Phil Pennock [Mon, 21 May 2012 02:58:18 +0000 (22:58 -0400)]
only drop privs for TLS if still root
Phil Pennock [Mon, 21 May 2012 02:15:48 +0000 (22:15 -0400)]
Update docs for latest state of TLS affairs.
gnutls-params bits count no longer necessarily what GnuTLS says to use.
The OpenSSL-vs-GnuTLS text needed some updating.
Catches a ChangeLog addition made during the previous commit, so not picked up by it.
Phil Pennock [Mon, 21 May 2012 01:49:40 +0000 (21:49 -0400)]
Added tls_dh_max_bits & check tls_require_ciphers early.
Janne Snabb tracked down the GnuTLS 2.12 vs NSS (Thunderbird) interop
problems to a hard-coded limit of 2236 bits for DH in NSS while GnuTLS
was suggesting 2432 bits as normal.
Added new global option tls_dh_max_bits to clamp all DH values (client
or server); unexpanded integer. Default value to 2236. Apply to both
GnuTLS and OpenSSL (which requires tls_dh_params for this).
Tired of debugging "SMTP fails TLS" error messages in mailing-lists
caused by OpenSSL library/include clashes, and of finding out I typo'd
in tls_require_ciphers only at the STARTTLS handshake. During readconf,
fork/drop-privs/initialise-TLS-library. In that, if tls_require_ciphers
is set, then validate it.
The validation child will panic if it can't initialise or if
tls_require_ciphers can't be parsed, else it exits 0. If the child
exits anything other than 0, the main Exim process will exit.
Phil Pennock [Sun, 20 May 2012 23:35:34 +0000 (19:35 -0400)]
Guard TLS SNI callback define better.
Guarded the callback invocation on OpenSSL having TLS extension support.
Failed to guard the callback definition. Fixed.
Problem spotted by Todd Lyons.
Phil Pennock [Sun, 20 May 2012 22:22:06 +0000 (18:22 -0400)]
tls_require_ciphers must be assigned to state copy
Todd Lyons [Sun, 20 May 2012 15:11:23 +0000 (08:11 -0700)]
Merge branch 'master_testsuite_faq'
Todd Lyons [Sun, 20 May 2012 15:08:59 +0000 (08:08 -0700)]
FAQ of running test suite
Jeremy Harris [Sun, 20 May 2012 14:32:34 +0000 (15:32 +0100)]
Testsuite: more guidance in README
Phil Pennock [Sun, 20 May 2012 09:34:57 +0000 (05:34 -0400)]
Typo: PRE_PRERELEASE -> PCRE_PRERELEASE
Noted by Moritz Wilhelmy.
Phil Pennock [Sun, 20 May 2012 09:33:22 +0000 (05:33 -0400)]
GnuTLS debug callback: check for existing \n
Phil Pennock [Sun, 20 May 2012 07:48:53 +0000 (03:48 -0400)]
"make makfile" -> "make makefile".
Confirmed typo, rather than QNXism, by grepping tree and finding no
other instances.
Reported by René Berber.
Phil Pennock [Sun, 20 May 2012 02:22:06 +0000 (22:22 -0400)]
Cipher munging continues.
I omitted log/2025 pending further investigation.
Phil Pennock [Sun, 20 May 2012 01:29:45 +0000 (21:29 -0400)]
HAVE_IPV6=yes in comment; need value!
Jeremy Harris [Sun, 20 May 2012 00:04:24 +0000 (01:04 +0100)]
Testsuite: munge recorded TLS version &c in output to permit awkward test-host installations.
Phil Pennock [Sat, 19 May 2012 23:55:15 +0000 (19:55 -0400)]
PRINTF_FUNCTION -> ALMOST_PRINTF.
WANT_DEEPER_PRINTF_CHECKS guards ALMOST_PRINTF being PRINTF_FUNCTION.
Fix some actual issues exposed when I cut down on the spam.
Phil Pennock [Sat, 19 May 2012 23:13:51 +0000 (19:13 -0400)]
Portability to HP-UX.
Report and fix from Michael Haardt.
The resolver library change's assumed typedef was absent, but the
underlying struct __res_state is present. Long type issues for the
arithmetic changes.
Phil Pennock [Sat, 19 May 2012 21:59:09 +0000 (17:59 -0400)]
PCRE_PRERELEASE fix, again
Phil Pennock [Fri, 18 May 2012 23:17:38 +0000 (19:17 -0400)]
Torture the English language slightly less
Phil Pennock [Fri, 18 May 2012 22:22:30 +0000 (18:22 -0400)]
Fix three issues highlighted by clang analyser.
Only crash-plausible issue would require the Cambridge-specific
iplookup router and a misconfiguration.
Report from Marcin Mirosław
Phil Pennock [Fri, 18 May 2012 22:07:55 +0000 (18:07 -0400)]
Test suite fixes, mostly for new certs.
New cert1 and cert2 but I'd only updated the GnuTLS tests.
This fixes OpenSSL ones too.
The SHELL vs /bin/sh one also fixed, finally realised that
the test output just hadn't been updated to match the munging.
Phil Pennock [Fri, 18 May 2012 20:22:04 +0000 (16:22 -0400)]
Document DCC in experimental-spec.txt
Base text from Wolfgang Breyha.
I went over it as someone new to it, to make some obvious-to-experts-but-not-me fixes.
Phil Pennock [Fri, 18 May 2012 19:52:08 +0000 (15:52 -0400)]
Second SPF fix, moved to where type is correct.
De-initialised "type" var in stack declaration, so a repeat of this mistake
would lead to an uninitialized variable usage warning which would have blocked
the previous incorrect fix from being committed.
Phil Pennock [Fri, 18 May 2012 19:46:06 +0000 (15:46 -0400)]
Fix dcc_header content corruption.
(stack memory referenced, read-only, out of scope).
Patch from Wolfgang Breyha, report from Stuart Northfield.
Phil Pennock [Fri, 18 May 2012 19:35:32 +0000 (15:35 -0400)]
SPF multiple strings join on "".
Patch from Janne Snabb.
Phil Pennock [Fri, 18 May 2012 03:04:36 +0000 (23:04 -0400)]
GnuTLS pretty much passes test suite.
Fixed assumption that tls_certificate non-NULL in server when TLS
advertised.
Weakened an !S_ISREG() to an S_ISDIR() to keep the test-suite happy.
Using:
do { rc = gnutls_handshake(state->session);
} while ((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED));
is contra-indicated when you expect SIGALRM to be able to break you out
of the loop. A little _too_ robust there. Switching last part to:
(rc == GNUTLS_E_INTERRUPTED && !sigalrm_seen)
is rather more productive.
Only test not passing is 2025, which makes major assumptions about
cipher suites and needs to be revisited to see what it's trying to
achieve. We fail the test because we successfully deliver the message
without expected errors, because other ciphersuites are available, since
we're no longer limited to a *very* short list embedded in the Exim
code. That sort of failure I can live with.
Phil Pennock [Fri, 18 May 2012 02:12:59 +0000 (22:12 -0400)]
Make test-suite client cmd -t<timeout> actually work
Phil Pennock [Fri, 18 May 2012 00:07:04 +0000 (20:07 -0400)]
CRL addition returns count of CRLs added
A couple more cert1/2 strings updated, plus some disambiguating rhubarb.
Phil Pennock [Thu, 17 May 2012 23:37:49 +0000 (19:37 -0400)]
Insert new JH/02 entry for the ACL clean-up
root [Thu, 17 May 2012 23:08:30 +0000 (00:08 +0100)]
Documentation update for bug 1172.
Jeremy Harris [Mon, 23 Apr 2012 20:03:46 +0000 (21:03 +0100)]
Support expansion variable for hi-res timestamp (bug 1172).
Phil Pennock [Thu, 17 May 2012 21:24:36 +0000 (17:24 -0400)]
fix tls_cipher memory lifetime.
Some tests had not been updated for the new cert because they were missing an X= log-line.
Updated those tests now.
Phil Pennock [Thu, 17 May 2012 20:18:34 +0000 (16:18 -0400)]
More GnuTLS cleanups/fixes.
Decided "unknown (reason)" in tls_peerdn was wrong, stripped that, added
replacement guard.
Moved cipherbuf construction to where it makes more sense, where peerdn
is extracted, so that setting the exim vars gets back closer to just
some pointer switching.
Fix missing failure check after handshake in client.
Fix tls.c tls_ungetc() and friends by pointing watermark vars at state
content.
Regenerated test-suite D-H params so we don't have too small values,
which was causing connection rejections.
Test-suite output where new test cert info is logged (there will be a
couple more, when I fix a lingering problem with tls_peerdn being unset
in client log-lines).
Give test-suite client command some --help.
Phil Pennock [Thu, 17 May 2012 18:05:06 +0000 (14:05 -0400)]
GnuTLS control constants exposed to Makefile.
Mostly care about EXIM_GNUTLS_LIBRARY_LOG_LEVEL for debugging.
If someone screams that we kept the default dh-bits at 1024 for old GnuTLS,
we can point them at EXIM_SERVER_DH_BITS_PRE2_12. The name itself will
tell them to shut up and update their library if they care about security. :)
Phil Pennock [Thu, 17 May 2012 16:19:52 +0000 (12:19 -0400)]
Copyright year updates.
Updated all files modified in 2012 which contained a copyright year
already, unless the range was specified as open-ended.
vi $(git whatchanged --since=2012-01-01 | grep '^:100' | sed 's/^[^M]*M//' | sort -u | fgrep -v test/)
Phil Pennock [Thu, 17 May 2012 15:37:13 +0000 (11:37 -0400)]
gnutls_require_protocols comment on 4.77 notes.
Phil Pennock [Thu, 17 May 2012 15:21:54 +0000 (11:21 -0400)]
4.78 -> 4.80
Phil Pennock [Thu, 17 May 2012 15:17:20 +0000 (11:17 -0400)]
Handle absent tls_require_ciphers correctly.
Fix test-suite certs to not use MD5.
Document that we do not support MD5 certs any longer.
Make test-suite generate probably-correct gnutls-params filename for us.
Phil Pennock [Thu, 17 May 2012 12:16:11 +0000 (08:16 -0400)]
Handle TLSv1.2 in test suite.
Normalise TLSv1.2 to TLSv1.
Normalise AES256-GCM-SHA384 to AES256-SHA.
Make some test configs accept AES256-GCM-SHA384 in "encrypted =" ACLs.
Have test suite print final test id during abort, make it easier to track down.
Phil Pennock [Thu, 17 May 2012 06:53:44 +0000 (02:53 -0400)]
Get TLS SNI server-switching working with GnuTLS.
Registering a cert/key in an x509 credentials *adds* them, and there's
no way to remove them, so we need a shiny new x509_cred each time the
key/cert change.
Since we avoid re-expanding unless tls_sni appears in tls_certificate,
we've mostly avoided the expense unless SNI is in use, and the extra
loading should be minimal, as everything should be in buffer/cache from
a few microseconds beforehand.
This code tested with GnuTLS and OpenSSL clients, without TLS
extensions, with servername, and verifying we do now get the correct
cert.
Phil Pennock [Thu, 17 May 2012 06:15:27 +0000 (02:15 -0400)]
fix TLS SNI segfault case
Failed to notice my test config on the GnuTLS box did nothing with SNI.
Fixed segfault. Better diagnostics.
Still not actually changing key/cert, need to investigate further
Phil Pennock [Thu, 17 May 2012 05:32:13 +0000 (01:32 -0400)]
Guards for older releases of GnuTLS.
gnutls_sec_param_to_pk_bits() and gnutls_rnd() are both new as of
GnuTLS 2.12.x. Guard their usage on 2.12.0+ at compile time.
In older versions, the vaguely_random_number() function just immediately
calls the fallback, so it's the same as before this change (just one
extra indirection in the code-path).
Define a constant of 1024 for dh-bits for use in those old releases
where GnuTLS won't tell us how many we should use.
Change the on-disk filename for generated D-H params again, replacing
the -normal with -<bitcount>, so that it's 1024 or whatever, and as
the value changes, Exim will automatically start using the new value.
Phil Pennock [Thu, 17 May 2012 04:39:38 +0000 (00:39 -0400)]
dnsdb SPF support, from Janne Snabb
Phil Pennock [Wed, 16 May 2012 16:35:40 +0000 (12:35 -0400)]
Merge branch 'experimental_ocsp'
Phil Pennock [Wed, 16 May 2012 16:15:26 +0000 (12:15 -0400)]
Overhaul of GnuTLS code.
GnuTLS code re-done, using cut&paste for preservation where appropriate.
Stop using deprecated APIs. Stop hard-coding lists of ciphers.
Use gnutls_priority_init() instead.
Turns tls_require_ciphers into a string in the GnuTLS case, not just
OpenSSL case.
Deprecate three gnutls_require_* options; now ignored but not errors.
(No warnings yet).
Added TLS SNI support.
Made the channel binding integration theoretically actually work. I had
it guarded by an #ifdef but the value used was an enum instead. Oops.
Fixed.
New code much more amenable to future work permitting TLS in callouts.
DH param sizes now chosen by GnuTLS maintainers, we use "normal"; that's
suddenly a lot more bits, so the saved filename was changed too.
(GNUTLS_SEC_PARAM_NORMAL).
DH param setup only done for servers now, since clients don't need/use
it.
GnuTLS a lot more robust to library negotiation using stuff we don't
support, error-ing out quickly for other authentication systems (PGP,
etc).
Renamed pseudo_random_number() to vaguely_random_number() which makes
the nature clearer.
GnuTLS now provides a vaguely_random_number() implementation, to match
OpenSSL.
Pull in <inttypes.h> to make the recent arithmetic changes compile on
MacOS.
Nuke test 2011 which related to the gnutls_require_* options now
non-functional.
Jeremy Harris [Mon, 14 May 2012 23:06:18 +0000 (00:06 +0100)]
Testsuite: fix problem with parsing retry records spanning midnight.
Jeremy Harris [Sun, 13 May 2012 21:39:47 +0000 (22:39 +0100)]
Merge branch '64bitint'
Jeremy Harris [Sun, 13 May 2012 20:04:45 +0000 (21:04 +0100)]
Use defines in config.h for type & scanf-patterns for eval. Update docs.
Phil Pennock [Sun, 13 May 2012 19:30:58 +0000 (15:30 -0400)]
typo fix
Jeremy Harris [Mon, 23 Apr 2012 21:47:58 +0000 (22:47 +0100)]
Make integer values 64bit (bug 1171).
Jeremy Harris [Sun, 13 May 2012 15:43:02 +0000 (16:43 +0100)]
Testsuite: ensure socket from wait-mode daemon test is not held open.
Phil Pennock [Sun, 13 May 2012 08:18:55 +0000 (04:18 -0400)]
Oops, missed .c change in bug 1246 fix git commit
Phil Pennock [Sun, 13 May 2012 08:09:25 +0000 (04:09 -0400)]
Fixed headers_only on smtp transports.
Was not sending trailing dot.
Added test case to catch this.
fixes bug 1246.
Phil Pennock [Sat, 12 May 2012 13:11:28 +0000 (09:11 -0400)]
pcre-config support.
Remove a couple of stray references to PCRE_CFLAGS too (dating from when PCRE was bundled).
Phil Pennock [Fri, 11 May 2012 10:21:17 +0000 (06:21 -0400)]
Testing for -bw mode
Jeremy Harris [Thu, 10 May 2012 22:38:57 +0000 (23:38 +0100)]
Testsuite: updates for 8bitmime-as-default (Dovecot; untested).
Jeremy Harris [Thu, 10 May 2012 21:55:58 +0000 (22:55 +0100)]
Testsuite: updates for 8bitmime-as-default (GnuTLS).
Also add Retry command to more runtest testcase-fail possibilities.
Phil Pennock [Thu, 10 May 2012 05:50:47 +0000 (01:50 -0400)]
fix non-bw case, late slip not re-run by my earlier tests
Jeremy Harris [Wed, 9 May 2012 17:51:31 +0000 (18:51 +0100)]
Merge branch 'master' of git://git.exim.org/exim
Jeremy Harris [Wed, 9 May 2012 17:50:08 +0000 (18:50 +0100)]
Fix non-TLS build. Detection and fix by Todd Lyons.
Phil Pennock [Tue, 8 May 2012 21:44:36 +0000 (14:44 -0700)]
inetd wait mode support with -bw
Phil Pennock [Tue, 8 May 2012 15:20:33 +0000 (08:20 -0700)]
OCSP Stapling support, under EXPERIMENTAL_OCSP.
OpenSSL only.
Jeremy Harris [Mon, 7 May 2012 14:35:14 +0000 (15:35 +0100)]
Testsuite: updates for 8bitmime-as-default.
Phil Pennock [Mon, 7 May 2012 11:03:37 +0000 (04:03 -0700)]
Default accept_8bitmime to true.
Some discussion at http://bugs.exim.org/show_bug.cgi?id=817
Refer readers to Dan Bernstein's analysis of the issues.
Consensus seen from maintainers is that DJB is right on this point.
Phil Pennock [Mon, 7 May 2012 10:09:37 +0000 (06:09 -0400)]
revert "%s" addition in em_main.c, broke %D in log_file.
Also added gdb support.
This leaves us with a printf warning. We accept that as the cost of using PRINTF_FORMAT for strings that aren't libc formats.
Jeremy Harris [Sun, 6 May 2012 22:12:03 +0000 (23:12 +0100)]
Testsuite: teach the fakedns zonefile generator about the ipv6 double-colon rule.
Fixes case 1003 for me (having a trailing ::).
Phil Pennock [Sun, 6 May 2012 13:32:53 +0000 (06:32 -0700)]
Unbreak build on Solaris.
Solaris needs -lresolv, ie $(LIBRESOLV), for anything referencing DNS.
I added _res stuff to os.c.
os.c is used by multiple tools, but of those only Exim needs the DNS functionality.
So used a !defined(COMPILE_UTILITY) guard.
Phil Pennock [Sun, 6 May 2012 09:50:57 +0000 (02:50 -0700)]
Disable SSLv2 by default.
Phil Pennock [Sun, 6 May 2012 04:38:18 +0000 (21:38 -0700)]
DNS resolver init changes for NetBSD compatibility.
Jeremy Harris [Sat, 5 May 2012 20:26:02 +0000 (21:26 +0100)]
Fix eximon build (tls_sni)
Jeremy Harris [Sat, 5 May 2012 20:10:19 +0000 (21:10 +0100)]
Merge branch 'master' of git://git.exim.org/exim
Jeremy Harris [Sat, 5 May 2012 19:52:41 +0000 (20:52 +0100)]
Fix bug 1225: Accept new testsuite case output.
Having looked further at the ratelimit code, the new output looks reasonable. The obscure
values of "19" derive from testing "per-byte", being the size of the test message.
Phil Pennock [Sat, 5 May 2012 01:22:16 +0000 (18:22 -0700)]
Check localhost_number expansion for failure.
Avoids NULL dereference.
Report and patch from Alun Jones.
Also a couple of SIZE_T_FMT sizeof() printf string fixes while I was in there.
fixes bug 1122
Phil Pennock [Fri, 4 May 2012 22:52:30 +0000 (15:52 -0700)]
New doc section explaining TLS SNI
Phil Pennock [Fri, 4 May 2012 20:25:49 +0000 (13:25 -0700)]
silence various compiler complaints; expose NVALGRIND
Phil Pennock [Fri, 4 May 2012 20:06:38 +0000 (13:06 -0700)]
fix sdop directive in filter.xfpt
Phil Pennock [Fri, 4 May 2012 19:52:56 +0000 (12:52 -0700)]
fix all sdop "line overflow" doc complaints
Phil Pennock [Fri, 4 May 2012 19:26:21 +0000 (12:26 -0700)]
fix example line-length, add comment (openssl_options)
Phil Pennock [Fri, 4 May 2012 19:13:56 +0000 (12:13 -0700)]
Doc build bug-fix.
Had repeated .ilist instead of .next in the openssl_options value list.
Old sdop: segfault. New sdop: memory exhaustion.
Oops!
Phil Pennock [Fri, 4 May 2012 15:27:09 +0000 (08:27 -0700)]
More tls_sni support: outbound, logging.
tls_sni as SMTP transport option.
Use correct storage pool for copying tls_sni, so survives for life of process.
Add +tls_sni log-selector, for inbound tls_sni.
Update exipick to handle -tls_sni in spool files.
Also reset tls_bits at start of outbound connection (was missing).
Phil Pennock [Fri, 4 May 2012 11:39:01 +0000 (04:39 -0700)]
TLS SNI support for OpenSSL ($tls_sni)
Phil Pennock [Fri, 4 May 2012 02:20:43 +0000 (19:20 -0700)]
Guard loadable module vars with LOOKUP_MODULE_DIR.
Fixes compiler complaints about unused variables.
Phil Pennock [Fri, 4 May 2012 02:18:34 +0000 (19:18 -0700)]
spurious compiler warning of unused var fix
(but added check in case wrong about spuriousness)
Phil Pennock [Fri, 4 May 2012 02:11:49 +0000 (19:11 -0700)]
OpenSSL fixes and backwards compat break.
Drop SSL_clear() after SSL_new() which causes protocol negotiation failures for TLS1.0 vs TLS1.1/1.2 in OpenSSL 1.0.1b.
Remove SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (+dont_insert_empty_fragments) from default of openssl_options.
Phil Pennock [Thu, 3 May 2012 10:21:31 +0000 (03:21 -0700)]
LDAP: Check for errors of TLS initialisation
Report and patch from Dmitry Banschikov.
Jeremy Harris [Tue, 1 May 2012 22:27:17 +0000 (23:27 +0100)]
Update testsuite output files for GnuTLS version update and fixes.
Jeremy Harris [Sun, 22 Apr 2012 21:23:42 +0000 (22:23 +0100)]
Code refactoring in acl.c (bug 1184)
Move to a table-driven approach for the parsing of "verify =".
Jeremy Harris [Fri, 27 Apr 2012 21:45:16 +0000 (22:45 +0100)]
Change notes for bug 660.
Jeremy Harris [Mon, 23 Apr 2012 20:46:03 +0000 (21:46 +0100)]
Return multi-values attributes from an LDAP lookup in parsable form (bug 660).
Phil Pennock [Mon, 30 Apr 2012 23:58:45 +0000 (16:58 -0700)]
document TK's bug 1239 fix in ChangeLog
Tom Kistner [Mon, 30 Apr 2012 12:37:40 +0000 (13:37 +0100)]
Fix verification when DKIM Signatures are not inserted as tracking headers. Thanks to Wolfgang Breyha for the patch! (bug 1239)
Jeremy Harris [Sat, 28 Apr 2012 23:22:35 +0000 (00:22 +0100)]
Include string_interpret_escape() in COMPILE_UTILITY cases.
Eximon needs it, via util-spool_in.o
It needed a private hex_digits[] to avoid bringing in all of globals.c to COMPILE_UTILITY.
Phil Pennock [Sat, 28 Apr 2012 21:17:24 +0000 (14:17 -0700)]
include string_unprinting() in COMPILE_UTILITY cases.
jgh debugged eximon build failure; util-spool_in.o needs it
Phil Pennock [Sat, 28 Apr 2012 13:21:02 +0000 (06:21 -0700)]
TLS fixes for OpenSSL.
Support TLS 1.1 & 1.2
New "openssl_options" values (all now documented).
Set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read or write after
TLS renegotiation, which otherwise led to messages "Got SSL error 2".
Phil Pennock [Sat, 28 Apr 2012 13:04:09 +0000 (06:04 -0700)]
describe spool file changes for -tls_peerdn
Phil Pennock [Fri, 27 Apr 2012 09:39:59 +0000 (02:39 -0700)]
Handle \n in tls_peerdn for spool files.
Fixes bug 1240.
Jeremy Harris [Thu, 26 Apr 2012 22:00:15 +0000 (23:00 +0100)]
Fix testsuite case 0373.
The subtest does a readsocket (with 1s timeout) into a server
which closes immediately. The expected output in the testcase was null, the output
actually seen was the error-return expansion, which seems more correct.
Accepting the actual output.
Jeremy Harris [Sun, 22 Apr 2012 07:23:53 +0000 (08:23 +0100)]
New testcase output from SSL library.
Jeremy Harris [Tue, 24 Apr 2012 23:25:51 +0000 (00:25 +0100)]
Add ACL name to debug output of condition result (bug 1238).
Jeremy Harris [Mon, 23 Apr 2012 22:57:47 +0000 (23:57 +0100)]
Ensure $smtp_command is initialized before it can be expanded (bug 1182).
Jeremy Harris [Mon, 23 Apr 2012 20:47:53 +0000 (21:47 +0100)]
Add pointer to IPv6 support in prototype Makefile (bug 1232).