From: Jeremy Harris Date: Sun, 10 Feb 2019 19:48:57 +0000 (+0000) Subject: GnuTLS: trim error messages X-Git-Tag: exim-4.93-RC0~284^2~1 X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=commitdiff_plain;h=806db4f5016cd54177138fe1234b5dfa450d9c49 GnuTLS: trim error messages --- diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 7d52369e0..76f733379 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -362,7 +362,7 @@ Argument: state the current GnuTLS exim state container rc the GnuTLS error code, or 0 if it's a local error when text identifying read or write - text local error text when ec is 0 + text local error text when rc is 0 Returns: nothing */ @@ -374,7 +374,7 @@ const uschar * msg; uschar * errstr; if (rc == GNUTLS_E_FATAL_ALERT_RECEIVED) - msg = string_sprintf("%s: %s", US gnutls_strerror(rc), + msg = string_sprintf("A TLS fatal alert has been received: %s", US gnutls_alert_get_name(gnutls_alert_get(state->session))); else msg = US gnutls_strerror(rc); @@ -1557,10 +1557,9 @@ if (!cert_list || cert_list_size == 0) return OK; } -ct = gnutls_certificate_type_get(state->session); -if (ct != GNUTLS_CRT_X509) +if ((ct = gnutls_certificate_type_get(state->session)) != GNUTLS_CRT_X509) { - const uschar *ctn = US gnutls_certificate_type_get_name(ct); + const uschar * ctn = US gnutls_certificate_type_get_name(ct); DEBUG(D_tls) debug_printf("TLS: peer cert not X.509 but instead \"%s\"\n", ctn); if (state->verify_requirement >= VERIFY_REQUIRED) @@ -1636,7 +1635,7 @@ if (state->verify_requirement == VERIFY_NONE) DEBUG(D_tls) debug_printf("TLS: checking peer certificate\n"); *errstr = NULL; -if ((rc = peer_status(state, errstr)) != OK) +if ((rc = peer_status(state, errstr)) != OK || !state->peerdn) { verify = GNUTLS_CERT_INVALID; *errstr = US"certificate not supplied"; @@ -2695,7 +2694,7 @@ else if (inbytes == 0) else if (inbytes < 0) { - DEBUG(D_tls) debug_printf("%s: err from gnutls_record_recv(\n", __FUNCTION__); + DEBUG(D_tls) debug_printf("%s: err from gnutls_record_recv\n", __FUNCTION__); record_io_error(state, (int) inbytes, US"recv", NULL); state->xfer_error = TRUE; return FALSE; @@ -2828,7 +2827,7 @@ if (inbytes == 0) } else { - DEBUG(D_tls) debug_printf("%s: err from gnutls_record_recv(\n", __FUNCTION__); + DEBUG(D_tls) debug_printf("%s: err from gnutls_record_recv\n", __FUNCTION__); record_io_error(state, (int)inbytes, US"recv", NULL); } diff --git a/test/log/2000 b/test/log/2000 index 616cf971d..cf1865cc1 100644 --- a/test/log/2000 +++ b/test/log/2000 @@ -7,5 +7,5 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex diff --git a/test/log/2001 b/test/log/2001 index 9671dd51e..ca00ad5d4 100644 --- a/test/log/2001 +++ b/test/log/2001 @@ -8,5 +8,5 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad diff --git a/test/log/2012 b/test/log/2012 index 49c32bdf1..9d462259e 100644 --- a/test/log/2012 +++ b/test/log/2012 @@ -26,11 +26,11 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmbB-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmbC-0005vi-00@myhost.test.ex diff --git a/test/log/2033 b/test/log/2033 index b273a3217..cf0b23050 100644 --- a/test/log/2033 +++ b/test/log/2033 @@ -13,7 +13,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@myhost.test.ex diff --git a/test/log/5651 b/test/log/5651 index da0eb165e..70e47fd2b 100644 --- a/test/log/5651 +++ b/test/log/5651 @@ -32,6 +32,6 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. diff --git a/test/log/5710 b/test/log/5710 index ed0438c48..6e9773cd7 100644 --- a/test/log/5710 +++ b/test/log/5710 @@ -44,7 +44,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 [127.0.0.1] depth=0 CN=server2.example.com -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 [127.0.0.1] depth=0 CN=server2.example.com 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server2.example.com" S=sss id=E10HmaY-0005vi-00@myhost.test.ex diff --git a/test/log/5730 b/test/log/5730 index 3f2da5fda..d153f874a 100644 --- a/test/log/5730 +++ b/test/log/5730 @@ -46,6 +46,6 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. diff --git a/test/log/5820 b/test/log/5820 index 7cde6ac6e..6cfa689fe 100644 --- a/test/log/5820 +++ b/test/log/5820 @@ -104,7 +104,7 @@ 1999-03-02 09:44:33 10HmbO-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for CALLER@dane.no.4.test.ex 1999-03-02 09:44:33 10HmbO-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbO-0005vi-00 Completed -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 "rcpt ACL" 1999-03-02 09:44:33 10HmbR-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-0005vi-00@myhost.test.ex for CALLER@danebroken3.test.ex 1999-03-02 09:44:33 10HmbR-0005vi-00 => :blackhole: R=server @@ -118,7 +118,7 @@ 1999-03-02 09:44:33 10HmbX-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbX-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 "rcpt ACL" 1999-03-02 09:44:33 10HmcA-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbZ-0005vi-00@myhost.test.ex for CALLER@danebroken8.example.com 1999-03-02 09:44:33 10HmcA-0005vi-00 => :blackhole: R=server diff --git a/test/log/5881 b/test/log/5881 index d23cb914c..57b0ebfd0 100644 --- a/test/log/5881 +++ b/test/log/5881 @@ -82,7 +82,7 @@ 1999-03-02 09:44:33 10HmbI-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbH-0005vi-00@myhost.test.ex for CALLER@dane.no.4.test.ex 1999-03-02 09:44:33 10HmbI-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbI-0005vi-00 Completed -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 "rcpt ACL" 1999-03-02 09:44:33 10HmbL-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-0005vi-00@myhost.test.ex for CALLER@danebroken3.test.ex 1999-03-02 09:44:33 10HmbL-0005vi-00 => :blackhole: R=server @@ -92,7 +92,7 @@ 1999-03-02 09:44:33 10HmbO-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbO-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 "rcpt ACL" 1999-03-02 09:44:33 10HmbS-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbR-0005vi-00@myhost.test.ex for CALLER@danebroken8.example.com 1999-03-02 09:44:33 10HmbS-0005vi-00 => :blackhole: R=server