resumption = RESUME_SUPPORTED;
-if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, host) == OK)
+
+if (!conn_args->have_lbserver)
+ { DEBUG(D_tls) debug_printf(
+ "resumption not supported: no LB detection done (continued-conn?)\n"); }
+else if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, conn_args->host) == OK)
{
dbdata_tls_session * dt;
int len, rc;
open_db dbblock, * dbm_file;
- DEBUG(D_tls)
- debug_printf("check for resumable session for %s\n", host->address);
tlsp->host_resumable = TRUE;
+ tls_client_resmption_key(tlsp, conn_args, ob);
+
tlsp->resumption |= RESUME_CLIENT_REQUESTED;
if ((dbm_file = dbfn_open(US"tls", O_RDONLY, &dbblock, FALSE, FALSE)))
{
- /* Key for the db is the IP. We'd like to filter the retrieved session
- for ticket advisory expiry, but 3.6.1 seems to give no access to that */
+ /* We'd like to filter the retrieved session for ticket advisory expiry,
+ but 3.6.1 seems to give no access to that */
- if ((dt = dbfn_read_with_length(dbm_file, host->address, &len)))
+ if ((dt = dbfn_read_with_length(dbm_file, tlsp->resume_index, &len)))
if (!(rc = gnutls_session_set_data(session,
CUS dt->session, (size_t)len - sizeof(dbdata_tls_session))))
{
dbfn_close(dbm_file);
}
}
+else DEBUG(D_tls) debug_printf("no resumption for this host\n");
}
{
open_db dbblock, * dbm_file;
int dlen = sizeof(dbdata_tls_session) + tkt.size;
- dbdata_tls_session * dt = store_get(dlen, TRUE);
+ dbdata_tls_session * dt = store_get(dlen, GET_TAINTED);
- DEBUG(D_tls) debug_printf("session data size %u\n", (unsigned)tkt.size);
+ DEBUG(D_tls) debug_printf(" session data size %u\n", (unsigned)tkt.size);
memcpy(dt->session, tkt.data, tkt.size);
gnutls_free(tkt.data);
- if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))
+ if ((dbm_file = dbfn_open(US"tls", O_RDWR|O_CREAT, &dbblock, FALSE, FALSE)))
{
/* key for the db is the IP */
- dbfn_delete(dbm_file, host->address);
- dbfn_write(dbm_file, host->address, dt, dlen);
+ dbfn_write(dbm_file, tlsp->resume_index, dt, dlen);
dbfn_close(dbm_file);
DEBUG(D_tls)
- debug_printf("wrote session db (len %u)\n", (unsigned)dlen);
+ debug_printf(" wrote session db (len %u)\n", (unsigned)dlen);
}
}
- else DEBUG(D_tls)
- debug_printf("extract session data: %s\n", US gnutls_strerror(rc));
+ else
+ { DEBUG(D_tls)
+ debug_printf(" extract session data: %s\n", US gnutls_strerror(rc));
+ }
+ else DEBUG(D_tls)
+ debug_printf(" host not resmable; not saving ticket\n");
}
}
exim_gnutls_state_st * state = gnutls_session_get_ptr(sess);
tls_support * tlsp = state->tlsp;
-DEBUG(D_tls) debug_printf("newticket cb\n");
+DEBUG(D_tls) debug_printf("newticket cb (on client)\n");
if (!tlsp->ticket_received)
tls_save_session(tlsp, sess, state->host);
static void
tls_client_resume_prehandshake(exim_gnutls_state_st * state,
- tls_support * tlsp, host_item * host,
+ tls_support * tlsp, smtp_connect_args * conn_args,
smtp_transport_options_block * ob)
{
gnutls_session_set_ptr(state->session, state);
gnutls_handshake_set_hook_function(state->session,
GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, GNUTLS_HOOK_POST, tls_client_ticket_cb);
-tls_retrieve_session(tlsp, state->session, host, ob);
+tls_retrieve_session(tlsp, state->session, conn_args, ob);
}
static void
tls_save_session(tlsp, state->session, host);
}
-#endif /* EXPERIMENTAL_TLS_RESUME */
+#endif /* !DISABLE_TLS_RESUME */
/*************************************************
host_item * host = conn_args->host; /* for msgs and option-tests */
transport_instance * tb = conn_args->tblock; /* always smtp or NULL */
smtp_transport_options_block * ob = tb
- ? (smtp_transport_options_block *)tb->options_block
+ ? tb->drinst.options_block
: &smtp_transport_option_defaults;
int rc;
exim_gnutls_state_st * state = NULL;
/* If dane is flagged, have either request or require dane for this host, and
a TLSA record found. Therefore, dane verify required. Which implies cert must
be requested and supplied, dane verify must pass, and cert verify irrelevant
-(incl. hostnames), and (caller handled) require_tls */
+(incl. hostnames), and (caller handled) require_tls and sni=$domain */
if (conn_args->dane && ob->dane_require_tls_ciphers)
{
- /* not using expand_check_tlsvar because not yet in state */
+ /* not using Expand_check_tlsvar because not yet in state */
if (!expand_check(ob->dane_require_tls_ciphers, US"dane_require_tls_ciphers",
&cipher_list, errstr))
return FALSE;
gettimeofday(&t0, NULL);
#endif
- if (tls_init(host, ob->tls_certificate, ob->tls_privatekey,
- ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl,
- cipher_list, &state, tlsp, errstr) != OK)
+ if (tls_init(host, ob, cipher_list, &state, tlsp, errstr) != OK)
return FALSE;
#ifdef MEASURE_TIMING
#endif
}
+if (ob->tls_alpn)
+#ifdef EXIM_HAVE_ALPN
+ {
+ const gnutls_datum_t * plist;
+ unsigned plen;
+
+ if (!tls_alpn_plist(&ob->tls_alpn, &plist, &plen, errstr))
+ return FALSE;
+ if (plist)
+ if (gnutls_alpn_set_protocols(state->session, plist, plen, 0) != 0)
+ {
+ tls_error(US"alpn init", NULL, state->host, errstr);
+ return FALSE;
+ }
+ else
+ DEBUG(D_tls) debug_printf("Setting TLS ALPN '%s'\n", ob->tls_alpn);
+ }
+#else
+ log_write(0, LOG_MAIN, "ALPN unusable with this GnuTLS library version; ignoring \"%s\"\n",
+ ob->tls_alpn);
+#endif
+
{
int dh_min_bits = ob->tls_dh_min_bits;
if (dh_min_bits < EXIM_CLIENT_DH_MIN_MIN_BITS)
if (conn_args->dane && dane_tlsa_load(state, &conn_args->tlsa_dnsa))
{
DEBUG(D_tls)
- debug_printf("TLS: server certificate DANE required.\n");
+ debug_printf("TLS: server certificate DANE required\n");
state->verify_requirement = VERIFY_DANE;
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
}
{
tls_client_setup_hostname_checks(host, state, ob);
DEBUG(D_tls)
- debug_printf("TLS: server certificate verification required.\n");
+ debug_printf("TLS: server certificate verification required\n");
state->verify_requirement = VERIFY_REQUIRED;
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
}
{
tls_client_setup_hostname_checks(host, state, ob);
DEBUG(D_tls)
- debug_printf("TLS: server certificate verification optional.\n");
+ debug_printf("TLS: server certificate verification optional\n");
state->verify_requirement = VERIFY_OPTIONAL;
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUEST);
}
else
{
DEBUG(D_tls)
- debug_printf("TLS: server certificate verification not required.\n");
+ debug_printf("TLS: server certificate verification not required\n");
state->verify_requirement = VERIFY_NONE;
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_IGNORE);
}
if ((rc = gnutls_ocsp_status_request_enable_client(state->session,
NULL, 0, NULL)) != OK)
{
- tls_error_gnu(US"cert-status-req", rc, state->host, errstr);
+ tls_error_gnu(state, US"cert-status-req", rc, errstr);
return FALSE;
}
tlsp->ocsp = OCSP_NOT_RESP;
}
#endif
-#ifdef EXPERIMENTAL_TLS_RESUME
-tls_client_resume_prehandshake(state, tlsp, host, ob);
+#ifdef EXIM_HAVE_TLS_RESUME
+tls_client_resume_prehandshake(state, tlsp, conn_args, ob);
#endif
#ifndef DISABLE_EVENT
{
state->event_action = tb->event_action;
gnutls_session_set_ptr(state->session, state);
- gnutls_certificate_set_verify_function(state->x509_cred, verify_cb);
+ gnutls_certificate_set_verify_function(state->lib_state.x509_cred, verify_cb);
}
#endif
tls_error(US"gnutls_handshake", US"timed out", state->host, errstr);
}
else
- tls_error_gnu(US"gnutls_handshake", rc, state->host, errstr);
+ tls_error_gnu(state, US"gnutls_handshake", rc, errstr);
return FALSE;
}
gnutls_free(printed.data);
}
else
- (void) tls_error_gnu(US"ocsp decode", rc, state->host, errstr);
+ (void) tls_error_gnu(state, US"ocsp decode", rc, errstr);
if (idx == 0 && rc)
- (void) tls_error_gnu(US"ocsp decode", rc, state->host, errstr);
+ (void) tls_error_gnu(state, US"ocsp decode", rc, errstr);
}
if (gnutls_ocsp_status_request_is_checked(state->session, 0) == 0)
}
#endif
-#ifdef EXPERIMENTAL_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
tls_client_resume_posthandshake(state, tlsp, host);
#endif
+#ifdef EXIM_HAVE_ALPN
+if (ob->tls_alpn) /* We requested. See what was negotiated. */
+ {
+ gnutls_datum_t p = {.size = 0};
+
+ if (gnutls_alpn_get_selected_protocol(state->session, &p) == 0)
+ { DEBUG(D_tls) debug_printf("ALPN negotiated: '%.*s'\n", (int)p.size, p.data); }
+ else if (verify_check_given_host(CUSS &ob->hosts_require_alpn, host) == OK)
+ {
+ gnutls_alert_send(state->session, GNUTLS_AL_FATAL, GNUTLS_A_NO_APPLICATION_PROTOCOL);
+ tls_error(US"handshake", US"ALPN required but not negotiated", state->host, errstr);
+ return FALSE;
+ }
+ else
+ DEBUG(D_tls) debug_printf("No ALPN negotiated");
+ }
+#endif
+
/* Sets various Exim expansion variables; may need to adjust for ACL callouts */
extract_exim_vars_from_tls_state(state);
+/*
+Arguments:
+ ct_ctx client TLS context pointer, or NULL for the one global server context
+*/
+
+void
+tls_shutdown_wr(void * ct_ctx)
+{
+exim_gnutls_state_st * state = ct_ctx ? ct_ctx : &state_server;
+tls_support * tlsp = state->tlsp;
+
+if (!tlsp || tlsp->active.sock < 0) return; /* TLS was not active */
+
+tls_write(ct_ctx, NULL, 0, FALSE); /* flush write buffer */
+
+HDEBUG(D_transport|D_tls|D_acl|D_v) debug_printf_indent(" SMTP(TLS shutdown)>>\n");
+gnutls_bye(state->session, GNUTLS_SHUT_WR);
+}
+
/*************************************************
* Close down a TLS session *
*************************************************/
Arguments:
ct_ctx client context pointer, or NULL for the one global server context
- shutdown 1 if TLS close-alert is to be sent,
- 2 if also response to be waited for
+ do_shutdown 0 no data-flush or TLS close-alert
+ 1 if TLS close-alert is to be sent,
+ 2 if also response to be waited for (2s timeout)
Returns: nothing
*/
void
-tls_close(void * ct_ctx, int shutdown)
+tls_close(void * ct_ctx, int do_shutdown)
{
exim_gnutls_state_st * state = ct_ctx ? ct_ctx : &state_server;
tls_support * tlsp = state->tlsp;
if (!tlsp || tlsp->active.sock < 0) return; /* TLS was not active */
-if (shutdown)
+if (do_shutdown)
{
DEBUG(D_tls) debug_printf("tls_close(): shutting down TLS%s\n",
- shutdown > 1 ? " (with response-wait)" : "");
+ do_shutdown > TLS_SHUTDOWN_NOWAIT ? " (with response-wait)" : "");
+
+ tls_write(ct_ctx, NULL, 0, FALSE); /* flush write buffer */
+
+#ifdef EXIM_TCP_CORK
+ if (do_shutdown == TLS_SHUTDOWN_WAIT)
+ (void) setsockopt(tlsp->active.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &off, sizeof(off));
+#endif
+
+ /* The library seems to have no way to only wait for a peer's
+ shutdown, so handle the same as TLS_SHUTDOWN_WAIT */
ALARM(2);
- gnutls_bye(state->session, shutdown > 1 ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
+ gnutls_bye(state->session,
+ do_shutdown > TLS_SHUTDOWN_NOWAIT ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
ALARM_CLR(0);
}
receive_getc = smtp_getc;
receive_getbuf = smtp_getbuf;
receive_get_cache = smtp_get_cache;
+ receive_hasc = smtp_hasc;
receive_ungetc = smtp_ungetc;
receive_feof = smtp_feof;
receive_ferror = smtp_ferror;
- receive_smtp_buffered = smtp_buffered;
}
gnutls_deinit(state->session);
-gnutls_certificate_free_credentials(state->x509_cred);
-
tlsp->active.sock = -1;
tlsp->active.tls_ctx = NULL;
/* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */
if (state->xfer_buffer) store_free(state->xfer_buffer);
-memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
}
sigalrm_seen = FALSE;
if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout);
+errno = 0;
do
inbytes = gnutls_record_recv(state->session, state->xfer_buffer,
MIN(ssl_xfer_buffer_size, lim));
return FALSE;
}
#ifndef DISABLE_DKIM
-dkim_exim_verify_feed(state->xfer_buffer, inbytes);
+smtp_verify_feed(state->xfer_buffer, inbytes);
#endif
state->xfer_buffer_hwm = (int) inbytes;
state->xfer_buffer_lwm = 0;
return state->xfer_buffer[state->xfer_buffer_lwm++];
}
+BOOL
+tls_hasc(void)
+{
+exim_gnutls_state_st * state = &state_server;
+return state->xfer_buffer_lwm < state->xfer_buffer_hwm;
+}
+
uschar *
tls_getbuf(unsigned * len)
{
}
+/* Get up to the given number of bytes from any cached data, and feed to dkim. */
void
-tls_get_cache()
+tls_get_cache(unsigned lim)
{
#ifndef DISABLE_DKIM
exim_gnutls_state_st * state = &state_server;
int n = state->xfer_buffer_hwm - state->xfer_buffer_lwm;
+if (n > lim)
+ n = lim;
if (n > 0)
- dkim_exim_verify_feed(state->xfer_buffer+state->xfer_buffer_lwm, n);
+ smtp_verify_feed(state->xfer_buffer+state->xfer_buffer_lwm, n);
#endif
}
BOOL
-tls_could_read(void)
+tls_could_getc(void)
{
return state_server.xfer_buffer_lwm < state_server.xfer_buffer_hwm
|| gnutls_record_check_pending(state_server.session) > 0;
}
-
-
/*************************************************
* Read bytes from TLS channel *
*************************************************/
debug_printf("Calling gnutls_record_recv(session=%p, buffer=%p, len=" SIZE_T_FMT ")\n",
state->session, buff, len);
+errno = 0;
do
inbytes = gnutls_record_recv(state->session, buff, len);
while (inbytes == GNUTLS_E_AGAIN);
DEBUG(D_tls) debug_printf("gnutls_record_send(session=%p, buffer=%p, left=" SIZE_T_FMT ")\n",
state->session, buff, left);
+ errno = 0;
do
outbytes = gnutls_record_send(state->session, buff, left);
while (outbytes == GNUTLS_E_AGAIN);
if (outbytes < 0)
{
- DEBUG(D_tls) debug_printf("%s: gnutls_record_send err\n", __FUNCTION__);
- record_io_error(state, outbytes, US"send", NULL);
+#ifdef GNUTLS_E_PREMATURE_TERMINATION
+ if ( outbytes == GNUTLS_E_PREMATURE_TERMINATION && errno == ECONNRESET
+ && !ct_ctx && f.smtp_in_quit
+ )
+ { /* Outlook, dammit */
+ if (LOGGING(protocol_detail))
+ log_write(0, LOG_MAIN, "[%s] after QUIT, client reset TCP before"
+ " SMTP response and TLS close\n", sender_host_address);
+ else
+ DEBUG(D_tls) debug_printf("[%s] SSL_write: after QUIT,"
+ " client reset TCP before TLS close\n", sender_host_address);
+ }
+ else
+#endif
+ {
+ DEBUG(D_tls) debug_printf("%s: gnutls_record_send err\n", __FUNCTION__);
+ record_io_error(state, outbytes, US"send", NULL);
+ }
return -1;
}
if (outbytes == 0)
if (!more && state->corked)
{
DEBUG(D_tls) debug_printf("gnutls_record_uncork(session=%p)\n", state->session);
- do {
- do
- /* We can't use GNUTLS_RECORD_WAIT here, as it retries on
- GNUTLS_E_AGAIN || GNUTLS_E_INTR, which would break our timeout set by alarm().
- The GNUTLS_E_AGAIN should not happen ever, as our sockets are blocking anyway.
- But who knows. (That all relies on the fact that GNUTLS_E_INTR and GNUTLS_E_AGAIN
- match the EINTR and EAGAIN errno values.) */
- outbytes = gnutls_record_uncork(state->session, 0);
- while (outbytes == GNUTLS_E_AGAIN);
-
- if (outbytes < 0)
- {
- record_io_error(state, len, US"uncork", NULL);
- return -1;
- }
- } while (gnutls_record_check_corked(state->session) > 0);
+ do
+ /* We can't use GNUTLS_RECORD_WAIT here, as it retries on
+ GNUTLS_E_AGAIN || GNUTLS_E_INTR, which would break our timeout set by alarm().
+ The GNUTLS_E_AGAIN should not happen ever, as our sockets are blocking anyway.
+ But who knows. (That all relies on the fact that GNUTLS_E_INTR and GNUTLS_E_AGAIN
+ match the EINTR and EAGAIN errno values.) */
+ outbytes = gnutls_record_uncork(state->session, 0);
+ while (outbytes == GNUTLS_E_AGAIN);
+
+ if (outbytes < 0)
+ {
+ record_io_error(state, len, US"uncork", NULL);
+ return -1;
+ }
+
state->corked = FALSE;
}
#endif
i = gnutls_rnd(GNUTLS_RND_NONCE, smallbuf, needed_len);
if (i < 0)
{
- DEBUG(D_all) debug_printf("gnutls_rnd() failed, using fallback.\n");
+ DEBUG(D_all) debug_printf("gnutls_rnd() failed, using fallback\n");
return vaguely_random_number_fallback(max);
}
r = 0;
rc = gnutls_priority_init(&priority_cache, CS expciphers, &errpos);
validate_check_rc(string_sprintf(
"gnutls_priority_init(%s) failed at offset %ld, \"%.8s..\"",
- expciphers, errpos - CS expciphers, errpos));
+ expciphers, (long)(errpos - CS expciphers), errpos));
#undef return_deinit
#undef validate_check_rc
}
+/* For ATRN provider: transfer the tls_in context to tls_out */
+
+void
+tls_state_in_to_out(int newfd, const uschar * ipaddr, int port)
+{
+exim_gnutls_state_st * state;
+host_item * h;
+int old_pool = store_pool;
+
+store_pool = POOL_PERM;
+state = store_get(sizeof(exim_gnutls_state_st), GET_UNTAINTED);
+h = store_get(sizeof(host_item), GET_UNTAINTED);
+
+memset(h, 0, sizeof(host_item));
+h->name = h->address = string_copy(ipaddr);
+h->port = port;
+
+*state = state_server;
+
+state->fd_in = newfd;
+state->fd_out = newfd;
+state->tlsp = &tls_out;
+state->host = h;
+
+tls_out = tls_in;
+tls_out.active.sock = newfd;
+tls_out.active.tls_ctx = state;
+
+memset(&tls_in, 0, sizeof(tls_in));
+
+gnutls_transport_set_ptr2(state->session,
+ (gnutls_transport_ptr_t)(long) newfd,
+ (gnutls_transport_ptr_t)(long) newfd);
+store_pool = old_pool;
+}
+
+
+
+/* For ATRN customer: transfer the tls_out context to tls_in */
+
+void
+tls_state_out_to_in(int newfd, const uschar * ipaddr, int port)
+{
+host_item * h;
+int old_pool = store_pool;
+
+store_pool = POOL_PERM;
+h = store_get(sizeof(host_item), GET_UNTAINTED);
+store_pool = old_pool;
+memset(h, 0, sizeof(host_item));
+h->name = h->address = string_copy(ipaddr);
+h->port = port;
+
+state_server = *(exim_gnutls_state_st *)tls_out.active.tls_ctx;
+state_server.fd_in = newfd;
+state_server.fd_out = newfd;
+state_server.tlsp = &tls_in;
+state_server.host = h;
+state_server.xfer_buffer = store_malloc(ssl_xfer_buffer_size);
+
+tls_in = tls_out;
+tls_in.on_connect = FALSE;
+tls_in.active.sock = newfd;
+tls_in.active.tls_ctx = &state_server;
+
+memset(&tls_out, 0, sizeof(tls_out));
+
+gnutls_transport_set_ptr2(state_server.session,
+ (gnutls_transport_ptr_t)(long) newfd,
+ (gnutls_transport_ptr_t)(long) newfd);
+}
+
+
/*************************************************
/* See a description in tls-openssl.c for an explanation of why this exists.
-Arguments: a FILE* to print the results to
-Returns: nothing
+Arguments: string to append to
+Returns: string
*/
-void
-tls_version_report(FILE *f)
+gstring *
+tls_version_report(gstring * g)
{
-fprintf(f, "Library version: GnuTLS: Compile: %s\n"
- " Runtime: %s\n",
- LIBGNUTLS_VERSION,
- gnutls_check_version(NULL));
+return string_fmt_append(g,
+ "Library version: GnuTLS: Compile: %s\n"
+ " Runtime: %s\n",
+ LIBGNUTLS_VERSION,
+ gnutls_check_version(NULL));
}
#endif /*!MACRO_PREDEF*/