#include <unistd.h>
#include <utime.h>
+/* Set to TRUE to enable debug output */
+#define DEBUG if (FALSE)
+
#ifdef AF_INET6
#define HAVE_IPV6 1
#endif
{
rc = gnutls_certificate_set_x509_key_file(x509_cred, CS certificate,
CS privatekey, GNUTLS_X509_FMT_PEM);
- if (rc < 0) gnutls_error("gnutls_certificate", rc);
+ if (rc < 0) gnutls_error(US"gnutls_certificate", rc);
}
/* Associate the parameters with the x509 credentials structure. */
nextinput:
if (*inptr == 0) /* Refill input buffer */
{
+ unsigned char *inbufferp = inbuffer;
+
alarm(timeout);
- if (srv->tls_active)
- {
- #ifdef HAVE_OPENSSL
- rc = SSL_read(srv->ssl, inbuffer, bsiz - 1);
- #endif
- #ifdef HAVE_GNUTLS
- rc = gnutls_record_recv(tls_session, CS inbuffer, bsiz - 1);
- #endif
- }
- else
- rc = read(srv->sock, inbuffer, bsiz);
+ for (;;)
+ {
+ if (srv->tls_active)
+ {
+#ifdef HAVE_OPENSSL
+ int error;
+ DEBUG { printf("call SSL_read\n"); fflush(stdout); }
+ rc = SSL_read(srv->ssl, inbufferp, bsiz - (inbufferp - inbuffer) - 1);
+ DEBUG { printf("SSL_read: %d\n", rc); fflush(stdout); }
+ if (rc <= 0)
+ switch (error = SSL_get_error(srv->ssl, rc))
+ {
+ case SSL_ERROR_ZERO_RETURN:
+ break;
+ case SSL_ERROR_SYSCALL:
+ printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
+ rc = -1;
+ break;
+ case SSL_ERROR_SSL:
+ printf("%s\nTLS terminated\n", ERR_error_string(ERR_get_error(), NULL));
+ SSL_shutdown(srv->ssl);
+ SSL_free(srv->ssl);
+ srv->tls_active = FALSE;
+ { /* OpenSSL leaves it in restartsys mode */
+ struct sigaction act = {.sa_handler = sigalrm_handler_flag, .sa_flags = 0};
+ sigalrm_seen = 1;
+ sigaction(SIGALRM, &act, NULL);
+ }
+ *inptr = 0;
+ DEBUG { printf("go round\n"); fflush(stdout); }
+ goto nextinput;
+ default:
+ printf("SSL error code %d\n", error);
+ }
+#endif
+#ifdef HAVE_GNUTLS
+ retry1:
+ DEBUG { printf("call gnutls_record_recv\n"); fflush(stdout); }
+ rc = gnutls_record_recv(tls_session, CS inbufferp, bsiz - (inbufferp - inbuffer) - 1);
+ if (rc < 0)
+ {
+ DEBUG { printf("gnutls_record_recv: %s\n", gnutls_strerror(rc)); fflush(stdout); }
+ if (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN)
+ goto retry1;
+ printf("%s\n", gnutls_strerror(rc));
+ srv->tls_active = FALSE;
+ *inptr = 0;
+ DEBUG { printf("go round\n"); fflush(stdout); }
+ goto nextinput;
+ }
+ DEBUG { printf("gnutls_record_recv: %d\n", rc); fflush(stdout); }
+#endif
+ }
+ else
+ {
+ DEBUG { printf("call read\n"); fflush(stdout); }
+ rc = read(srv->sock, inbufferp, bsiz - (inbufferp - inbuffer) - 1);
+ DEBUG { printf("read: %d\n", rc); fflush(stdout); }
+ }
+
+ if (rc > 0) inbufferp[rc] = '\0';
+ if (rc <= 0 || strchr(inbufferp, '\n')) break;
+ inbufferp += rc;
+ if (inbufferp >= inbuffer + bsiz)
+ {
+ printf("Input buffer overrun, need more than %d bytes input buffer\n", bsiz);
+ exit(73);
+ }
+ DEBUG { printf("read more\n"); }
+ }
alarm(0);
if (rc < 0)
{
- printf("Read error %s\n", strerror(errno));
+ if (errno == EINTR && sigalrm_seen && resp_optional)
+ continue; /* next scriptline */
+ printf("Read error: %s\n", strerror(errno));
exit(81);
}
else if (rc == 0)
printf("Expected EOF read\n");
continue;
}
+ else if (resp_optional)
+ continue; /* next scriptline */
else
{
printf("Unexpected EOF read\n");
exit(74);
}
else
- {
- inbuffer[rc] = 0;
inptr = inbuffer;
- }
}
+ DEBUG { printf("read: '%s'\n", inptr); fflush(stdout); }
lineptr = inptr;
while (*inptr != 0 && *inptr != '\r' && *inptr != '\n') inptr++;
exit(79);
}
- /* input matched script */
+ /* Input matched script. Output the inputline, unless optional */
+ DEBUG { printf("read matched\n"); fflush(stdout); }
+
+ if (!resp_optional)
+ printf("<<< %s\n", lineptr);
+ else
- if (resp_optional)
- goto nextinput; /* consume inputline, not scriptline */
+ /* If there is further input after this line, consume inputline but not
+ scriptline in case there are several matching. Nonmatches are dealt with
+ above. */
- printf("<<< %s\n", lineptr);
+ if (*inptr != 0)
+ goto nextinput;
#ifdef HAVE_TLS
if (srv->sent_starttls)
#ifdef HAVE_GNUTLS
{
int rc;
+ fd_set rfd;
+ struct timeval tv = { 0, 2000 };
+
sigalrm_seen = FALSE;
alarm(timeout);
do {
alarm(0);
if (!srv->tls_active) printf("%s\n", gnutls_strerror(rc));
+
+ /* look for an error on the TLS conn */
+ FD_ZERO(&rfd);
+ FD_SET(srv->sock, &rfd);
+ if (select(srv->sock+1, &rfd, NULL, NULL, &tv) > 0)
+ {
+ retry2:
+ DEBUG { printf("call gnutls_record_recv\n"); fflush(stdout); }
+ rc = gnutls_record_recv(tls_session, CS inbuffer, bsiz - 1);
+ if (rc < 0)
+ {
+ DEBUG { printf("gnutls_record_recv: %s\n", gnutls_strerror(rc)); fflush(stdout); }
+ if (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN)
+ goto retry2;
+ printf("%s\n", gnutls_strerror(rc));
+ srv->tls_active = FALSE;
+ }
+ DEBUG { printf("gnutls_record_recv: %d\n", rc); fflush(stdout); }
+ }
}
#endif
srv_ctx srv;
-unsigned char inbuffer[10240];
+unsigned char inbuffer[100 * 1024];
unsigned char *inptr = inbuffer;
*inptr = 0; /* Buffer empty */
#if HAVE_IPV6
if (host_af == AF_INET6)
{
+# ifdef HAVE_GETADDRINFO
+ struct addrinfo hints, *res;
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = AF_INET6;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_NUMERICHOST;
+ if ((rc = getaddrinfo(address, NULL, &hints, &res)) != 0 || res == NULL)
+ {
+ printf("unable to parse \"%s\" as an IP address: %s\n", address,
+ rc == 0 ? "NULL result returned" : gai_strerror(rc));
+ exit(86);
+ }
+ memcpy(&s_in6, res->ai_addr, res->ai_addrlen);
+ freeaddrinfo(res);
+# else
memset(&s_in6, 0, sizeof(s_in6));
s_in6.sin6_family = AF_INET6;
- s_in6.sin6_port = htons(port);
if (inet_pton(host_af, address, &s_in6.sin6_addr) != 1)
{
printf("Unable to parse \"%s\"", address);
exit(86);
}
+# endif
+ s_in6.sin6_port = htons(port);
}
else
#endif
#ifdef HAVE_GNUTLS
if (certfile != NULL) printf("Certificate file = %s\n", certfile);
if (keyfile != NULL) printf("Key file = %s\n", keyfile);
-tls_init(certfile, keyfile);
+tls_init(US certfile, US keyfile);
tls_session = tls_session_init();
#ifdef HAVE_OCSP
if (ocsp_stapling)
projects / exim.git / blobdiff