git://git.exim.org / exim.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 32c45e8)
ALPN: not supported under LibreSSL
authorJeremy Harris <jgh146exb@wizmail.org>
Sun, 18 Jul 2021 18:23:52 +0000 (19:23 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Sun, 18 Jul 2021 18:23:52 +0000 (19:23 +0100)
src/src/tls-openssl.c patch | blob | history
test/scripts/1190-TLS-ALPN/1190 patch | blob | history
test/scripts/2090-GnuTLS-ALPN/2090 patch | blob | history
test/scripts/2190-OpenSSL-ALPN/2190 patch | blob | history

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 5bf6a6002bc490b1fad12b0420f0242a25b6227d..26b5cf5e57773dfd958c03f3676bc1e5947e4b8b 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -48,7 +48,6 @@ functions from the OpenSSL library. */
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 # define EXIM_HAVE_OCSP_RESP_COUNT
 # define OPENSSL_AUTO_SHA256
-# define EXIM_HAVE_ALPN
 #else
 # define EXIM_HAVE_EPHEM_RSA_KEX
 # define EXIM_HAVE_RAND_PSEUDO
@@ -81,6 +80,7 @@ change this guard and punt the issue for a while longer. */
 #  ifndef DISABLE_OCSP
 #   define EXIM_HAVE_OCSP
 #  endif
+#  define EXIM_HAVE_ALPN /* fail ret from hshake-cb is ignored by LibreSSL */
 # else
 #  define EXIM_NEED_OPENSSL_INIT
 # endif
@@ -2154,8 +2154,6 @@ static int
 tls_server_alpn_cb(SSL *ssl, const uschar ** out, uschar * outlen,
   const uschar * in, unsigned int inlen, void * arg)
 {
-const exim_openssl_state_st * state = arg;
-
 server_seen_alpn = TRUE;
 DEBUG(D_tls)
   {
@@ -2840,7 +2838,6 @@ chain_from_pem_file(const uschar * file, STACK_OF(X509) ** vp)
 {
 BIO * bp;
 STACK_OF(X509) * verify_stack = *vp;
-X509 * x;
 
 if (verify_stack)
   while (sk_X509_num(verify_stack) > 0)
@@ -3273,7 +3270,10 @@ else DEBUG(D_tls)
   const uschar * name;
   unsigned len;
   SSL_get0_alpn_selected(ssl, &name, &len);
-  debug_printf("ALPN negotiated: '%.*s'\n", (int)*name, name+1);
+  if (len && name)
+    debug_printf("ALPN negotiated: '%.*s'\n", (int)*name, name+1);
+  else
+    debug_printf(ALPN: no protocol negotiated\n);
   }
 #endif
 
diff --git a/test/scripts/1190-TLS-ALPN/1190 b/test/scripts/1190-TLS-ALPN/1190
index d74caca5281476b525f176bf4fac4ccd4762a785..3a85116fdb3445875931f81fef665ffbdb0dcee7 100644 (file)
--- a/test/scripts/1190-TLS-ALPN/1190
+++ b/test/scripts/1190-TLS-ALPN/1190
@@ -11,16 +11,12 @@ Test message.
 # Bad ALPN rejected
 exim -DCONTROL=http -odf b@test.ex
 ****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
 #
 # Multiple ALPN rejected
 exim -DCONTROL=smtp:smtp -odf c@test.ex
 ****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
 #
 # Empty client option is ok
 exim -DCONTROL="" -odf d@test.ex
diff --git a/test/scripts/2090-GnuTLS-ALPN/2090 b/test/scripts/2090-GnuTLS-ALPN/2090
index 227af8475d297438040fdf3115722d72dfee0646..621d8a967979481c630c4fe2dc64fe2f91c950aa 100644 (file)
--- a/test/scripts/2090-GnuTLS-ALPN/2090
+++ b/test/scripts/2090-GnuTLS-ALPN/2090
@@ -15,9 +15,7 @@ exim -DSERVER=server -DSTRICT="" -bd -oX PORT_D
 # Client requires ALPN (fail)
 exim -DCONTROL=http -DREQUIRE=y -odf client_require_fail@test.ex
 ****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
 killdaemon
 #
 #
diff --git a/test/scripts/2190-OpenSSL-ALPN/2190 b/test/scripts/2190-OpenSSL-ALPN/2190
index 7dadb305121986a8f6050cd3504fd92de31d7f3d..d615e1b23ff11b3e2323089284dc22bb7a3b93e0 100644 (file)
--- a/test/scripts/2190-OpenSSL-ALPN/2190
+++ b/test/scripts/2190-OpenSSL-ALPN/2190
@@ -14,9 +14,7 @@ exim -DSERVER=server -DSTRICT="" -bd -oX PORT_D
 # Client requires ALPN (fail)
 exim -DCONTROL=http -DREQUIRE=y -odf client_require_fail@test.ex
 ****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
 killdaemon
 #
 #
Master Exim source repository