From 5c8cda3a8089ff340224e6ab147d4bbe18dca0e2 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Thu, 17 May 2012 20:07:04 -0400 Subject: [PATCH] CRL addition returns count of CRLs added A couple more cert1/2 strings updated, plus some disambiguating rhubarb. --- src/src/tls-gnu.c | 13 +++++++---- test/log/2014 | 13 ++++++----- test/rejectlog/2014 | 6 ++--- test/scripts/2000-GnuTLS/2014 | 18 +++++++------- test/stdout/2014 | 44 +++++++++++++++++------------------ 5 files changed, 49 insertions(+), 45 deletions(-) diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 1953be1e4..a9a82e88f 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -728,15 +728,18 @@ if (cert_count < 0) } DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n", cert_count); -if (state->tls_crl && *state->tls_crl) +if (state->tls_crl && *state->tls_crl && + state->exp_tls_crl && *state->exp_tls_crl) { - if (state->exp_tls_crl && *state->exp_tls_crl) + DEBUG(D_tls) debug_printf("loading CRL file = %s\n", state->exp_tls_crl); + cert_count = gnutls_certificate_set_x509_crl_file(state->x509_cred, + CS state->exp_tls_crl, GNUTLS_X509_FMT_PEM); + if (cert_count < 0) { - DEBUG(D_tls) debug_printf("loading CRL file = %s\n", state->exp_tls_crl); - rc = gnutls_certificate_set_x509_crl_file(state->x509_cred, - CS state->exp_tls_crl, GNUTLS_X509_FMT_PEM); + rc = cert_count; exim_gnutls_err_check(US"gnutls_certificate_set_x509_crl_file"); } + DEBUG(D_tls) debug_printf("Processed %d CRLs.\n", cert_count); } return OK; diff --git a/test/log/2014 b/test/log/2014 index 0abc041e2..554100b77 100644 --- a/test/log/2014 +++ b/test/log/2014 @@ -1,8 +1,9 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate. -1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F= rejected RCPT : certificate not verified: peerdn= -1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid -1999-03-02 09:44:33 H=[127.0.0.1] F= rejected RCPT : certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel +1999-03-02 09:44:33 TLS error on connection from (rhu1.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate. +1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F= rejected RCPT : certificate not verified: peerdn= +1999-03-02 09:44:33 TLS error on connection from (rhu5.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid +1999-03-02 09:44:33 H=[127.0.0.1] F= rejected RCPT : certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): revoked -1999-03-02 09:44:33 H=[127.0.0.1] F= rejected RCPT : certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel +1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): A TLS packet with unexpected length was received. +1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. +1999-03-02 09:44:33 H=[127.0.0.1] F= rejected RCPT : certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock diff --git a/test/rejectlog/2014 b/test/rejectlog/2014 index b8cc95ac2..fb9f7cd99 100644 --- a/test/rejectlog/2014 +++ b/test/rejectlog/2014 @@ -1,3 +1,3 @@ -1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F= rejected RCPT : certificate not verified: peerdn= -1999-03-02 09:44:33 H=[127.0.0.1] F= rejected RCPT : certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel -1999-03-02 09:44:33 H=[127.0.0.1] F= rejected RCPT : certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel +1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F= rejected RCPT : certificate not verified: peerdn= +1999-03-02 09:44:33 H=[127.0.0.1] F= rejected RCPT : certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock +1999-03-02 09:44:33 H=[127.0.0.1] F= rejected RCPT : certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock diff --git a/test/scripts/2000-GnuTLS/2014 b/test/scripts/2000-GnuTLS/2014 index 3e6710b59..dfddfa54c 100644 --- a/test/scripts/2000-GnuTLS/2014 +++ b/test/scripts/2000-GnuTLS/2014 @@ -5,7 +5,7 @@ exim -DSERVER=server -bd -oX PORT_D # No certificate, certificate required client-gnutls HOSTIPV4 PORT_D ??? 220 -ehlo rhu.barb +ehlo rhu1.barb ??? 250- ??? 250- ??? 250- @@ -18,7 +18,7 @@ starttls # No certificate, certificate optional at TLS time, required by ACL client-gnutls 127.0.0.1 PORT_D ??? 220 -ehlo rhu.barb +ehlo rhu2.barb ??? 250- ??? 250- ??? 250- @@ -27,7 +27,7 @@ ehlo rhu.barb ??? 250 starttls ??? 220 -helo rhu.barb +helo rhu2tls.barb ??? 250 mail from: ??? 250 @@ -39,7 +39,7 @@ quit # Good certificate, certificate required client-gnutls HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 ??? 220 -ehlo rhu.barb +ehlo rhu3.barb ??? 250- ??? 250- ??? 250- @@ -58,7 +58,7 @@ quit # Good certificate, certificate optional at TLS time, checked by ACL client-gnutls 127.0.0.1 PORT_D aux-fixed/cert2 aux-fixed/cert2 ??? 220 -ehlo rhu.barb +ehlo rhu4.barb ??? 250- ??? 250- ??? 250- @@ -77,7 +77,7 @@ quit # Bad certificate, certificate required client-gnutls HOSTIPV4 PORT_D aux-fixed/cert1 aux-fixed/cert1 ??? 220 -ehlo rhu.barb +ehlo rhu5.barb ??? 250- ??? 250- ??? 250- @@ -90,7 +90,7 @@ starttls # Bad certificate, certificate optional at TLS time, reject at ACL time client-gnutls 127.0.0.1 PORT_D aux-fixed/cert1 aux-fixed/cert1 ??? 220 -ehlo rhu.barb +ehlo rhu6.barb ??? 250- ??? 250- ??? 250- @@ -113,7 +113,7 @@ exim -DCRL=DIR/aux-fixed/crl.pem -DSERVER=server -bd -oX PORT_D # Good but revoked certificate, certificate required client-gnutls HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 ??? 220 -ehlo rhu.barb +ehlo rhu7.barb ??? 250- ??? 250- ??? 250- @@ -126,7 +126,7 @@ starttls # Revoked certificate, certificate optional at TLS time, reject at ACL time client-gnutls 127.0.0.1 PORT_D aux-fixed/cert1 aux-fixed/cert1 ??? 220 -ehlo rhu.barb +ehlo rhu8.barb ??? 250- ??? 250- ??? 250- diff --git a/test/stdout/2014 b/test/stdout/2014 index 0c14ca635..56c959f20 100644 --- a/test/stdout/2014 +++ b/test/stdout/2014 @@ -1,9 +1,9 @@ Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu1.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu1.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- @@ -23,9 +23,9 @@ End of script Connecting to 127.0.0.1 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu2.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu2.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- @@ -41,9 +41,9 @@ Connecting to 127.0.0.1 port 1225 ... connected <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS ->>> helo rhu.barb +>>> helo rhu2tls.barb ??? 250 -<<< 250 myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250 myhost.test.ex Hello rhu2tls.barb [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK @@ -59,9 +59,9 @@ Certificate file = aux-fixed/cert2 Key file = aux-fixed/cert2 ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu3.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu3.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- @@ -92,9 +92,9 @@ Certificate file = aux-fixed/cert2 Key file = aux-fixed/cert2 ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu4.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu4.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- @@ -125,9 +125,9 @@ Certificate file = aux-fixed/cert1 Key file = aux-fixed/cert1 ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu5.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu5.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- @@ -149,9 +149,9 @@ Certificate file = aux-fixed/cert1 Key file = aux-fixed/cert1 ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu6.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu6.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- @@ -172,9 +172,9 @@ Succeeded in starting TLS <<< 250 OK >>> rcpt to: ??? 550- -<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of +<<< 550-certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test ??? 550 -<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel +<<< 550 Suite,CN=Phil Pennock >>> quit ??? 221 <<< 221 myhost.test.ex closing connection @@ -184,9 +184,9 @@ Certificate file = aux-fixed/cert2 Key file = aux-fixed/cert2 ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu7.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu7.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- @@ -208,9 +208,9 @@ Certificate file = aux-fixed/cert1 Key file = aux-fixed/cert1 ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu8.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu8.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- @@ -231,9 +231,9 @@ Succeeded in starting TLS <<< 250 OK >>> rcpt to: ??? 550- -<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of +<<< 550-certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test ??? 550 -<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel +<<< 550 Suite,CN=Phil Pennock >>> quit ??? 221 <<< 221 myhost.test.ex closing connection -- 2.25.1