projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update version number and copyright year.
[exim.git] / src / src / tls-openssl.c
1 /* $Cambridge: exim/src/src/tls-openssl.c,v 1.9 2007/01/08 10:50:18 ph10 Exp $ */
2
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
6
7 /* Copyright (c) University of Cambridge 1995 - 2007 */
8 /* See the file NOTICE for conditions of use and distribution. */
9
10 /* This module provides the TLS (aka SSL) support for Exim using the OpenSSL
11 library. It is #included into the tls.c file when that library is used. The
12 code herein is based on a patch that was originally contributed by Steve
13 Haslam. It was adapted from stunnel, a GPL program by Michal Trojnara.
14
15 No cryptographic code is included in Exim. All this module does is to call
16 functions from the OpenSSL library. */
17
18
19 /* Heading stuff */
20
21 #include <openssl/lhash.h>
22 #include <openssl/ssl.h>
23 #include <openssl/err.h>
24 #include <openssl/rand.h>
25
26 /* Structure for collecting random data for seeding. */
27
28 typedef struct randstuff {
29 time_t t;
30 pid_t p;
31 } randstuff;
32
33 /* Local static variables */
34
35 static BOOL verify_callback_called = FALSE;
36 static const uschar *sid_ctx = US"exim";
37
38 static SSL_CTX *ctx = NULL;
39 static SSL *ssl = NULL;
40
41 static char ssl_errstring[256];
42
43 static int ssl_session_timeout = 200;
44 static BOOL verify_optional = FALSE;
45
46
47
48
49
50 /*************************************************
51 * Handle TLS error *
52 *************************************************/
53
54 /* Called from lots of places when errors occur before actually starting to do
55 the TLS handshake, that is, while the session is still in clear. Always returns
56 DEFER for a server and FAIL for a client so that most calls can use "return
57 tls_error(...)" to do this processing and then give an appropriate return. A
58 single function is used for both server and client, because it is called from
59 some shared functions.
60
61 Argument:
62 prefix text to include in the logged error
63 host NULL if setting up a server;
64 the connected host if setting up a client
65
66 Returns: OK/DEFER/FAIL
67 */
68
69 static int
70 tls_error(uschar *prefix, host_item *host)
71 {
72 ERR_error_string(ERR_get_error(), ssl_errstring);
73 if (host == NULL)
74 {
75 log_write(0, LOG_MAIN, "TLS error on connection from %s (%s): %s",
76 (sender_fullhost != NULL)? sender_fullhost : US"local process",
77 prefix, ssl_errstring);
78 return DEFER;
79 }
80 else
81 {
82 log_write(0, LOG_MAIN, "TLS error on connection to %s [%s] (%s): %s",
83 host->name, host->address, prefix, ssl_errstring);
84 return FAIL;
85 }
86 }
87
88
89
90 /*************************************************
91 * Callback to generate RSA key *
92 *************************************************/
93
94 /*
95 Arguments:
96 s SSL connection
97 export not used
98 keylength keylength
99
100 Returns: pointer to generated key
101 */
102
103 static RSA *
104 rsa_callback(SSL *s, int export, int keylength)
105 {
106 RSA *rsa_key;
107 export = export; /* Shut picky compilers up */
108 DEBUG(D_tls) debug_printf("Generating %d bit RSA key...\n", keylength);
109 rsa_key = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
110 if (rsa_key == NULL)
111 {
112 ERR_error_string(ERR_get_error(), ssl_errstring);
113 log_write(0, LOG_MAIN|LOG_PANIC, "TLS error (RSA_generate_key): %s",
114 ssl_errstring);
115 return NULL;
116 }
117 return rsa_key;
118 }
119
120
121
122
123 /*************************************************
124 * Callback for verification *
125 *************************************************/
126
127 /* The SSL library does certificate verification if set up to do so. This
128 callback has the current yes/no state is in "state". If verification succeeded,
129 we set up the tls_peerdn string. If verification failed, what happens depends
130 on whether the client is required to present a verifiable certificate or not.
131
132 If verification is optional, we change the state to yes, but still log the
133 verification error. For some reason (it really would help to have proper
134 documentation of OpenSSL), this callback function then gets called again, this
135 time with state = 1. In fact, that's useful, because we can set up the peerdn
136 value, but we must take care not to set the private verified flag on the second
137 time through.
138
139 Note: this function is not called if the client fails to present a certificate
140 when asked. We get here only if a certificate has been received. Handling of
141 optional verification for this case is done when requesting SSL to verify, by
142 setting SSL_VERIFY_FAIL_IF_NO_PEER_CERT in the non-optional case.
143
144 Arguments:
145 state current yes/no state as 1/0
146 x509ctx certificate information.
147
148 Returns: 1 if verified, 0 if not
149 */
150
151 static int
152 verify_callback(int state, X509_STORE_CTX *x509ctx)
153 {
154 static uschar txt[256];
155
156 X509_NAME_oneline(X509_get_subject_name(x509ctx->current_cert),
157 CS txt, sizeof(txt));
158
159 if (state == 0)
160 {
161 log_write(0, LOG_MAIN, "SSL verify error: depth=%d error=%s cert=%s",
162 x509ctx->error_depth,
163 X509_verify_cert_error_string(x509ctx->error),
164 txt);
165 tls_certificate_verified = FALSE;
166 verify_callback_called = TRUE;
167 if (!verify_optional) return 0; /* reject */
168 DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
169 "tls_try_verify_hosts)\n");
170 return 1; /* accept */
171 }
172
173 if (x509ctx->error_depth != 0)
174 {
175 DEBUG(D_tls) debug_printf("SSL verify ok: depth=%d cert=%s\n",
176 x509ctx->error_depth, txt);
177 }
178 else
179 {
180 DEBUG(D_tls) debug_printf("SSL%s peer: %s\n",
181 verify_callback_called? "" : " authenticated", txt);
182 tls_peerdn = txt;
183 }
184
185 if (!verify_callback_called) tls_certificate_verified = TRUE;
186 verify_callback_called = TRUE;
187
188 return 1; /* accept */
189 }
190
191
192
193 /*************************************************
194 * Information callback *
195 *************************************************/
196
197 /* The SSL library functions call this from time to time to indicate what they
198 are doing. We copy the string to the debugging output when the level is high
199 enough.
200
201 Arguments:
202 s the SSL connection
203 where
204 ret
205
206 Returns: nothing
207 */
208
209 static void
210 info_callback(SSL *s, int where, int ret)
211 {
212 where = where;
213 ret = ret;
214 DEBUG(D_tls) debug_printf("SSL info: %s\n", SSL_state_string_long(s));
215 }
216
217
218
219 /*************************************************
220 * Initialize for DH *
221 *************************************************/
222
223 /* If dhparam is set, expand it, and load up the parameters for DH encryption.
224
225 Arguments:
226 dhparam DH parameter file
227
228 Returns: TRUE if OK (nothing to set up, or setup worked)
229 */
230
231 static BOOL
232 init_dh(uschar *dhparam)
233 {
234 BOOL yield = TRUE;
235 BIO *bio;
236 DH *dh;
237 uschar *dhexpanded;
238
239 if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded))
240 return FALSE;
241
242 if (dhexpanded == NULL) return TRUE;
243
244 if ((bio = BIO_new_file(CS dhexpanded, "r")) == NULL)
245 {
246 log_write(0, LOG_MAIN, "DH: could not read %s: %s", dhexpanded,
247 strerror(errno));
248 yield = FALSE;
249 }
250 else
251 {
252 if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)) == NULL)
253 {
254 log_write(0, LOG_MAIN, "DH: could not load params from %s",
255 dhexpanded);
256 yield = FALSE;
257 }
258 else
259 {
260 SSL_CTX_set_tmp_dh(ctx, dh);
261 DEBUG(D_tls)
262 debug_printf("Diffie-Hellman initialized from %s with %d-bit key\n",
263 dhexpanded, 8*DH_size(dh));
264 DH_free(dh);
265 }
266 BIO_free(bio);
267 }
268
269 return yield;
270 }
271
272
273
274
275 /*************************************************
276 * Initialize for TLS *
277 *************************************************/
278
279 /* Called from both server and client code, to do preliminary initialization of
280 the library.
281
282 Arguments:
283 host connected host, if client; NULL if server
284 dhparam DH parameter file
285 certificate certificate file
286 privatekey private key
287 addr address if client; NULL if server (for some randomness)
288
289 Returns: OK/DEFER/FAIL
290 */
291
292 static int
293 tls_init(host_item *host, uschar *dhparam, uschar *certificate,
294 uschar *privatekey, address_item *addr)
295 {
296 SSL_load_error_strings(); /* basic set up */
297 OpenSSL_add_ssl_algorithms();
298
299 /* Create a context */
300
301 ctx = SSL_CTX_new((host == NULL)?
302 SSLv23_server_method() : SSLv23_client_method());
303
304 if (ctx == NULL) return tls_error(US"SSL_CTX_new", host);
305
306 /* It turns out that we need to seed the random number generator this early in
307 order to get the full complement of ciphers to work. It took me roughly a day
308 of work to discover this by experiment.
309
310 On systems that have /dev/urandom, SSL may automatically seed itself from
311 there. Otherwise, we have to make something up as best we can. Double check
312 afterwards. */
313
314 if (!RAND_status())
315 {
316 randstuff r;
317 r.t = time(NULL);
318 r.p = getpid();
319
320 RAND_seed((uschar *)(&r), sizeof(r));
321 RAND_seed((uschar *)big_buffer, big_buffer_size);
322 if (addr != NULL) RAND_seed((uschar *)addr, sizeof(addr));
323
324 if (!RAND_status())
325 {
326 if (host == NULL)
327 {
328 log_write(0, LOG_MAIN, "TLS error on connection from %s: "
329 "unable to seed random number generator",
330 (sender_fullhost != NULL)? sender_fullhost : US"local process");
331 return DEFER;
332 }
333 else
334 {
335 log_write(0, LOG_MAIN, "TLS error on connection to %s [%s]: "
336 "unable to seed random number generator",
337 host->name, host->address);
338 return FAIL;
339 }
340 }
341 }
342
343 /* Set up the information callback, which outputs if debugging is at a suitable
344 level. */
345
346 if (!(SSL_CTX_set_info_callback(ctx, (void (*)())info_callback)))
347 return tls_error(US"SSL_CTX_set_info_callback", host);
348
349 /* The following patch was supplied by Robert Roselius */
350
351 #if OPENSSL_VERSION_NUMBER > 0x00906040L
352 /* Enable client-bug workaround.
353 Versions of OpenSSL as of 0.9.6d include a "CBC countermeasure" feature,
354 which causes problems with some clients (such as the Certicom SSL Plus
355 library used by Eudora). This option, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS,
356 disables the coutermeasure allowing Eudora to connect.
357 Some poppers and MTAs use SSL_OP_ALL, which enables all such bug
358 workarounds. */
359 /* XXX (Silently?) ignore failure here? XXX*/
360
361 if (!(SSL_CTX_set_options(ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)))
362 return tls_error(US"SSL_CTX_set_option", host);
363 #endif
364
365 /* Initialize with DH parameters if supplied */
366
367 if (!init_dh(dhparam)) return DEFER;
368
369 /* Set up certificate and key */
370
371 if (certificate != NULL)
372 {
373 uschar *expanded;
374 if (!expand_check(certificate, US"tls_certificate", &expanded))
375 return DEFER;
376
377 if (expanded != NULL)
378 {
379 DEBUG(D_tls) debug_printf("tls_certificate file %s\n", expanded);
380 if (!SSL_CTX_use_certificate_chain_file(ctx, CS expanded))
381 return tls_error(string_sprintf(
382 "SSL_CTX_use_certificate_chain_file file=%s", expanded), host);
383 }
384
385 if (privatekey != NULL &&
386 !expand_check(privatekey, US"tls_privatekey", &expanded))
387 return DEFER;
388
389 /* If expansion was forced to fail, key_expanded will be NULL. If the result
390 of the expansion is an empty string, ignore it also, and assume the private
391 key is in the same file as the certificate. */
392
393 if (expanded != NULL && *expanded != 0)
394 {
395 DEBUG(D_tls) debug_printf("tls_privatekey file %s\n", expanded);
396 if (!SSL_CTX_use_PrivateKey_file(ctx, CS expanded, SSL_FILETYPE_PEM))
397 return tls_error(string_sprintf(
398 "SSL_CTX_use_PrivateKey_file file=%s", expanded), host);
399 }
400 }
401
402 /* Set up the RSA callback */
403
404 SSL_CTX_set_tmp_rsa_callback(ctx, rsa_callback);
405
406 /* Finally, set the timeout, and we are done */
407
408 SSL_CTX_set_timeout(ctx, ssl_session_timeout);
409 DEBUG(D_tls) debug_printf("Initialized TLS\n");
410 return OK;
411 }
412
413
414
415
416 /*************************************************
417 * Get name of cipher in use *
418 *************************************************/
419
420 /* The answer is left in a static buffer, and tls_cipher is set to point
421 to it.
422
423 Argument: pointer to an SSL structure for the connection
424 Returns: nothing
425 */
426
427 static void
428 construct_cipher_name(SSL *ssl)
429 {
430 static uschar cipherbuf[256];
431 SSL_CIPHER *c;
432 uschar *ver;
433 int bits;
434
435 switch (ssl->session->ssl_version)
436 {
437 case SSL2_VERSION:
438 ver = US"SSLv2";
439 break;
440
441 case SSL3_VERSION:
442 ver = US"SSLv3";
443 break;
444
445 case TLS1_VERSION:
446 ver = US"TLSv1";
447 break;
448
449 default:
450 ver = US"UNKNOWN";
451 }
452
453 c = SSL_get_current_cipher(ssl);
454 SSL_CIPHER_get_bits(c, &bits);
455
456 string_format(cipherbuf, sizeof(cipherbuf), "%s:%s:%u", ver,
457 SSL_CIPHER_get_name(c), bits);
458 tls_cipher = cipherbuf;
459
460 DEBUG(D_tls) debug_printf("Cipher: %s\n", cipherbuf);
461 }
462
463
464
465
466
467 /*************************************************
468 * Set up for verifying certificates *
469 *************************************************/
470
471 /* Called by both client and server startup
472
473 Arguments:
474 certs certs file or NULL
475 crl CRL file or NULL
476 host NULL in a server; the remote host in a client
477 optional TRUE if called from a server for a host in tls_try_verify_hosts;
478 otherwise passed as FALSE
479
480 Returns: OK/DEFER/FAIL
481 */
482
483 static int
484 setup_certs(uschar *certs, uschar *crl, host_item *host, BOOL optional)
485 {
486 uschar *expcerts, *expcrl;
487
488 if (!expand_check(certs, US"tls_verify_certificates", &expcerts))
489 return DEFER;
490
491 if (expcerts != NULL)
492 {
493 struct stat statbuf;
494 if (!SSL_CTX_set_default_verify_paths(ctx))
495 return tls_error(US"SSL_CTX_set_default_verify_paths", host);
496
497 if (Ustat(expcerts, &statbuf) < 0)
498 {
499 log_write(0, LOG_MAIN|LOG_PANIC,
500 "failed to stat %s for certificates", expcerts);
501 return DEFER;
502 }
503 else
504 {
505 uschar *file, *dir;
506 if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
507 { file = NULL; dir = expcerts; }
508 else
509 { file = expcerts; dir = NULL; }
510
511 /* If a certificate file is empty, the next function fails with an
512 unhelpful error message. If we skip it, we get the correct behaviour (no
513 certificates are recognized, but the error message is still misleading (it
514 says no certificate was supplied.) But this is better. */
515
516 if ((file == NULL || statbuf.st_size > 0) &&
517 !SSL_CTX_load_verify_locations(ctx, CS file, CS dir))
518 return tls_error(US"SSL_CTX_load_verify_locations", host);
519
520 if (file != NULL)
521 {
522 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CS file));
523 }
524 }
525
526 /* Handle a certificate revocation list. */
527
528 #if OPENSSL_VERSION_NUMBER > 0x00907000L
529
530 /* This bit of code is now the version supplied by Lars Mainka. (I have
531 * merely reformatted it into the Exim code style.)
532
533 * "From here I changed the code to add support for multiple crl's
534 * in pem format in one file or to support hashed directory entries in
535 * pem format instead of a file. This method now uses the library function
536 * X509_STORE_load_locations to add the CRL location to the SSL context.
537 * OpenSSL will then handle the verify against CA certs and CRLs by
538 * itself in the verify callback." */
539
540 if (!expand_check(crl, US"tls_crl", &expcrl)) return DEFER;
541 if (expcrl != NULL && *expcrl != 0)
542 {
543 struct stat statbufcrl;
544 if (Ustat(expcrl, &statbufcrl) < 0)
545 {
546 log_write(0, LOG_MAIN|LOG_PANIC,
547 "failed to stat %s for certificates revocation lists", expcrl);
548 return DEFER;
549 }
550 else
551 {
552 /* is it a file or directory? */
553 uschar *file, *dir;
554 X509_STORE *cvstore = SSL_CTX_get_cert_store(ctx);
555 if ((statbufcrl.st_mode & S_IFMT) == S_IFDIR)
556 {
557 file = NULL;
558 dir = expcrl;
559 DEBUG(D_tls) debug_printf("SSL CRL value is a directory %s\n", dir);
560 }
561 else
562 {
563 file = expcrl;
564 dir = NULL;
565 DEBUG(D_tls) debug_printf("SSL CRL value is a file %s\n", file);
566 }
567 if (X509_STORE_load_locations(cvstore, CS file, CS dir) == 0)
568 return tls_error(US"X509_STORE_load_locations", host);
569
570 /* setting the flags to check against the complete crl chain */
571
572 X509_STORE_set_flags(cvstore,
573 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
574 }
575 }
576
577 #endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
578
579 /* If verification is optional, don't fail if no certificate */
580
581 SSL_CTX_set_verify(ctx,
582 SSL_VERIFY_PEER | (optional? 0 : SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
583 verify_callback);
584 }
585
586 return OK;
587 }
588
589
590
591 /*************************************************
592 * Start a TLS session in a server *
593 *************************************************/
594
595 /* This is called when Exim is running as a server, after having received
596 the STARTTLS command. It must respond to that command, and then negotiate
597 a TLS session.
598
599 Arguments:
600 require_ciphers allowed ciphers
601
602 Returns: OK on success
603 DEFER for errors before the start of the negotiation
604 FAIL for errors during the negotation; the server can't
605 continue running.
606 */
607
608 int
609 tls_server_start(uschar *require_ciphers)
610 {
611 int rc;
612 uschar *expciphers;
613
614 /* Check for previous activation */
615
616 if (tls_active >= 0)
617 {
618 log_write(0, LOG_MAIN, "STARTTLS received in already encrypted "
619 "connection from %s",
620 (sender_fullhost != NULL)? sender_fullhost : US"local process");
621 smtp_printf("554 Already in TLS\r\n");
622 return FAIL;
623 }
624
625 /* Initialize the SSL library. If it fails, it will already have logged
626 the error. */
627
628 rc = tls_init(NULL, tls_dhparam, tls_certificate, tls_privatekey, NULL);
629 if (rc != OK) return rc;
630
631 if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers))
632 return FAIL;
633
634 /* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
635 are separated by underscores. So that I can use either form in my tests, and
636 also for general convenience, we turn underscores into hyphens here. */
637
638 if (expciphers != NULL)
639 {
640 uschar *s = expciphers;
641 while (*s != 0) { if (*s == '_') *s = '-'; s++; }
642 DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);
643 if (!SSL_CTX_set_cipher_list(ctx, CS expciphers))
644 return tls_error(US"SSL_CTX_set_cipher_list", NULL);
645 }
646
647 /* If this is a host for which certificate verification is mandatory or
648 optional, set up appropriately. */
649
650 tls_certificate_verified = FALSE;
651 verify_callback_called = FALSE;
652
653 if (verify_check_host(&tls_verify_hosts) == OK)
654 {
655 rc = setup_certs(tls_verify_certificates, tls_crl, NULL, FALSE);
656 if (rc != OK) return rc;
657 verify_optional = FALSE;
658 }
659 else if (verify_check_host(&tls_try_verify_hosts) == OK)
660 {
661 rc = setup_certs(tls_verify_certificates, tls_crl, NULL, TRUE);
662 if (rc != OK) return rc;
663 verify_optional = TRUE;
664 }
665
666 /* Prepare for new connection */
667
668 if ((ssl = SSL_new(ctx)) == NULL) return tls_error(US"SSL_new", NULL);
669 SSL_clear(ssl);
670
671 /* Set context and tell client to go ahead, except in the case of TLS startup
672 on connection, where outputting anything now upsets the clients and tends to
673 make them disconnect. We need to have an explicit fflush() here, to force out
674 the response. Other smtp_printf() calls do not need it, because in non-TLS
675 mode, the fflush() happens when smtp_getc() is called. */
676
677 SSL_set_session_id_context(ssl, sid_ctx, Ustrlen(sid_ctx));
678 if (!tls_on_connect)
679 {
680 smtp_printf("220 TLS go ahead\r\n");
681 fflush(smtp_out);
682 }
683
684 /* Now negotiate the TLS session. We put our own timer on it, since it seems
685 that the OpenSSL library doesn't. */
686
687 SSL_set_wfd(ssl, fileno(smtp_out));
688 SSL_set_rfd(ssl, fileno(smtp_in));
689 SSL_set_accept_state(ssl);
690
691 DEBUG(D_tls) debug_printf("Calling SSL_accept\n");
692
693 sigalrm_seen = FALSE;
694 if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
695 rc = SSL_accept(ssl);
696 alarm(0);
697
698 if (rc <= 0)
699 {
700 if (sigalrm_seen) Ustrcpy(ssl_errstring, "timed out");
701 else ERR_error_string(ERR_get_error(), ssl_errstring);
702 log_write(0, LOG_MAIN, "TLS error on connection from %s (SSL_accept): %s",
703 (sender_fullhost != NULL)? sender_fullhost : US"local process",
704 ssl_errstring);
705 return FAIL;
706 }
707
708 DEBUG(D_tls) debug_printf("SSL_accept was successful\n");
709
710 /* TLS has been set up. Adjust the input functions to read via TLS,
711 and initialize things. */
712
713 construct_cipher_name(ssl);
714
715 DEBUG(D_tls)
716 {
717 uschar buf[2048];
718 if (SSL_get_shared_ciphers(ssl, CS buf, sizeof(buf)) != NULL)
719 debug_printf("Shared ciphers: %s\n", buf);
720 }
721
722
723 ssl_xfer_buffer = store_malloc(ssl_xfer_buffer_size);
724 ssl_xfer_buffer_lwm = ssl_xfer_buffer_hwm = 0;
725 ssl_xfer_eof = ssl_xfer_error = 0;
726
727 receive_getc = tls_getc;
728 receive_ungetc = tls_ungetc;
729 receive_feof = tls_feof;
730 receive_ferror = tls_ferror;
731
732 tls_active = fileno(smtp_out);
733 return OK;
734 }
735
736
737
738
739
740 /*************************************************
741 * Start a TLS session in a client *
742 *************************************************/
743
744 /* Called from the smtp transport after STARTTLS has been accepted.
745
746 Argument:
747 fd the fd of the connection
748 host connected host (for messages)
749 dhparam DH parameter file
750 certificate certificate file
751 privatekey private key file
752 verify_certs file for certificate verify
753 crl file containing CRL
754 require_ciphers list of allowed ciphers
755
756 Returns: OK on success
757 FAIL otherwise - note that tls_error() will not give DEFER
758 because this is not a server
759 */
760
761 int
762 tls_client_start(int fd, host_item *host, address_item *addr, uschar *dhparam,
763 uschar *certificate, uschar *privatekey, uschar *verify_certs, uschar *crl,
764 uschar *require_ciphers, int timeout)
765 {
766 static uschar txt[256];
767 uschar *expciphers;
768 X509* server_cert;
769 int rc;
770
771 rc = tls_init(host, dhparam, certificate, privatekey, addr);
772 if (rc != OK) return rc;
773
774 tls_certificate_verified = FALSE;
775 verify_callback_called = FALSE;
776
777 if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers))
778 return FAIL;
779
780 /* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
781 are separated by underscores. So that I can use either form in my tests, and
782 also for general convenience, we turn underscores into hyphens here. */
783
784 if (expciphers != NULL)
785 {
786 uschar *s = expciphers;
787 while (*s != 0) { if (*s == '_') *s = '-'; s++; }
788 DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);
789 if (!SSL_CTX_set_cipher_list(ctx, CS expciphers))
790 return tls_error(US"SSL_CTX_set_cipher_list", host);
791 }
792
793 rc = setup_certs(verify_certs, crl, host, FALSE);
794 if (rc != OK) return rc;
795
796 if ((ssl = SSL_new(ctx)) == NULL) return tls_error(US"SSL_new", host);
797 SSL_set_session_id_context(ssl, sid_ctx, Ustrlen(sid_ctx));
798 SSL_set_fd(ssl, fd);
799 SSL_set_connect_state(ssl);
800
801 /* There doesn't seem to be a built-in timeout on connection. */
802
803 DEBUG(D_tls) debug_printf("Calling SSL_connect\n");
804 sigalrm_seen = FALSE;
805 alarm(timeout);
806 rc = SSL_connect(ssl);
807 alarm(0);
808
809 if (rc <= 0)
810 {
811 if (sigalrm_seen)
812 {
813 log_write(0, LOG_MAIN, "TLS error on connection to %s [%s]: "
814 "SSL_connect timed out", host->name, host->address);
815 return FAIL;
816 }
817 else return tls_error(US"SSL_connect", host);
818 }
819
820 DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");
821
822 server_cert = SSL_get_peer_certificate (ssl);
823 tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
824 CS txt, sizeof(txt));
825 tls_peerdn = txt;
826
827 construct_cipher_name(ssl); /* Sets tls_cipher */
828
829 tls_active = fd;
830 return OK;
831 }
832
833
834
835
836
837 /*************************************************
838 * TLS version of getc *
839 *************************************************/
840
841 /* This gets the next byte from the TLS input buffer. If the buffer is empty,
842 it refills the buffer via the SSL reading function.
843
844 Arguments: none
845 Returns: the next character or EOF
846 */
847
848 int
849 tls_getc(void)
850 {
851 if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm)
852 {
853 int error;
854 int inbytes;
855
856 DEBUG(D_tls) debug_printf("Calling SSL_read(%lx, %lx, %u)\n", (long)ssl,
857 (long)ssl_xfer_buffer, ssl_xfer_buffer_size);
858
859 if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
860 inbytes = SSL_read(ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size);
861 error = SSL_get_error(ssl, inbytes);
862 alarm(0);
863
864 /* SSL_ERROR_ZERO_RETURN appears to mean that the SSL session has been
865 closed down, not that the socket itself has been closed down. Revert to
866 non-SSL handling. */
867
868 if (error == SSL_ERROR_ZERO_RETURN)
869 {
870 DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n");
871
872 receive_getc = smtp_getc;
873 receive_ungetc = smtp_ungetc;
874 receive_feof = smtp_feof;
875 receive_ferror = smtp_ferror;
876
877 SSL_free(ssl);
878 ssl = NULL;
879 tls_active = -1;
880 tls_cipher = NULL;
881 tls_peerdn = NULL;
882
883 return smtp_getc();
884 }
885
886 /* Handle genuine errors */
887
888 else if (error != SSL_ERROR_NONE)
889 {
890 DEBUG(D_tls) debug_printf("Got SSL error %d\n", error);
891 ssl_xfer_error = 1;
892 return EOF;
893 }
894
895 ssl_xfer_buffer_hwm = inbytes;
896 ssl_xfer_buffer_lwm = 0;
897 }
898
899 /* Something in the buffer; return next uschar */
900
901 return ssl_xfer_buffer[ssl_xfer_buffer_lwm++];
902 }
903
904
905
906 /*************************************************
907 * Read bytes from TLS channel *
908 *************************************************/
909
910 /*
911 Arguments:
912 buff buffer of data
913 len size of buffer
914
915 Returns: the number of bytes read
916 -1 after a failed read
917 */
918
919 int
920 tls_read(uschar *buff, size_t len)
921 {
922 int inbytes;
923 int error;
924
925 DEBUG(D_tls) debug_printf("Calling SSL_read(%lx, %lx, %u)\n", (long)ssl,
926 (long)buff, (unsigned int)len);
927
928 inbytes = SSL_read(ssl, CS buff, len);
929 error = SSL_get_error(ssl, inbytes);
930
931 if (error == SSL_ERROR_ZERO_RETURN)
932 {
933 DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n");
934 return -1;
935 }
936 else if (error != SSL_ERROR_NONE)
937 {
938 return -1;
939 }
940
941 return inbytes;
942 }
943
944
945
946
947
948 /*************************************************
949 * Write bytes down TLS channel *
950 *************************************************/
951
952 /*
953 Arguments:
954 buff buffer of data
955 len number of bytes
956
957 Returns: the number of bytes after a successful write,
958 -1 after a failed write
959 */
960
961 int
962 tls_write(const uschar *buff, size_t len)
963 {
964 int outbytes;
965 int error;
966 int left = len;
967
968 DEBUG(D_tls) debug_printf("tls_do_write(%lx, %d)\n", (long)buff, left);
969 while (left > 0)
970 {
971 DEBUG(D_tls) debug_printf("SSL_write(SSL, %lx, %d)\n", (long)buff, left);
972 outbytes = SSL_write(ssl, CS buff, left);
973 error = SSL_get_error(ssl, outbytes);
974 DEBUG(D_tls) debug_printf("outbytes=%d error=%d\n", outbytes, error);
975 switch (error)
976 {
977 case SSL_ERROR_SSL:
978 ERR_error_string(ERR_get_error(), ssl_errstring);
979 log_write(0, LOG_MAIN, "TLS error (SSL_write): %s", ssl_errstring);
980 return -1;
981
982 case SSL_ERROR_NONE:
983 left -= outbytes;
984 buff += outbytes;
985 break;
986
987 case SSL_ERROR_ZERO_RETURN:
988 log_write(0, LOG_MAIN, "SSL channel closed on write");
989 return -1;
990
991 default:
992 log_write(0, LOG_MAIN, "SSL_write error %d", error);
993 return -1;
994 }
995 }
996 return len;
997 }
998
999
1000
1001 /*************************************************
1002 * Close down a TLS session *
1003 *************************************************/
1004
1005 /* This is also called from within a delivery subprocess forked from the
1006 daemon, to shut down the TLS library, without actually doing a shutdown (which
1007 would tamper with the SSL session in the parent process).
1008
1009 Arguments: TRUE if SSL_shutdown is to be called
1010 Returns: nothing
1011 */
1012
1013 void
1014 tls_close(BOOL shutdown)
1015 {
1016 if (tls_active < 0) return; /* TLS was not active */
1017
1018 if (shutdown)
1019 {
1020 DEBUG(D_tls) debug_printf("tls_close(): shutting down SSL\n");
1021 SSL_shutdown(ssl);
1022 }
1023
1024 SSL_free(ssl);
1025 ssl = NULL;
1026
1027 tls_active = -1;
1028 }
1029
1030 /* End of tls-openssl.c */
Unnamed repository; edit this file 'description' to name the repository.