#include <unistd.h>
#include <utime.h>
+/* Set to TRUE to enable debug output */
+#define DEBUG if (FALSE)
+
#ifdef AF_INET6
#define HAVE_IPV6 1
#endif
{
rc = gnutls_certificate_set_x509_key_file(x509_cred, CS certificate,
CS privatekey, GNUTLS_X509_FMT_PEM);
- if (rc < 0) gnutls_error("gnutls_certificate", rc);
+ if (rc < 0) gnutls_error(US"gnutls_certificate", rc);
}
/* Associate the parameters with the x509 credentials structure. */
alarm(timeout);
if (srv->tls_active)
{
- #ifdef HAVE_OPENSSL
+#ifdef HAVE_OPENSSL
+ int error;
+ DEBUG { printf("call SSL_read\n"); fflush(stdout); }
rc = SSL_read(srv->ssl, inbuffer, bsiz - 1);
- #endif
- #ifdef HAVE_GNUTLS
+ DEBUG { printf("SSL_read: %d\n", rc); fflush(stdout); }
+ if (rc <= 0)
+ switch (error = SSL_get_error(srv->ssl, rc))
+ {
+ case SSL_ERROR_ZERO_RETURN:
+ break;
+ case SSL_ERROR_SYSCALL:
+ printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
+ rc = -1;
+ break;
+ case SSL_ERROR_SSL:
+ printf("%s\nTLS terminated\n", ERR_error_string(ERR_get_error(), NULL));
+ SSL_shutdown(srv->ssl);
+ SSL_free(srv->ssl);
+ srv->tls_active = FALSE;
+ { /* OpenSSL leaves it in restartsys mode */
+ struct sigaction act = {.sa_handler = sigalrm_handler_flag, .sa_flags = 0};
+ sigalrm_seen = 1;
+ sigaction(SIGALRM, &act, NULL);
+ }
+ *inptr = 0;
+ DEBUG { printf("go round\n"); fflush(stdout); }
+ goto nextinput;
+ default:
+ printf("SSL error code %d\n", error);
+ }
+#endif
+#ifdef HAVE_GNUTLS
+ retry1:
+ DEBUG { printf("call gnutls_record_recv\n"); fflush(stdout); }
rc = gnutls_record_recv(tls_session, CS inbuffer, bsiz - 1);
- #endif
+ if (rc < 0)
+ {
+ DEBUG { printf("gnutls_record_recv: %s\n", gnutls_strerror(rc)); fflush(stdout); }
+ if (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN)
+ goto retry1;
+ printf("%s\n", gnutls_strerror(rc));
+ srv->tls_active = FALSE;
+ *inptr = 0;
+ DEBUG { printf("go round\n"); fflush(stdout); }
+ goto nextinput;
+ }
+ DEBUG { printf("gnutls_record_recv: %d\n", rc); fflush(stdout); }
+#endif
}
else
- rc = read(srv->sock, inbuffer, bsiz);
+ {
+ DEBUG { printf("call read\n"); fflush(stdout); }
+ rc = read(srv->sock, inbuffer, bsiz);
+ DEBUG { printf("read: %d\n", rc); fflush(stdout); }
+ }
alarm(0);
if (rc < 0)
{
- printf("Read error %s\n", strerror(errno));
+ if (errno == EINTR && sigalrm_seen && resp_optional)
+ continue; /* next scriptline */
+ printf("Read error: %s\n", strerror(errno));
exit(81);
}
else if (rc == 0)
printf("Expected EOF read\n");
continue;
}
+ else if (resp_optional)
+ continue; /* next scriptline */
else
{
printf("Unexpected EOF read\n");
inptr = inbuffer;
}
}
+ DEBUG { printf("read: '%s'\n", inptr); fflush(stdout); }
lineptr = inptr;
while (*inptr != 0 && *inptr != '\r' && *inptr != '\n') inptr++;
exit(79);
}
- /* input matched script */
+ /* Input matched script. Output the inputline, unless optional */
+ DEBUG { printf("read matched\n"); fflush(stdout); }
+
+ if (!resp_optional)
+ printf("<<< %s\n", lineptr);
+ else
- if (resp_optional)
- goto nextinput; /* consume inputline, not scriptline */
+ /* If there is further input after this line, consume inputline but not
+ scriptline in case there are several matching. Nonmatches are dealt with
+ above. */
- printf("<<< %s\n", lineptr);
+ if (*inptr != 0)
+ goto nextinput;
#ifdef HAVE_TLS
if (srv->sent_starttls)
#ifdef HAVE_GNUTLS
{
int rc;
+ fd_set rfd;
+ struct timeval tv = { 0, 2000 };
+
sigalrm_seen = FALSE;
alarm(timeout);
do {
alarm(0);
if (!srv->tls_active) printf("%s\n", gnutls_strerror(rc));
+
+ /* look for an error on the TLS conn */
+ FD_ZERO(&rfd);
+ FD_SET(srv->sock, &rfd);
+ if (select(srv->sock+1, &rfd, NULL, NULL, &tv) > 0)
+ {
+ retry2:
+ DEBUG { printf("call gnutls_record_recv\n"); fflush(stdout); }
+ rc = gnutls_record_recv(tls_session, CS inbuffer, bsiz - 1);
+ if (rc < 0)
+ {
+ DEBUG { printf("gnutls_record_recv: %s\n", gnutls_strerror(rc)); fflush(stdout); }
+ if (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN)
+ goto retry2;
+ printf("%s\n", gnutls_strerror(rc));
+ srv->tls_active = FALSE;
+ }
+ DEBUG { printf("gnutls_record_recv: %d\n", rc); fflush(stdout); }
+ }
}
#endif
#ifdef HAVE_GNUTLS
if (certfile != NULL) printf("Certificate file = %s\n", certfile);
if (keyfile != NULL) printf("Key file = %s\n", keyfile);
-tls_init(certfile, keyfile);
+tls_init(US certfile, US keyfile);
tls_session = tls_session_init();
#ifdef HAVE_OCSP
if (ocsp_stapling)
git://git.exim.org / exim.git / blobdiff