Handle absent tls_require_ciphers correctly.
authorPhil Pennock <pdp@exim.org>
Thu, 17 May 2012 15:17:20 +0000 (11:17 -0400)
committerPhil Pennock <pdp@exim.org>
Thu, 17 May 2012 15:17:20 +0000 (11:17 -0400)
Fix test-suite certs to not use MD5.
Document that we do not support MD5 certs any longer.
Make test-suite generate probably-correct gnutls-params filename for us.

src/README.UPDATING
src/src/tls-gnu.c
test/aux-fixed/cert1
test/aux-fixed/cert2
test/aux-fixed/cert2.revoke [deleted file]
test/aux-fixed/crl.pem
test/runtest

index 81e767efea826ca550b1de7743b1cdc99eb5cfb7..a91794d6cd35bf65e500beddcfa26b1e21e70793 100644 (file)
@@ -26,9 +26,12 @@ The rest of this document contains information about changes in 4.xx releases
 that might affect a running system.
 
 
 that might affect a running system.
 
 
-Exim version 4.78
+Exim version 4.80
 -----------------
 
 -----------------
 
+ * BEWARE backwards-incompatible changes in SSL libraries, thus the version
+   bump.  See points below for details.
+
  * The value of $tls_peerdn is now print-escaped when written to the spool file
    in a -tls_peerdn line, and unescaped when read back in.  We received reports
    of values with embedded newlines, which caused spool file corruption.
  * The value of $tls_peerdn is now print-escaped when written to the spool file
    in a -tls_peerdn line, and unescaped when read back in.  We received reports
    of values with embedded newlines, which caused spool file corruption.
@@ -96,6 +99,11 @@ Exim version 4.78
    parsing entirely and the presence of the options will be a configuration
    error.
 
    parsing entirely and the presence of the options will be a configuration
    error.
 
+   Note that by default, GnuTLS will not accept RSA-MD5 signatures in chains.
+   A tls_require_ciphers value of NORMAL:%VERIFY_ALLOW_SIGN_RSA_MD5 may
+   re-enable support, but this is not supported by the Exim maintainers.
+   Our test suite no longer includes MD5-based certificates.
+
    This rewrite means that Exim will continue to build against GnuTLS in the
    future, brings Exim closer to other GnuTLS applications and lets us add
    support for SNI and other features more readily.  We regret that it wasn't
    This rewrite means that Exim will continue to build against GnuTLS in the
    future, brings Exim closer to other GnuTLS applications and lets us add
    support for SNI and other features more readily.  We regret that it wasn't
index a0a35b447c833acef6d24e37ffed0dabf99876e2..2f50787c22ce77a2faae135b3086b9122e1fa6a7 100644 (file)
@@ -698,6 +698,12 @@ if (state->tls_verify_certificates && *state->tls_verify_certificates)
     return OK;
     }
   }
     return OK;
     }
   }
+else
+  {
+  DEBUG(D_tls)
+    debug_printf("TLS: tls_verify_certificates not set or empty, ignoring\n");
+  return OK;
+  }
 
 if (Ustat(state->exp_tls_verify_certificates, &statbuf) < 0)
   {
 
 if (Ustat(state->exp_tls_verify_certificates, &statbuf) < 0)
   {
@@ -939,6 +945,9 @@ if (state->tls_require_ciphers && *state->tls_require_ciphers)
   }
 if (want_default_priorities)
   {
   }
 if (want_default_priorities)
   {
+  DEBUG(D_tls)
+    debug_printf("GnuTLS using default session cipher/priority \"%s\"\n",
+        exim_default_gnutls_priority);
   rc = gnutls_priority_init(&state->priority_cache,
       exim_default_gnutls_priority, &errpos);
   p = US exim_default_gnutls_priority;
   rc = gnutls_priority_init(&state->priority_cache,
       exim_default_gnutls_priority, &errpos);
   p = US exim_default_gnutls_priority;
index 25a96776b0e51e86b7c98d44172c55ef58d14ee6..1323e39c93e7a6d4d24028edd4a21fa1682d17f9 100644 (file)
@@ -1,35 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC4eIDtpcY7ff5P3yCnXXdLWNcewKgUBj6GuNqHAFrfbZq6tDlS
-Z3FXVvOwU4Rgn6ciGP5REYuR4TB26/PY+bJEVUMyAb8OmcE+l6aeG0kQlM3Wa0UU
-fo3GNt9U7+VU7puS3SwLjKYSI6ny17xyFcukBkiRTOo3H6z0yM742wPFeQIDAQAB
-AoGAHOHZJdw/tk7aw3ym6y1qISTuwYTejAwSPBuzM1Ht6G+Lu1G+a9WAXHFjxCa/
-YjV9AIyzPNQnaxa79NKqoj0uGNqixYPI4A3M6T5nmawXXivAbV2fNX1Pg0LQ4DMh
-EdaPwtkghavuPz2CFvIcvsG/XGNo1rUkGrCIpWldPF8bynUCQQDn/x3bdnHpSL7X
-RlFsTRqyiW3/ZFgJnyQvOCDpUcscPPZMD/M+hWqxIIpJAGSrZPIols2kMFUPXkUX
-+8PzNfrjAkEAy46SegCQWQahpiipZq52ffuhFDfhMYU1uANWwRyu1IAOyQ+M+saI
-3cI0ok1bkWsOtNKRr+QgK54zGJIyU8Dg8wJBALjKoxOucumpAiojXrPvbraLdUya
-tu1jD8V05fIzLp/dhynrAovoZaWVD9E6OPW0wJbIGCESRo6pPkvuRJSziJUCQQCE
-rz99dSaiUTdHVtPtUaV9Q2thAXexztIQS2TeZfL0IzEAEDnmMUl/u5qRfPlGFdG1
-PlimnX320J0f1BQoEd7PAkAqp9yNGAjKTqOicyYJ2m87EeudvUzryt0fO3yA5W76
-p0YX7ETgqQqDNOWHrJGHntEXMGhirx7lV5nzva5ypQmt
+MIIEpAIBAAKCAQEA0dyUFZ7037DgtRfGoR0bVqUvCetxdZa42E3sLyZLviWRcKbY
+XyYD1M44zClRq6vGwQGLI0Hea4jlJdIftyr3SmuaerJt2frPVAKcHHAHJ7rOjkUT
+Kp+XHGjsinQg9Up6nz2Qo6Xdg0oPm8YRaMgIa1Qc75cWqzTn3++B5qaW2RtffYf7
+8c1OA958BHWyWlcZJNuJHYLR3CdqJb7ojtfcuCq3cWRRxJhyd/j1T51D+Xw6nGbe
+QovD2+oQ/TBTUuo3Zc2YCRE+PWIQMZakdbD335HjvVj1PAu6oBKQRdccactigkR9
+tBlBIxH0q1Uh1fOd+dgLSoccCK2HlnM/GOzcfwIDAQABAoIBAB71b1MRNAabzUpp
+y3+RD6tkit/nv8EdDv+53xHFkH7og+AefOTscrw9/9r+bXHp0VQ/qgr1eJ5cf5Fo
+wgz/ZaOw5AUdtV7mxRcbm3QGgse1oysRvZYYHO6v+9Ug9Iu7BQPgzSmXGmp3zn2o
+ZoESoUtUCUC/BTUUhPBgIMWp5a75OkaOS3fO3kSaGHPiqX1IbD8T6b7+ViR2qIwU
+LjwFNTBRjorL25VXCsfChGih5TUgR9jIJcGzN6QykCHV7D29AfkRuVrKMRLEM3VD
+3E0ObQfVRoXFEZR3fccJqU6E1Mg9BXbl+I9rwv3GUJXS7fXnmHKRhjzD1Dbo5Afv
+jnSPL+ECgYEA9hepWibJe8N3fSCb7Eqqi/Q8ufCQqnDSCrnY6WJpRIA79DKU7OFm
+3dct5pqXPUlaYC6TDQ8G0LAQL1knsuFejvV8v0y0mZspRbOg94EDTuQWp4oCIqWr
+MEYbiRVHXIg5OjylVAQLM1y9IF+n3aXQAUfcStFtiiM49vRJs9StcdsCgYEA2k+B
+lXN3UjZvwkDeZcjfCH1n0Rxrt0kZ7UbqEPZSz/77m9XIjWv32lpTDLecRdcR8KSx
+OKH24WSQXd7DTWn+DitfSwGJjiduU2c0p4eePzfK7Yeo0bMNVixvjUZt+w9ijkWH
+4CUVgo9TfuxdaTyYlmONk9JVLMeOwR8MdagVWy0CgYEAlpVn9Vgile7HoPNhNbeC
+oFz1A7oma4TZoeKSzkx/qYDmLsj8w+4w6bIPzjnuLXxDJvOY27bELtJtNOvTFOw+
+1i91BAHFyPBe0t3Vs11oTs/W5PHX2KeTFtjvZHR21DIvAmm1qLFIwUcQG00tBL2/
+h+kW7Vk1M//VjZdxue57q10CgYEAufZT+gzbrYp1dNFxIN8VLdQ1ZSmCkCSTE03/
+AOfy7v7TMZHQPrej77pVWFXnpo5n18dSt10wQhs55txlHUKWiVdk2y26EP+BuUYG
+0lZx9IQANooCwm51g9xiQcOm19/pIiwUbFjqk8anZ0zM3WIi0KiI50yaBYUQE23x
+XSAK4RkCgYBsPJiK2BGPvFNBJo6368SVgB1H2Bu9GPUpORdirbFuy/VanSEaAGIK
+vWjIOvEKnJd9NX430drAdD7hcx52fxdCsn97LSBi73Weqov4zNDadsLvTWhxlh+D
+b1SITBDYjxdm9oqv4Uj10l3Ft4/X0MN2aJ4+W3/cFTGL9pNlv21Daw==
 -----END RSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
 -----END RSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
-MIIDNjCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJVSzES
-MBAGA1UEBxMJQ2FtYnJpZGdlMSAwHgYDVQQKExdVbml2ZXJzaXR5IG9mIENhbWJy
-aWRnZTEaMBgGA1UECxMRQ29tcHV0aW5nIFNlcnZpY2UxFTATBgNVBAMTDFBoaWxp
-cCBIYXplbDAeFw0wMjA0MTUwODA0MThaFw0yOTA4MzAwODA0MThaMHYxCzAJBgNV
-BAYTAlVLMRIwEAYDVQQHEwlDYW1icmlkZ2UxIDAeBgNVBAoTF1VuaXZlcnNpdHkg
-b2YgQ2FtYnJpZGdlMRowGAYDVQQLExFDb21wdXRpbmcgU2VydmljZTEVMBMGA1UE
-AxMMUGhpbGlwIEhhemVsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4eIDt
-pcY7ff5P3yCnXXdLWNcewKgUBj6GuNqHAFrfbZq6tDlSZ3FXVvOwU4Rgn6ciGP5R
-EYuR4TB26/PY+bJEVUMyAb8OmcE+l6aeG0kQlM3Wa0UUfo3GNt9U7+VU7puS3SwL
-jKYSI6ny17xyFcukBkiRTOo3H6z0yM742wPFeQIDAQABo4HTMIHQMB0GA1UdDgQW
-BBTEcwEd5VFb4YlzEKcvHKP/s4gpVDCBoAYDVR0jBIGYMIGVgBTEcwEd5VFb4Ylz
-EKcvHKP/s4gpVKF6pHgwdjELMAkGA1UEBhMCVUsxEjAQBgNVBAcTCUNhbWJyaWRn
-ZTEgMB4GA1UEChMXVW5pdmVyc2l0eSBvZiBDYW1icmlkZ2UxGjAYBgNVBAsTEUNv
-bXB1dGluZyBTZXJ2aWNlMRUwEwYDVQQDEwxQaGlsaXAgSGF6ZWyCAQAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBpuWb36BAO+aDbCWVSnt8C2rAz3Ii7
-05kmrTugCiDj4VLHk6DL126Q6AuBWs9HKM/ynOOTcYTz20WkgpXaYf6Cdq/Z538d
-tqD1gAAL2M04O6K41RLcIicVFeXWjjwp5tfQc+AMI7rD0FCHSbhY67+UHUFyoyFK
-x8LiaV5jYIFfbg==
+MIID8DCCAtigAwIBAgIJALYf3pBgPTGPMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAlVLMR0wGwYDVQQKExRUaGUgRXhpbSBNYWludGFpbmVyczETMBEGA1UECxMK
+VGVzdCBTdWl0ZTEVMBMGA1UEAxMMUGhpbCBQZW5ub2NrMB4XDTEyMDUxNzE0NDYw
+M1oXDTMxMDUxMzE0NDYwM1owWDELMAkGA1UEBhMCVUsxHTAbBgNVBAoTFFRoZSBF
+eGltIE1haW50YWluZXJzMRMwEQYDVQQLEwpUZXN0IFN1aXRlMRUwEwYDVQQDEwxQ
+aGlsIFBlbm5vY2swggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR3JQV
+nvTfsOC1F8ahHRtWpS8J63F1lrjYTewvJku+JZFwpthfJgPUzjjMKVGrq8bBAYsj
+Qd5riOUl0h+3KvdKa5p6sm3Z+s9UApwccAcnus6ORRMqn5ccaOyKdCD1SnqfPZCj
+pd2DSg+bxhFoyAhrVBzvlxarNOff74HmppbZG199h/vxzU4D3nwEdbJaVxkk24kd
+gtHcJ2olvuiO19y4KrdxZFHEmHJ3+PVPnUP5fDqcZt5Ci8Pb6hD9MFNS6jdlzZgJ
+ET49YhAxlqR1sPffkeO9WPU8C7qgEpBF1xxpy2KCRH20GUEjEfSrVSHV85352AtK
+hxwIrYeWcz8Y7Nx/AgMBAAGjgbwwgbkwHQYDVR0OBBYEFDZtAgvs96t7shvAZbPt
+YIzxz06fMIGJBgNVHSMEgYEwf4AUNm0CC+z3q3uyG8Bls+1gjPHPTp+hXKRaMFgx
+CzAJBgNVBAYTAlVLMR0wGwYDVQQKExRUaGUgRXhpbSBNYWludGFpbmVyczETMBEG
+A1UECxMKVGVzdCBTdWl0ZTEVMBMGA1UEAxMMUGhpbCBQZW5ub2NrggkAth/ekGA9
+MY8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEANtHbMYqw3Ln07gif
+F11TyWuUzfZ1HAdj5x+ec/ZhOrMbXJwNnQnZzdESoiqk0C1fqNsog1ur9pzYxBJo
+92OpxkTxvBr2Wi2igfUPbMXWttKu5OFTU00Y8Lp6JEJjtw1zAQB1ka+/5xGYAPfC
+lL/a4RQygNb2e+Q+fOwWz8YZZ2hsidtc7UbH96Eu4489PipD8GXH0T2SY4VEtwUT
+g6uUJjZpznusPhc/uoq5vZVP9AU1EiU+KE55bRuP0QGKIGK3K5WfodKYvF76lhsG
+gLuqb/jVqZsQKcDSj0BGnlimvgEnydeXSYYIUJichEK7dTSjsAn40hUO2dFRMYTx
+W45BdA==
 -----END CERTIFICATE-----
 -----END CERTIFICATE-----
index e41499e13c62b2ecf4b94eea22f324ec5256e0b2..760154a327896a60500268bbb2fe2dd8206e10e2 100644 (file)
@@ -1,35 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDUN6wesp5nny2A5IAy9PqN9pajhpMLWhggY7Sx7uG5v7bPpupH
-zQ9/Hq0K6vQevCp62Mi2lN5xM4kRwMyd8q8gH5hgt23dJFSkBKmmK067TZ53/yOZ
-y270sisQNELlqRfws9CvX/AFXMVs6SjVsLIuAD3sn6x+yeMW/ipr450nXQIDAQAB
-AoGAYZZsTv2CfFIlgaUSEty2rzuaz/3ddpXqjFJtUHlyUZGIhnrSN0xj+OfpWSDs
-O4n52t3/hn50wAeb248WSPfFcaClKMGdCBAMQnbwSoQR4oNiSZQqGw8vyF2PQ2CQ
-FOqQzwnBffimRGInpanoysRazxs6JzsmcLC4a94uIFt7/uECQQDzScFkxUATse5P
-ekilv5Zge2cNa7LO5hACLp9eP46Lxd/0S8eMNlGlftYpqmXhxu6zMUuRyKQAu0Y/
-C14EHIl5AkEA305QKgfzVbo6EWmOvGwIBo3pLWuyI7IntNtLrIE728mankRbnW0f
-mfx+FWmNKgbIXC803X2vAxQwIpnWldw4BQJAcejdqO4GI3KS7xmFPD3pDcGZrZn4
-fZEQe8USj1FYz67VPg/hHZAtSDyLz7RdwYmgJ7xz8o0r5L/KkygiW/B0mQJBAJgH
-LxiOdSImOSZloSGywvwDXX7o1UzsG5BLxIdbLK+D39pkW6MgCeXCOuzFAbBdEceA
-9BLfYGlOMz87URaR6SkCQQCyAwDmaBjF8OiUDQVl4JqJaGNhagocA3h7NIGeccSt
-NtO+qfBHfW7qCBQ7LTgAB6v9CGasRbkrZvglCxRVg6Mj
+MIIEpAIBAAKCAQEA/C6n/2tr0fWFp8vGrP7BfgFTBwnr7cg/XYXso4+WZUOB1aaW
+XmU3sawrwYj5caTZQkapLDkI8pS3SQjIZGqbs+95nKezwnsqjwa8mmhWOaRwqt32
+6mbVvalP88NUvBn4e48w1WcOcRb+IT1LjzMY7RMtQ4F+1LQwybSzMoqUQuQ/z+6d
+cH8k/NtNc4x1cUSTCCBGCwGPqyOqHlnr+ur7v2dMmG6E4NKnrU9+sr7uv0LQ8K+v
+EGN6HSGwFG4HjmFKjdIFm8xi6rXs14rUnj8F/fArpZUAzOEb6IoUz5C98s3wm9W6
+xqRhn4XG/Sikt3EGGk6x6SA3n+wZ0qtCge2KdwIDAQABAoIBABiajLV0y44ugB3A
+2d9i84nRo0Iai7QlR1leiZnjlm7GyVII8L7A7VAeVh6JuJyH0tKOhk7UObVBISi0
+/KgfZpWFlb3c9sLQtXRC2f/OkisJihyBj2eLJOteK3jC4+9+MSoM7FzFszkBX0Xq
+7wZHm/T1XAMsDS2/bssfICScNJ7Z6HNhzttwme+izmraejRhlK46a2Z6SAxFiuc+
+S7r7dflkt1/ZrT6jzReHnrZYjET6QTz/+vh11Z4oBERlvUVYJLpI+nr3DPPZJa4m
+nCDFoMvyV8kW3aTjF3mIJ23NZ6keoIIiZB/DAqMSoZ5YvBi191Sr7zW4bJp2U5xz
+qeJ6eIECgYEA/6CAJap6InU1ZN+0/8ACOIiRL/ByD6ZwGol0a04yBiiGMEfljH2H
+bBILE4QXdntkJwhdmXD/WKsDEewdp8cPjuMkojIrKyqLMgQR1jLRFL6TmIkyapJU
+jCi4cBtN7YjZ2aZWuCGC+eUpXuGoxA4WonJPewQ1f1gX/NmDlvZFl1cCgYEA/Ize
+Zzpj7H/uX9KqLMorz1XgN56JeTCZVEtrbeLOOJP4D7hZrqBE6urp2BXwyz3sWQ+/
+tVrQjJYrAzIVNkGeCq8DW7pIvPWnL3GHeeuPMNgZZwMiqFXnwKZzMkdTVMHIyLH0
+81g2h28zI+ykNsOx/V/1czRdsdbOL0d/Vr2HUeECgYAXdiSs0FO7W+SVqI6VNos9
+oxMoQjpFw3HgjaMYwimHNSrzvXWNCmxmd9V6ahI5NqP/jR4CGkPlYHS8rV4fav67
+j49qL46UvKff5E26yhk0fTVQt67f5yRJZOdgqrDhT0EnX8PvzGuYAfdlFPMHY3+i
+UzmGQeGjGXPCKjiQn3PNqwKBgQCV+Plhh7UrDlV6JdnUu0IE39REcyrkAs4q1pa3
+LIaV5pjajPkE0Dvc3R98qJrTtrQRt156zbEmq05jmWwrShAV/BQcdqUXQTHE5MA0
+0IO517pOB/ieylTTfITQCLcdj+4x8CusDmhjSM+vt6lUtCWQd1mEzkYNg6fxP54I
+3ofrQQKBgQDpu0ewR3+YVBBqDKx399tFZkfuV4kk5JRAYibByyS7yKmCE6y9zfXZ
+CewG9iQeovN0YrDj9dOC14cyivq7WUB4tCkYuShraoRfU5KhV/SUx0j8gY3apScn
+aLrvRSeV6G240i4SMU7UJawLtdaTQ/w9lZlbbo4DJowpuBdedbUcIQ==
 -----END RSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
 -----END RSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
-MIIDNjCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJVSzES
-MBAGA1UEBxMJQ2FtYnJpZGdlMSAwHgYDVQQKExdVbml2ZXJzaXR5IG9mIENhbWJy
-aWRnZTEaMBgGA1UECxMRQ29tcHV0aW5nIFNlcnZpY2UxFTATBgNVBAMTDFBoaWxp
-cCBIYXplbDAeFw0wMjA0MTUwODA0NTBaFw0yOTA4MzAwODA0NTBaMHYxCzAJBgNV
-BAYTAlVLMRIwEAYDVQQHEwlDYW1icmlkZ2UxIDAeBgNVBAoTF1VuaXZlcnNpdHkg
-b2YgQ2FtYnJpZGdlMRowGAYDVQQLExFDb21wdXRpbmcgU2VydmljZTEVMBMGA1UE
-AxMMUGhpbGlwIEhhemVsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUN6we
-sp5nny2A5IAy9PqN9pajhpMLWhggY7Sx7uG5v7bPpupHzQ9/Hq0K6vQevCp62Mi2
-lN5xM4kRwMyd8q8gH5hgt23dJFSkBKmmK067TZ53/yOZy270sisQNELlqRfws9Cv
-X/AFXMVs6SjVsLIuAD3sn6x+yeMW/ipr450nXQIDAQABo4HTMIHQMB0GA1UdDgQW
-BBRgFqRZUo+RgbAGSGs4mLA+eW0WDjCBoAYDVR0jBIGYMIGVgBRgFqRZUo+RgbAG
-SGs4mLA+eW0WDqF6pHgwdjELMAkGA1UEBhMCVUsxEjAQBgNVBAcTCUNhbWJyaWRn
-ZTEgMB4GA1UEChMXVW5pdmVyc2l0eSBvZiBDYW1icmlkZ2UxGjAYBgNVBAsTEUNv
-bXB1dGluZyBTZXJ2aWNlMRUwEwYDVQQDEwxQaGlsaXAgSGF6ZWyCAQAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQDDU60ui0hP3WIvFWqV/eDVpEN1wRoo
-NcNDfOLhAavQQOKrhrIwcFHIh2mm727z4+uzKBghssrQ+9mVx/VbUKH1QCCJkdSp
-Gy5mp5Uym/piVcGEuNqZ8SkOg4+f+1LCqcVl+tgNaT7+NoPFWcu2Vn5MYZHkd4Mw
-oCabzXDoxmo0lQ==
+MIID8DCCAtigAwIBAgIJAIG5na6gDPTNMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAlVLMR0wGwYDVQQKExRUaGUgRXhpbSBNYWludGFpbmVyczETMBEGA1UECxMK
+VGVzdCBTdWl0ZTEVMBMGA1UEAxMMUGhpbCBQZW5ub2NrMB4XDTEyMDUxNzE0NDU1
+MloXDTMxMDUxMzE0NDU1MlowWDELMAkGA1UEBhMCVUsxHTAbBgNVBAoTFFRoZSBF
+eGltIE1haW50YWluZXJzMRMwEQYDVQQLEwpUZXN0IFN1aXRlMRUwEwYDVQQDEwxQ
+aGlsIFBlbm5vY2swggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD8Lqf/
+a2vR9YWny8as/sF+AVMHCevtyD9dheyjj5ZlQ4HVppZeZTexrCvBiPlxpNlCRqks
+OQjylLdJCMhkapuz73mcp7PCeyqPBryaaFY5pHCq3fbqZtW9qU/zw1S8Gfh7jzDV
+Zw5xFv4hPUuPMxjtEy1DgX7UtDDJtLMyipRC5D/P7p1wfyT8201zjHVxRJMIIEYL
+AY+rI6oeWev66vu/Z0yYboTg0qetT36yvu6/QtDwr68QY3odIbAUbgeOYUqN0gWb
+zGLqtezXitSePwX98CullQDM4RvoihTPkL3yzfCb1brGpGGfhcb9KKS3cQYaTrHp
+IDef7BnSq0KB7Yp3AgMBAAGjgbwwgbkwHQYDVR0OBBYEFOR3occfwjSts823Q720
+gyuMA4ATMIGJBgNVHSMEgYEwf4AU5Hehxx/CNK2zzbdDvbSDK4wDgBOhXKRaMFgx
+CzAJBgNVBAYTAlVLMR0wGwYDVQQKExRUaGUgRXhpbSBNYWludGFpbmVyczETMBEG
+A1UECxMKVGVzdCBTdWl0ZTEVMBMGA1UEAxMMUGhpbCBQZW5ub2NrggkAgbmdrqAM
+9M0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA+lGUhwhthgcAQyp+
+XblU+2I5MsKuAr8vL3kOSs4hYRQ7LZIhOLDvM/a5uvDJCiHEOdCJgiT1JJokqHu6
+IQDyBE1T1dILMCtfQqV+Kjxg8DHWnUJRuVj0NJU2NhbzoqjrjQ7dnJLocl3OqhNw
+Kgy2VObQ0lxdPt199fc6BdNfTmgz5R+nQHqoi9haLN6cbKVJ1vwARVBiD4WR8xGu
+Dxlr1oW3+lrv5RPIrU8Zw8ks+R0pKy+RCJcRdErfmJxnKVtIjOCRIwfJirq/g1sn
+hWLBno9FlbreMmp06S+AtRJjY35OSk+ak8lPPXlOtDdMW6gJmaj/+EqIKcInbDSU
+8gPp4Q==
 -----END CERTIFICATE-----
 -----END CERTIFICATE-----
diff --git a/test/aux-fixed/cert2.revoke b/test/aux-fixed/cert2.revoke
deleted file mode 100644 (file)
index 9371735..0000000
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNjCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJVSzES
-MBAGA1UEBxMJQ2FtYnJpZGdlMSAwHgYDVQQKExdVbml2ZXJzaXR5IG9mIENhbWJy
-aWRnZTEaMBgGA1UECxMRQ29tcHV0aW5nIFNlcnZpY2UxFTATBgNVBAMTDFBoaWxp
-cCBIYXplbDAeFw0wMjA0MTUwODA0NTBaFw0yOTA4MzAwODA0NTBaMHYxCzAJBgNV
-BAYTAlVLMRIwEAYDVQQHEwlDYW1icmlkZ2UxIDAeBgNVBAoTF1VuaXZlcnNpdHkg
-b2YgQ2FtYnJpZGdlMRowGAYDVQQLExFDb21wdXRpbmcgU2VydmljZTEVMBMGA1UE
-AxMMUGhpbGlwIEhhemVsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUN6we
-sp5nny2A5IAy9PqN9pajhpMLWhggY7Sx7uG5v7bPpupHzQ9/Hq0K6vQevCp62Mi2
-lN5xM4kRwMyd8q8gH5hgt23dJFSkBKmmK067TZ53/yOZy270sisQNELlqRfws9Cv
-X/AFXMVs6SjVsLIuAD3sn6x+yeMW/ipr450nXQIDAQABo4HTMIHQMB0GA1UdDgQW
-BBRgFqRZUo+RgbAGSGs4mLA+eW0WDjCBoAYDVR0jBIGYMIGVgBRgFqRZUo+RgbAG
-SGs4mLA+eW0WDqF6pHgwdjELMAkGA1UEBhMCVUsxEjAQBgNVBAcTCUNhbWJyaWRn
-ZTEgMB4GA1UEChMXVW5pdmVyc2l0eSBvZiBDYW1icmlkZ2UxGjAYBgNVBAsTEUNv
-bXB1dGluZyBTZXJ2aWNlMRUwEwYDVQQDEwxQaGlsaXAgSGF6ZWyCAQAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQDDU60ui0hP3WIvFWqV/eDVpEN1wRoo
-NcNDfOLhAavQQOKrhrIwcFHIh2mm727z4+uzKBghssrQ+9mVx/VbUKH1QCCJkdSp
-Gy5mp5Uym/piVcGEuNqZ8SkOg4+f+1LCqcVl+tgNaT7+NoPFWcu2Vn5MYZHkd4Mw
-oCabzXDoxmo0lQ==
------END CERTIFICATE-----
index c4ae333795cd052a7fea57913574dfe933156c28..1cb30e8a2823d7d692457794557b2705efda858e 100644 (file)
@@ -1,10 +1,12 @@
 -----BEGIN X509 CRL-----
 -----BEGIN X509 CRL-----
-MIIBUTCBuzANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJVSzESMBAGA1UEBxMJ
-Q2FtYnJpZGdlMSAwHgYDVQQKExdVbml2ZXJzaXR5IG9mIENhbWJyaWRnZTEaMBgG
-A1UECxMRQ29tcHV0aW5nIFNlcnZpY2UxFTATBgNVBAMTDFBoaWxpcCBIYXplbBcN
-MDQwMjI3MTIxNDEyWhcNMzEwNzE0MTIxNDEyWjAUMBICAQAXDTA0MDIyNzEyMDU0
-M1owDQYJKoZIhvcNAQEEBQADgYEAzoMDrsieUPRMPNzc0jzMmL0DKgxeUcyKPGNS
-cvJbh5z3obcCDq1HUAGb9k+J5jtWEMIqt27PN/qvmaeXJEsgoKvXnWAPIAF49UaT
-JfuRUztWJYMGPOzaYxivcHVp4oqMxyZhy89PdPaJJAtd/ovMHoaURUjoxfL/H5tZ
-TbLmzSE=
+MIIBzzCBuAIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVSzEdMBsGA1UE
+ChMUVGhlIEV4aW0gTWFpbnRhaW5lcnMxEzARBgNVBAsTClRlc3QgU3VpdGUxFTAT
+BgNVBAMTDFBoaWwgUGVubm9jaxcNMTIwNTE3MTUwMjI0WhcNMjYwNTE0MTUwMjI0
+WjAcMBoCCQCBuZ2uoAz0zRcNMTIwNTE3MTUwMDQ0WqAOMAwwCgYDVR0UBAMCAQIw
+DQYJKoZIhvcNAQEFBQADggEBADuR38p1aAdpHXEN+JZQ7ZnBRAOIZ+ZHb8I4SY9T
+EjnaVhhaI5NpVzan+ETbgAsRxs9gVgvyeVzRbTtY5hWw5Y0DuC53eD8eP5r/uUln
+rxGpy2FQpKTXCAQPOnnXC9jieVu2jkZr++wH3r9MkfCfVJkq72+Bp5DUkzGdbVUa
+7FgbVCGFAb8UmbcZPeeOHrY66gxn7k8Fm9fyBPR8+cVlH6proOnPunYG5mPUmK+J
+3B59/a6Lb6aZwmr+JntjPGPABopb72FDHptXJsTby1ghGd+V7AjvXIEsrbI3JEUI
+4TvT1nxE/4r1f8SATp7eM7pyXhfB6tv1E5UVDMepMWDRsbA=
 -----END X509 CRL-----
 -----END X509 CRL-----
index 51658b878b70a4c6349249c57ec2d66b7a0520f7..53516d00a0894ec6f28e442a3f4fe1b94786e577 100755 (executable)
@@ -25,6 +25,13 @@ use Time::Local;
 
 $testversion = "4.78 (08-May-12)";
 
 
 $testversion = "4.78 (08-May-12)";
 
+# This gets embedded in the D-H params filename, and the value comes
+# from asking GnuTLS for "normal", but there appears to be no way to
+# use certtool/... to ask what that value currently is.  *sigh*
+# This value is correct as of GnuTLS 2.12.18.
+#
+$gnutls_dh_bits_normal = 2432;
+
 $cf = "bin/cf -exact";
 $cr = "\r";
 $debug = 0;
 $cf = "bin/cf -exact";
 $cr = "\r";
 $debug = 0;
@@ -1578,9 +1585,10 @@ if (/^eximstats\s+(.*)/)
 
 if (/^gnutls/)
   {
 
 if (/^gnutls/)
   {
-  run_system "sudo cp -p aux-fixed/gnutls-params spool/gnutls-params;" .
-         "sudo chown $parm_eximuser:$parm_eximgroup spool/gnutls-params;" .
-         "sudo chmod 0400 spool/gnutls-params";
+  my $gen_fn = "spool/gnutls-params-$gnutls_dh_bits_normal";
+  run_system "sudo cp -p aux-fixed/gnutls-params $gen_fn;" .
+         "sudo chown $parm_eximuser:$parm_eximgroup $gen_fn;" .
+         "sudo chmod 0400 $gen_fn";
   return 1;
   }
 
   return 1;
   }