by (a) is thought to be smaller than that of the set
of root CAs.
+It also allows the server to declare (implicitly) that
+connections to it should use TLS. An MITM could simply
+fail to pass on a server's STARTTLS.
+
DANE scales better than having to maintain (and
side-channel communicate) copies of server certificates
for every possible target server. It also scales
operation of DANE.
The TLSA record for the server may have "certificate
-usage" of DANE_TA(2) or DANE_EE(3). The latter specifies
+usage" of DANE-TA(2) or DANE-EE(3). The latter specifies
the End Entity directly, i.e. the certificate involved
is that of the server (and should be the sole one transmitted
during the TLS handshake); this is appropriate for a
single system, using a self-signed certificate.
- DANE_TA usage is effectively declaring a specific CA
+ DANE-TA usage is effectively declaring a specific CA
to be used; this might be a private CA or a public,
well-known one. A private CA at simplest is just
a self-signed certificate which is used to sign
If a public CA is used then all clients must be primed with it
(losing one advantage of DANE) - but the attack surface is
reduced from all public CAs to that single CA.
-DANE_TA is commonly used for several services and/or
+DANE-TA is commonly used for several services and/or
servers, each having a TLSA query-domain CNAME record,
all of which point to a single TLSA record.
are workable for 4th-field hashes.
-For use with the DANE_TA model, server certificates
+For use with the DANE-TA model, server certificates
must have a correct name (SubjectName or SubjectAltName).
The use of OCSP-stapling should be considered, allowing
for fast revocation of certificates (which would otherwise
be limited by the DNS TTL on the TLSA records). However,
-this is likely to only be usable with DANE_TA. NOTE: the
+this is likely to only be usable with DANE-TA. NOTE: the
default of requesting OCSP for all hosts is modified iff
DANE is in use, to:
The (new) variable $tls_out_tlsa_usage is a bitfield with
numbered bits set for TLSA record usage codes.
The zero above means DANE was not in use,
-the four means that only DANE_TA usage TLSA records were
-found. If the definition of hosts_require_ocsp or
-hosts_request_ocsp includes the string "tls_out_tlsa_usage",
-they are re-expanded in time to control the OCSP request.
+the four means that only DANE-TA usage TLSA records were
+found. If the definition of hosts_request_ocsp includes the
+string "tls_out_tlsa_usage", they are re-expanded in time to
+control the OCSP request.
This modification of hosts_request_ocsp is only done if
it has the default value of "*". Admins who change it, and
DANE will only be usable if the target host has DNSSEC-secured
MX, A and TLSA records.
+A TLSA lookup will be done if either of the above options match
+and the host-lookup succeded using dnssec.
+If the TLSA lookup succeeds, a TLS connection will be required
+for the host.
+
(TODO: specify when fallback happens vs. when the host is not used)
If dane is in use the following transport options are ignored:
+ hosts_require_tls
tls_verify_hosts
tls_try_verify_hosts
tls_verify_certificates
extern uschar * tls_cert_fprt_sha256(void *);
extern int tls_client_start(int, host_item *, address_item *,
- transport_instance *);
+ transport_instance *
+#ifdef EXPERIMENTAL_DANE
+ , dns_answer *
+#endif
+ );
extern void tls_close(BOOL, BOOL);
extern int tls_export_cert(uschar *, size_t, void *);
extern int tls_feof(void);
# ifdef EXPERIMENTAL_CERTNAMES
extern BOOL tls_is_name_for_cert(uschar *, void *);
# endif
+
+# ifdef EXPERIMENTAL_DANE
+extern int tlsa_lookup(host_item *, dns_answer *, BOOL, BOOL *);
+# endif
+
#endif /*SUPPORT_TLS*/
int
tls_client_start(int fd, host_item *host,
address_item *addr ARG_UNUSED,
- transport_instance *tb)
+ transport_instance *tb
+#ifdef EXPERIMENTAL_DANE
+ , dne_answer * unused_tlsa_dnsa
+#endif
+ )
{
smtp_transport_options_block *ob =
(smtp_transport_options_block *)tb->options_block;
#ifdef EXPERIMENTAL_DANE
-static int
-tlsa_lookup(host_item * host, dns_answer * dnsa,
- BOOL dane_required, BOOL * dane)
-{
-/* move this out to host.c given the similarity to dns_lookup() ? */
-uschar buffer[300];
-uschar * fullname = buffer;
-
-/* TLSA lookup string */
-(void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
-
-switch (dns_lookup(dnsa, buffer, T_TLSA, &fullname))
- {
- case DNS_AGAIN:
- return DEFER; /* just defer this TLS'd conn */
-
- default:
- case DNS_FAIL:
- if (dane_required)
- {
- log_write(0, LOG_MAIN, "DANE error: TLSA lookup failed");
- return FAIL;
- }
- break;
-
- case DNS_SUCCEED:
- if (!dns_is_secure(dnsa))
- {
- log_write(0, LOG_MAIN, "DANE error: TLSA lookup not DNSSEC");
- return DEFER;
- }
- *dane = TRUE;
- break;
- }
-return OK;
-}
-
-
static int
dane_tlsa_load(SSL * ssl, host_item * host, dns_answer * dnsa)
{
host connected host (for messages)
addr the first address
tb transport (always smtp)
+ tlsa_dnsa tlsa lookup, if DANE, else null
Returns: OK on success
FAIL otherwise - note that tls_error() will not give DEFER
int
tls_client_start(int fd, host_item *host, address_item *addr,
- transport_instance *tb)
+ transport_instance *tb
+#ifdef EXPERIMENTAL_DANE
+ , dns_answer * tlsa_dnsa
+#endif
+ )
{
smtp_transport_options_block * ob =
(smtp_transport_options_block *)tb->options_block;
BOOL request_ocsp = FALSE;
BOOL require_ocsp = FALSE;
#endif
-#ifdef EXPERIMENTAL_DANE
-dns_answer tlsa_dnsa;
-BOOL dane = FALSE;
-BOOL dane_required;
-#endif
#ifdef EXPERIMENTAL_DANE
-tls_out.dane_verified = FALSE;
tls_out.tlsa_usage = 0;
-dane_required = verify_check_this_host(&ob->hosts_require_dane, NULL,
- host->name, host->address, NULL) == OK;
-
-if (host->dnssec == DS_YES)
- {
- if( dane_required
- || verify_check_this_host(&ob->hosts_try_dane, NULL,
- host->name, host->address, NULL) == OK
- )
- if ((rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK)
- return rc;
- }
-else if (dane_required)
- {
- /*XXX a shame we only find this after making tcp & smtp connection */
- /* move the test earlier? */
- log_write(0, LOG_MAIN, "DANE error: previous lookup not DNSSEC");
- return FAIL;
- }
#endif
#ifndef DISABLE_OCSP
else
{
# ifdef EXPERIMENTAL_DANE
- if ( dane
+ if ( tlsa_dnsa
&& ob->hosts_request_ocsp[0] == '*'
&& ob->hosts_request_ocsp[1] == '\0'
)
}
#ifdef EXPERIMENTAL_DANE
-if (dane)
+if (tlsa_dnsa)
{
SSL_CTX_set_verify(client_ctx, SSL_VERIFY_PEER, verify_callback_client_dane);
}
#ifdef EXPERIMENTAL_DANE
-if (dane)
- if ((rc = dane_tlsa_load(client_ssl, host, &tlsa_dnsa)) != OK)
+if (tlsa_dnsa)
+ if ((rc = dane_tlsa_load(client_ssl, host, tlsa_dnsa)) != OK)
return rc;
#endif
client_static_cbinfo->event_action = tb->tpda_event_action;
#endif
-#ifdef EXPERIMENTAL_TPDA
-client_static_cbinfo->event_action = tb->tpda_event_action;
-#endif
-
/* There doesn't seem to be a built-in timeout on connection. */
DEBUG(D_tls) debug_printf("Calling SSL_connect\n");
alarm(0);
#ifdef EXPERIMENTAL_DANE
-if (dane)
+if (tlsa_dnsa)
DANESSL_cleanup(client_ssl);
#endif
NULL, /* hosts_try_prdr */
#endif
#ifndef DISABLE_OCSP
- US"*", /* hosts_request_ocsp (except under DANE) */
+ US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */
NULL, /* hosts_require_ocsp */
#endif
NULL, /* hosts_require_tls */
+#ifdef EXPERIMENTAL_DANE
+int
+tlsa_lookup(host_item * host, dns_answer * dnsa,
+ BOOL dane_required, BOOL * dane)
+{
+/* move this out to host.c given the similarity to dns_lookup() ? */
+uschar buffer[300];
+uschar * fullname = buffer;
+
+/* TLSA lookup string */
+(void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
+
+switch (dns_lookup(dnsa, buffer, T_TLSA, &fullname))
+ {
+ case DNS_AGAIN:
+ return DEFER; /* just defer this TLS'd conn */
+
+ default:
+ case DNS_FAIL:
+ if (dane_required)
+ {
+ log_write(0, LOG_MAIN, "DANE error: TLSA lookup failed");
+ return FAIL;
+ }
+ break;
+
+ case DNS_SUCCEED:
+ if (!dns_is_secure(dnsa))
+ {
+ log_write(0, LOG_MAIN, "DANE error: TLSA lookup not DNSSEC");
+ return DEFER;
+ }
+ *dane = TRUE;
+ break;
+ }
+return OK;
+}
+#endif
+
+
/*************************************************
* Deliver address list to given host *
*************************************************/
#ifdef EXPERIMENTAL_DSN
BOOL dsn_all_lasthop = TRUE;
#endif
+#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
+BOOL dane = FALSE;
+dns_answer tlsa_dnsa;
+#endif
smtp_inblock inblock;
smtp_outblock outblock;
int max_rcpt = tblock->max_addresses;
return DEFER;
}
+#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
+ {
+ BOOL dane_required;
+
+ tls_out.dane_verified = FALSE;
+ tls_out.tlsa_usage = 0;
+
+ dane_required = verify_check_this_host(&ob->hosts_require_dane, NULL,
+ host->name, host->address, NULL) == OK;
+
+ if (host->dnssec == DS_YES)
+ {
+ if( dane_required
+ || verify_check_this_host(&ob->hosts_try_dane, NULL,
+ host->name, host->address, NULL) == OK
+ )
+ if ((rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK)
+ return rc;
+ }
+ else if (dane_required)
+ {
+ log_write(0, LOG_MAIN, "DANE error: %s lookup not DNSSEC", host->name);
+ return FAIL;
+ }
+
+ if (dane)
+ ob->tls_tempfail_tryclear = FALSE;
+ }
+#endif /*DANE*/
+
/* Expand the greeting message while waiting for the initial response. (Makes
sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
delayed till here so that $sending_interface and $sending_port are set. */
else
TLS_NEGOTIATE:
{
- int rc = tls_client_start(inblock.sock, host, addrlist, tblock);
+ int rc = tls_client_start(inblock.sock, host, addrlist, tblock
+# ifdef EXPERIMENTAL_DANE
+ , dane ? &tlsa_dnsa : NULL
+# endif
+ );
/* TLS negotiation failed; give an error. From outside, this function may
be called again to try in clear on a new connection, if the options permit
/* If the host is required to use a secure channel, ensure that we
have one. */
-else if ( verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
- host->address, NULL) == OK
-#ifdef EXPERIMENTAL_DANE
- || verify_check_this_host(&(ob->hosts_require_dane), NULL, host->name,
+else if (
+# ifdef EXPERIMENTAL_DANE
+ dane ||
+# endif
+ verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
host->address, NULL) == OK
-#endif
)
{
save_errno = ERRNO_TLSREQUIRED;
"the server did not offer TLS support");
goto TLS_FAILED;
}
-#endif
+#endif /*SUPPORT_TLS*/
/* If TLS is active, we have just started it up and re-done the EHLO command,
so its response needs to be analyzed. If TLS is not active and this is a
&& ob->tls_tempfail_tryclear
&& verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
host->address, NULL) != OK
-# ifdef EXPERIMENTAL_DANE
- && verify_check_this_host(&(ob->hosts_require_dane), NULL, host->name,
- host->address, NULL) != OK
-# endif
)
{
log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
BOOL esmtp;
BOOL suppress_tls = FALSE;
uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
+#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
+ BOOL dane = FALSE;
+ dns_answer tlsa_dnsa;
+#endif
uschar inbuffer[4096];
uschar outbuffer[1024];
uschar responsebuffer[4096];
HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port);
+#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
+ {
+ BOOL dane_required;
+ int rc;
+
+ tls_out.dane_verified = FALSE;
+ tls_out.tlsa_usage = 0;
+
+ dane_required = verify_check_this_host(&ob->hosts_require_dane, NULL,
+ host->name, host->address, NULL) == OK;
+
+ if (host->dnssec == DS_YES)
+ {
+ if( dane_required
+ || verify_check_this_host(&ob->hosts_try_dane, NULL,
+ host->name, host->address, NULL) == OK
+ )
+ if ((rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK)
+ return rc;
+ }
+ else if (dane_required)
+ {
+ log_write(0, LOG_MAIN, "DANE error: %s lookup not DNSSEC", host->name);
+ return FAIL;
+ }
+
+ if (dane)
+ ob->tls_tempfail_tryclear = FALSE;
+ }
+#endif /*DANE*/
+
/* Set up the buffer for reading SMTP response packets. */
inblock.buffer = inbuffer;
int rc;
ob->command_timeout = callout;
- rc = tls_client_start(inblock.sock, host, addr, addr->transport);
+ rc = tls_client_start(inblock.sock, host, addr, addr->transport
+#ifdef EXPERIMENTAL_DANE
+ , dane ? &tlsa_dnsa : NULL
+#endif
+ );
ob->command_timeout = oldtimeout;
/* TLS negotiation failed; give an error. Try in clear on a new connection,
&& !smtps
&& verify_check_this_host(&(ob->hosts_require_tls), NULL,
host->name, host->address, NULL) != OK
-#ifdef EXPERIMENTAL_DANE
- && verify_check_this_host(&(ob->hosts_require_dane), NULL,
- host->name, host->address, NULL) != OK
-#endif
)
{
(void)close(inblock.sock);
/* If the host is required to use a secure channel, ensure that we have one. */
if (tls_out.active < 0)
- if ( verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
- host->address, NULL) == OK
+ if (
#ifdef EXPERIMENTAL_DANE
- || verify_check_this_host(&(ob->hosts_require_dane), NULL, host->name,
- host->address, NULL) == OK
+ dane ||
#endif
+ verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
+ host->address, NULL) == OK
)
{
/*save_errno = ERRNO_TLSREQUIRED;*/