X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/9138b6973b7908852a5910ee8f4adf10d737cf0f..f49d9ed0b8cbf4b87e9c8d9007767ba48f440332:/src/src/tls-openssl.c diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 26b5cf5e5..830978e04 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -3,7 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2019 */ -/* Copyright (c) The Exim Maintainers 2020 */ +/* Copyright (c) The Exim Maintainers 2020 - 2021 */ /* See the file NOTICE for conditions of use and distribution. */ /* Portions Copyright (c) The OpenSSL Project 1999 */ @@ -90,6 +90,10 @@ change this guard and punt the issue for a while longer. */ # endif #endif +#if LIBRESSL_VERSION_NUMBER >= 0x3040000fL +# define EXIM_HAVE_OPENSSL_CIPHER_GET_ID +#endif + #if !defined(LIBRESSL_VERSION_NUMBER) \ || LIBRESSL_VERSION_NUMBER >= 0x20010000L # if !defined(OPENSSL_NO_ECDH) @@ -2178,7 +2182,7 @@ if ( inlen > 1 /* at least one name */ for (uschar * name; name = string_nextinlist(&list, &sep, NULL, 0); ) if (Ustrncmp(in+1, name, in[0]) == 0) { - *out = in; /* we checked for exactly one, so can just point to it */ + *out = in+1; /* we checked for exactly one, so can just point to it */ *outlen = inlen; return SSL_TLSEXT_ERR_OK; /* use ALPN */ } @@ -2231,9 +2235,6 @@ if (!olist) const X509 * cert_sent = SSL_get_certificate(s); const ASN1_INTEGER * cert_serial = X509_get0_serialNumber(cert_sent); const BIGNUM * cert_bn = ASN1_INTEGER_to_BN(cert_serial, NULL); - const X509_NAME * cert_issuer = X509_get_issuer_name(cert_sent); - uschar * chash; - uint chash_len; for (; olist; olist = olist->next) { @@ -3273,7 +3274,7 @@ else DEBUG(D_tls) if (len && name) debug_printf("ALPN negotiated: '%.*s'\n", (int)*name, name+1); else - debug_printf(ALPN: no protocol negotiated\n); + debug_printf("ALPN: no protocol negotiated\n"); } #endif @@ -3346,10 +3347,10 @@ ssl_xfer_eof = ssl_xfer_error = FALSE; receive_getc = tls_getc; receive_getbuf = tls_getbuf; receive_get_cache = tls_get_cache; +receive_hasc = tls_hasc; receive_ungetc = tls_ungetc; receive_feof = tls_feof; receive_ferror = tls_ferror; -receive_smtp_buffered = tls_smtp_buffered; tls_in.active.sock = fileno(smtp_out); tls_in.active.tls_ctx = NULL; /* not using explicit ctx for server-side */ @@ -4122,6 +4123,12 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) return ssl_xfer_buffer[ssl_xfer_buffer_lwm++]; } +BOOL +tls_hasc(void) +{ +return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm; +} + uschar * tls_getbuf(unsigned * len) { @@ -4146,10 +4153,13 @@ return buf; void -tls_get_cache(void) +tls_get_cache(unsigned lim) { #ifndef DISABLE_DKIM int n = ssl_xfer_buffer_hwm - ssl_xfer_buffer_lwm; +debug_printf("tls_get_cache\n"); +if (n > lim) + n = lim; if (n > 0) dkim_exim_verify_feed(ssl_xfer_buffer+ssl_xfer_buffer_lwm, n); #endif @@ -4157,7 +4167,7 @@ if (n > 0) BOOL -tls_could_read(void) +tls_could_getc(void) { return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm || SSL_pending(state_server.lib_state.lib_ssl) > 0; @@ -4408,10 +4418,10 @@ if (!o_ctx) /* server side */ receive_getc = smtp_getc; receive_getbuf = smtp_getbuf; receive_get_cache = smtp_get_cache; + receive_hasc = smtp_hasc; receive_ungetc = smtp_ungetc; receive_feof = smtp_feof; receive_ferror = smtp_ferror; - receive_smtp_buffered = smtp_buffered; tls_in.active.tls_ctx = NULL; tls_in.sni = NULL; /* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */