From c59b09dc16145178a29850e7bda7d6bc6dedbc58 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 17 May 2018 09:27:49 +0100 Subject: [PATCH] ARC: better diagnostics for keyfile issues --- src/src/arc.c | 3 +++ src/src/pdkim/signing.c | 14 +++++++++----- test/log/4560 | 2 +- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/src/src/arc.c b/src/src/arc.c index 58811274e..dd2ad51b0 100644 --- a/src/src/arc.c +++ b/src/src/arc.c @@ -1258,6 +1258,9 @@ if ( (errstr = exim_dkim_signing_init(privkey, &sctx)) || (errstr = exim_dkim_sign(&sctx, hm, &hhash, sig))) { log_write(0, LOG_MAIN, "ARC: %s signing: %s\n", why, errstr); + DEBUG(D_transport) + debug_printf("private key, or private-key file content, was: '%s'\n", + privkey); return FALSE; } return TRUE; diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c index 0545e483a..18b357eaa 100644 --- a/src/src/pdkim/signing.c +++ b/src/src/pdkim/signing.c @@ -90,14 +90,17 @@ exim_dkim_signing_init(const uschar * privkey_pem, es_ctx * sign_ctx) { gnutls_datum_t k = { .data = (void *)privkey_pem, .size = Ustrlen(privkey_pem) }; gnutls_x509_privkey_t x509_key; +const uschar * where; int rc; -if ( (rc = gnutls_x509_privkey_init(&x509_key)) - || (rc = gnutls_x509_privkey_import(x509_key, &k, GNUTLS_X509_FMT_PEM)) +if ( (where = US"internal init", rc = gnutls_x509_privkey_init(&x509_key)) || (rc = gnutls_privkey_init(&sign_ctx->key)) - || (rc = gnutls_privkey_import_x509(sign_ctx->key, x509_key, 0)) + || (where = US"privkey PEM-block import", + rc = gnutls_x509_privkey_import(x509_key, &k, GNUTLS_X509_FMT_PEM)) + || (where = US"internal privkey transfer", + rc = gnutls_privkey_import_x509(sign_ctx->key, x509_key, 0)) ) - return CUS gnutls_strerror(rc); + return string_sprintf("%s: %s", where, gnutls_strerror(rc)); switch (rc = gnutls_privkey_get_pk_algorithm(sign_ctx->key, NULL)) { @@ -712,7 +715,8 @@ exim_dkim_signing_init(const uschar * privkey_pem, es_ctx * sign_ctx) BIO * bp = BIO_new_mem_buf(privkey_pem, -1); if (!(sign_ctx->key = PEM_read_bio_PrivateKey(bp, NULL, NULL, NULL))) - return US ERR_error_string(ERR_get_error(), NULL); + return string_sprintf("privkey PEM-block import: %s", + ERR_error_string(ERR_get_error(), NULL)); sign_ctx->keytype = #ifdef SIGN_HAVE_ED25519 diff --git a/test/log/4560 b/test/log/4560 index c072bdda0..2ffd41b45 100644 --- a/test/log/4560 +++ b/test/log/4560 @@ -254,7 +254,7 @@ 1999-03-02 09:44:33 10HmbR-0005vi-00 oldest-p-ams: <> 1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss for za@test.ex 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmbR-0005vi-00 ARC: AMS signing: error:0906D06C:PEM routines:PEM_read_bio:no start line +1999-03-02 09:44:33 10HmbR-0005vi-00 ARC: AMS signing: privkey PEM-block import: error:0906D06C:PEM routines:PEM_read_bio:no start line 1999-03-02 09:44:33 10HmbS-0005vi-00 arc_state: 1999-03-02 09:44:33 10HmbS-0005vi-00 domains: <> -- 2.25.1