-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.619 2010/06/05 10:16:36 pdp Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.620 2010/06/05 10:34:29 pdp Exp $
Change log file for Exim from version 4.21
-------------------------------------------
PP/06 Adjust NTLM authentication to handle SASL Initial Response.
+PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
+ without a peer certificate (I believe), leading to a segfault because of
+ an assumption that peers always have certificates. Be a little more
+ paranoid. Problem reported by Martin Tscholak.
+
Exim version 4.72
-----------------
-JJ/01 installed exipick 20100104.1, adding $max_received_linelength, $data_path, and $header_path variables; fixed documentation bugs and typos
+JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
+ $data_path, and $header_path variables; fixed documentation bugs and
+ typos
-JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow exipick to access non-standard spools, including the "frozen" queue (Finput)
+JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
+ exipick to access non-standard spools, including the "frozen" queue
+ (Finput)
NM/01 Bugzilla 965: Support mysql stored procedures.
Patch from Alain Williams
-/* $Cambridge: exim/src/src/tls-openssl.c,v 1.25 2010/06/05 09:36:11 pdp Exp $ */
+/* $Cambridge: exim/src/src/tls-openssl.c,v 1.26 2010/06/05 10:34:29 pdp Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");
+/* Beware anonymous ciphers which lead to server_cert being NULL */
server_cert = SSL_get_peer_certificate (ssl);
-tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
- CS txt, sizeof(txt));
-tls_peerdn = txt;
+if (server_cert)
+ {
+ tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
+ CS txt, sizeof(txt));
+ tls_peerdn = txt;
+ }
+else
+ tls_peerdn = NULL;
construct_cipher_name(ssl); /* Sets tls_cipher */