X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Ftls-openssl.c;h=7e6524dbd97e295dc69dd1cb08375be45aa65684;hb=7a8b95190c22a8176c583985a41beb3e9ae831cd;hp=4dfeac06d35f12586174fe042ca2af6d5a641f0d;hpb=cfa8f329e9fddbb6db594761364854e780359ace;p=exim.git diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 4dfeac06d..7e6524dbd 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -70,6 +70,7 @@ functions from the OpenSSL library. */ # if OPENSSL_VERSION_NUMBER >= 0x010100000L # define EXIM_HAVE_OPENSSL_CHECKHOST # define EXIM_HAVE_OPENSSL_DH_BITS +# define EXIM_HAVE_OPENSSL_TLS_METHOD # endif # if OPENSSL_VERSION_NUMBER >= 0x010000000L \ && (OPENSSL_VERSION_NUMBER & 0x0000ff000L) >= 0x000002000L @@ -152,7 +153,6 @@ typedef struct tls_ext_ctx_cb { uschar *certificate; uschar *privatekey; BOOL is_server; - STACK_OF(X509_NAME) * acceptable_certnames; #ifndef DISABLE_OCSP STACK_OF(X509) *verify_stack; /* chain for verifying the proof */ union { @@ -905,7 +905,7 @@ We do not free the stack since it could be needed a second time for SNI handling. Separately we might try to replace using OCSP_basic_verify() - which seems to not -be a public interface into the OpenSSL library (there's no manual entry) - +be a public interface into the OpenSSL library (there's no manual entry) - But what with? We also use OCSP_basic_verify in the client stapling callback. And there we NEED it; we must verify that status... unless the library does it for us anyway? */ @@ -1001,7 +1001,7 @@ if (!EVP_PKEY_assign_RSA(pkey, rsa)) goto err; X509_set_version(x509, 2); /* N+1 - version 3 */ -ASN1_INTEGER_set(X509_get_serialNumber(x509), 0); +ASN1_INTEGER_set(X509_get_serialNumber(x509), 1); X509_gmtime_adj(X509_get_notBefore(x509), 0); X509_gmtime_adj(X509_get_notAfter(x509), (long)60 * 60); /* 1 hour */ X509_set_pubkey(x509, pkey); @@ -1217,7 +1217,11 @@ if (!reexpand_tls_files_for_sni) not confident that memcpy wouldn't break some internal reference counting. Especially since there's a references struct member, which would be off. */ +#ifdef EXIM_HAVE_OPENSSL_TLS_METHOD +if (!(server_sni = SSL_CTX_new(TLS_server_method()))) +#else if (!(server_sni = SSL_CTX_new(SSLv23_server_method()))) +#endif { ERR_error_string(ERR_get_error(), ssl_errstring); DEBUG(D_tls) debug_printf("SSL_CTX_new() failed: %s\n", ssl_errstring); @@ -1511,7 +1515,6 @@ cbinfo = store_malloc(sizeof(tls_ext_ctx_cb)); cbinfo->certificate = certificate; cbinfo->privatekey = privatekey; cbinfo->is_server = host==NULL; -cbinfo->acceptable_certnames = NULL; #ifndef DISABLE_OCSP cbinfo->verify_stack = NULL; if (!host) @@ -1547,7 +1550,11 @@ when OpenSSL is built without SSLv2 support. By disabling with openssl_options, we can let admins re-enable with the existing knob. */ +#ifdef EXIM_HAVE_OPENSSL_TLS_METHOD +if (!(ctx = SSL_CTX_new(host ? TLS_client_method() : TLS_server_method()))) +#else if (!(ctx = SSL_CTX_new(host ? SSLv23_client_method() : SSLv23_server_method()))) +#endif return tls_error(US"SSL_CTX_new", host, NULL, errstr); /* It turns out that we need to seed the random number generator this early in @@ -1603,9 +1610,15 @@ if (init_options) else DEBUG(D_tls) debug_printf("no SSL CTX options to set\n"); -/* Disable session cache unconditionally */ - +/* We'd like to disable session cache unconditionally, but foolish Outlook +Express clients then give up the first TLS connection and make a second one +(which works). Only when there is an IMAP service on the same machine. +Presumably OE is trying to use the cache for A on B. Leave it enabled for +now, until we work out a decent way of presenting control to the config. It +will never be used because we use a new context every time. */ +#ifdef notdef (void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); +#endif /* Initialize with DH parameters if supplied */ /* Initialize ECDH temp key parameter selection */ @@ -1631,7 +1644,7 @@ if ((rc = tls_expand_session_files(ctx, cbinfo, errstr)) != OK) } # endif -if (host == NULL) /* server */ +if (!host) /* server */ { # ifndef DISABLE_OCSP /* We check u_ocsp.server.file, not server.response, because we care about if @@ -1700,15 +1713,13 @@ Returns: nothing static void construct_cipher_name(SSL *ssl, uschar *cipherbuf, int bsize, int *bits) { -/* With OpenSSL 1.0.0a, this needs to be const but the documentation doesn't +/* With OpenSSL 1.0.0a, 'c' needs to be const but the documentation doesn't yet reflect that. It should be a safe change anyway, even 0.9.8 versions have the accessor functions use const in the prototype. */ -const SSL_CIPHER *c; -const uschar *ver; -ver = (const uschar *)SSL_get_version(ssl); +const uschar * ver = CUS SSL_get_version(ssl); +const SSL_CIPHER * c = (const SSL_CIPHER *) SSL_get_current_cipher(ssl); -c = (const SSL_CIPHER *) SSL_get_current_cipher(ssl); SSL_CIPHER_get_bits(c, bits); string_format(cipherbuf, bsize, "%s:%s:%u", ver, @@ -1748,6 +1759,7 @@ else * Set up for verifying certificates * *************************************************/ +#ifndef DISABLE_OCSP /* Load certs from file, return TRUE on success */ static BOOL @@ -1765,6 +1777,7 @@ while ((x = PEM_read_bio_X509(bp, NULL, 0, NULL))) BIO_free(bp); return TRUE; } +#endif @@ -1859,21 +1872,11 @@ if (expcerts && *expcerts) */ if (file) { - tls_ext_ctx_cb * cbinfo = host - ? client_static_cbinfo : server_static_cbinfo; - STACK_OF(X509_NAME) * names; - - if ((names = cbinfo->acceptable_certnames)) - { - sk_X509_NAME_pop_free(names, X509_NAME_free); - cbinfo->acceptable_certnames = NULL; - } - names = SSL_load_client_CA_file(CS file); + STACK_OF(X509_NAME) * names = SSL_load_client_CA_file(CS file); SSL_CTX_set_client_CA_list(sctx, names); DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n", sk_X509_NAME_num(names)); - cbinfo->acceptable_certnames = names; } } } @@ -2113,7 +2116,7 @@ DEBUG(D_tls) */ if (!ssl_xfer_buffer) ssl_xfer_buffer = store_malloc(ssl_xfer_buffer_size); ssl_xfer_buffer_lwm = ssl_xfer_buffer_hwm = 0; -ssl_xfer_eof = ssl_xfer_error = 0; +ssl_xfer_eof = ssl_xfer_error = FALSE; receive_getc = tls_getc; receive_getbuf = tls_getbuf; @@ -2312,8 +2315,23 @@ if (rc != OK) return rc; tls_out.certificate_verified = FALSE; client_verify_callback_called = FALSE; -if (!expand_check(ob->tls_require_ciphers, US"tls_require_ciphers", - &expciphers, errstr)) +expciphers = NULL; +#ifdef SUPPORT_DANE +if (tlsa_dnsa) + { + /* We fall back to tls_require_ciphers if unset, empty or forced failure, but + other failures should be treated as problems. */ + if (ob->dane_require_tls_ciphers && + !expand_check(ob->dane_require_tls_ciphers, US"dane_require_tls_ciphers", + &expciphers, errstr)) + return FAIL; + if (expciphers && *expciphers == '\0') + expciphers = NULL; + } +#endif +if (!expciphers && + !expand_check(ob->tls_require_ciphers, US"tls_require_ciphers", + &expciphers, errstr)) return FAIL; /* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they @@ -2349,7 +2367,7 @@ else client_static_cbinfo, errstr)) != OK) return rc; -if ((client_ssl = SSL_new(client_ctx)) == NULL) +if (!(client_ssl = SSL_new(client_ctx))) return tls_error(US"SSL_new", host, NULL, errstr); SSL_set_session_id_context(client_ssl, sid_ctx, Ustrlen(sid_ctx)); SSL_set_fd(client_ssl, fd); @@ -2466,7 +2484,16 @@ if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout); inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, MIN(ssl_xfer_buffer_size, lim)); error = SSL_get_error(server_ssl, inbytes); -alarm(0); +if (smtp_receive_timeout > 0) alarm(0); + +if (had_command_timeout) /* set by signal handler */ + smtp_command_timeout_exit(); /* does not return */ +if (had_command_sigterm) + smtp_command_sigterm_exit(); +if (had_data_timeout) + smtp_data_timeout_exit(); +if (had_data_sigint) + smtp_data_sigint_exit(); /* SSL_ERROR_ZERO_RETURN appears to mean that the SSL session has been closed down, not that the socket itself has been closed down. Revert to @@ -2487,12 +2514,12 @@ if (error == SSL_ERROR_ZERO_RETURN) if (SSL_get_shutdown(server_ssl) == SSL_RECEIVED_SHUTDOWN) SSL_shutdown(server_ssl); +#ifndef DISABLE_OCSP sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free); - sk_X509_NAME_pop_free(server_static_cbinfo->acceptable_certnames, X509_NAME_free); + server_static_cbinfo->verify_stack = NULL; +#endif SSL_free(server_ssl); SSL_CTX_free(server_ctx); - server_static_cbinfo->verify_stack = NULL; - server_static_cbinfo->acceptable_certnames = NULL; server_ctx = NULL; server_ssl = NULL; tls_in.active = -1; @@ -2510,14 +2537,14 @@ else if (error == SSL_ERROR_SSL) { ERR_error_string(ERR_get_error(), ssl_errstring); log_write(0, LOG_MAIN, "TLS error (SSL_read): %s", ssl_errstring); - ssl_xfer_error = 1; + ssl_xfer_error = TRUE; return FALSE; } else if (error != SSL_ERROR_NONE) { DEBUG(D_tls) debug_printf("Got SSL error %d\n", error); - ssl_xfer_error = 1; + ssl_xfer_error = TRUE; return FALSE; } @@ -2766,14 +2793,13 @@ if (shutdown) } } +#ifndef DISABLE_OCSP if (is_server) { sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free); - sk_X509_NAME_pop_free(server_static_cbinfo->acceptable_certnames, - X509_NAME_free); server_static_cbinfo->verify_stack = NULL; - server_static_cbinfo->acceptable_certnames = NULL; } +#endif SSL_CTX_free(*ctxp); SSL_free(*sslp); @@ -2828,8 +2854,11 @@ while (*s != 0) { if (*s == '_') *s = '-'; s++; } err = NULL; -ctx = SSL_CTX_new(SSLv23_server_method()); -if (!ctx) +#ifdef EXIM_HAVE_OPENSSL_TLS_METHOD +if (!(ctx = SSL_CTX_new(TLS_server_method()))) +#else +if (!(ctx = SSL_CTX_new(SSLv23_server_method()))) +#endif { ERR_error_string(ERR_get_error(), ssl_errstring); return string_sprintf("SSL_CTX_new() failed: %s", ssl_errstring);