Found and fixed by Jasen Betts. No testcase for this as my usual text
editor insists on emitting only valid UTF-8.
+JH/32 Fix "tls_dhparam = none" under GnuTLS. At least with 3.7.9 this gave
+ a null-indireciton SIGSEGV for the receive process.
+
+
Exim version 4.96
-----------------
waste a bit of effort, but it doesn't seem worth messing around with locking to
prevent this.
-Returns: OK/DEFER/FAIL
+Returns: OK/DEFER (expansion issue)/FAIL (requested none)
*/
static int
else if (Ustrcmp(exp_tls_dhparam, "none") == 0)
{
DEBUG(D_tls) debug_printf("Requested no DH parameters\n");
- return OK;
+ return FAIL;
}
else if (exp_tls_dhparam[0] != '/')
{
*/
static int
-tls_set_remaining_x509(exim_gnutls_state_st *state, uschar ** errstr)
+tls_set_remaining_x509(exim_gnutls_state_st * state, uschar ** errstr)
{
-int rc;
-const host_item *host = state->host; /* macro should be reconsidered? */
+int rc = OK;
+const host_item * host = state->host; /* macro should be reconsidered? */
/* Create D-H parameters, or read them from the cache file. This function does
its own SMTP error messaging. This only happens for the server, TLS D-H ignores
if (!state->host)
{
if (!dh_server_params)
- if ((rc = init_server_dh(errstr)) != OK) return rc;
+ if ((rc = init_server_dh(errstr)) == DEFER) return rc;
/* Unnecessary & discouraged with 3.6.0 or later, according to docs. But without it,
no DHE- ciphers are advertised. */
- gnutls_certificate_set_dh_params(state->lib_state.x509_cred, dh_server_params);
+
+ if (rc == OK)
+ gnutls_certificate_set_dh_params(state->lib_state.x509_cred, dh_server_params);
}
/* Link the credentials to the session. */
1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbF-000000005vi-0000 => userb@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbG-000000005vi-0000"
1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbH-000000005vi-0000 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbI-000000005vi-0000"
+1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbF-000000005vi-0000@myhost.test.ex
1999-03-02 09:44:33 10HmbG-000000005vi-0000 => userb <userb@test.ex> R=server T=local_delivery
1999-03-02 09:44:33 10HmbG-000000005vi-0000 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1239, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbH-000000005vi-0000@myhost.test.ex
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 => userx <userx@test.ex> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 Completed
Test message
****
killdaemon
+#
+# Check we can survive an explicit request for no DH-params
+exim -DSERVER=server -DDATA=none -bd -oX PORT_D
+****
+exim -odf userx@test.ex
+Test message
+****
+killdaemon
no_message_check