> On 2010-04-09 at 11:32 +0200, Martin Tscholak wrote:
>> i tried to use a smtp transport with tls_require_ciphers set (openssl).
>> Exim crashed with following log line and the message was freezed.
>>
>> 2010-04-09 12:26:01 1O0BPV-0003bv-Gk == test@??? R=simple
>> T=remote_smtp defer (-1): smtp transport process returned non-zero
>> status 0x000b: terminated by signal 11
>
> There have been a number of OpenSSL releases recently, with security
> updates. Did you upgrade OpenSSL but not recompile Exim? (Newer Exim
> will give you the build/run-time versions of OpenSSL in { exim -bV }
> output). For the most part, recent OpenSSL has been *much* better about
> ABI compatibility, but this is still my first suspicion when I see
> segfaults in OpenSSL usage from Exim.
>
>> if i specified more than one explicit cipher, exim crashed. A Backtrace
>> showed it crashed in X509_get_subject_name(server_cert) in function
>> tls_client_start.
>
> This is unusual. I myself run with tls_require_ciphers set to a list,
> but do not see these crashes, so it's not that simple.
>
> % exim -bP tls_require_ciphers
> tls_require_ciphers =
> ALL:!SSLv2:!LOW:!EXPORT:!EDH:!ADH:!aNULL:!NULL:!DES:@STRENGTH
>
This is the strange about it. The global option works like a charm, only
if tls_require_cipher is set to ALL in a transport, exim crashes.
>> is the cause. But i am clueless now how to proceed. Attached a core and
>> exim.conf.
>
> (1) core files are not much use without the corresponding binary
> (2) please don't send core-files to a mailing-list; it's more common to
> put the core-file and binary somewhere and post the URL
> (3) You don't mention your OS/distribution, making it even harder to
> replicate
>
> -Phil
1+2: ACK, sorry about that.
I am now using debian squeeze as distribution (lenny before). I recompiled
exim4 (4.71) to use openssl as library and exim crashed the same way. To
be sure i compiled exim from trunk (4.72) and it crashed the same way. I
tried your tls_require_ciphers string and it worked!
I suspect, the receiving server uses an anonymous cipher to encrypt the
connection and if i read correctly
http://www.openssl.org/docs/ssl/SSL_get_peer_certificate.html server_cert
in tls_client_start is NULL.
Information:
Distribution: Debian Squeeze
exim -bV:
Exim version 4.72 #1 built 10-Apr-2010 11:30:05
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 4.8.26: (December 18, 2009)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc OpenSSL
move_frozen_messages Content_Scanning DKIM Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb
dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
OpenSSL compile-time version: OpenSSL 0.9.8n 24 Mar 2010
OpenSSL runtime version: OpenSSL 0.9.8n 24 Mar 2010
Configuration file is /etc/exim4/exim4.conf
backtrace:
Core was generated by `/usr/sbin/exim -Mc 1O0YPr-0005pA-3Q'.
Program terminated with signal 11, Segmentation fault.
#0 X509_get_subject_name (a=0x6) at x509_cmp.c:130
130 x509_cmp.c: No such file or directory.
in x509_cmp.c
(gdb) bt
#0 X509_get_subject_name (a=0x6) at x509_cmp.c:130
#1 0x080c9479 in smtp_deliver ()
#2 0x080cbcec in smtp_transport_entry ()
#3 0x0805b060 in do_remote_deliveries ()
#4 0x0805e445 in deliver_message ()
#5 0x08067ba8 in main ()
Thanks
Martin
