ph10 2004/11/25 10:26:05 GMT
Modified files:
exim-doc/doc-txt ChangeLog
exim-src/src tls-gnu.c
exim-test-orig/AutoTest/confs 550
exim-test-orig/AutoTest/log 550G
exim-test-orig/AutoTest/scripts 550
exim-test-orig/AutoTest/stdout 550G
Log:
Expand error message when GnuTLS has problems setting up cert/key files.
Revision Changes Path
1.40 +4 -0 exim/exim-doc/doc-txt/ChangeLog
1.2 +6 -1 exim/exim-src/src/tls-gnu.c
1.2 +6 -6 exim/exim-test-orig/AutoTest/confs/550
1.2 +2 -0 exim/exim-test-orig/AutoTest/log/550G
1.2 +22 -1 exim/exim-test-orig/AutoTest/scripts/550
1.2 +27 -0 exim/exim-test-orig/AutoTest/stdout/550G
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- ChangeLog 24 Nov 2004 16:14:50 -0000 1.39
+++ ChangeLog 25 Nov 2004 10:26:04 -0000 1.40
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.39 2004/11/24 16:14:50 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.40 2004/11/25 10:26:04 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -171,6 +171,10 @@
40. When running the queue in the test harness, wait just a tad after forking a
delivery process, to get repeatability of debugging output.
+
+41. Include certificate and key file names in error message when GnuTLS fails
+ to set them up, because the GnuTLS error message doesn't include the name
+ of the failing file when there is a problem reading it.
Exim version 4.43
Index: tls-gnu.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/tls-gnu.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- tls-gnu.c 7 Oct 2004 10:39:01 -0000 1.1
+++ tls-gnu.c 25 Nov 2004 10:26:04 -0000 1.2
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/tls-gnu.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/tls-gnu.c,v 1.2 2004/11/25 10:26:04 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -461,7 +461,12 @@
cert_expanded, key_expanded);
rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
CS key_expanded, GNUTLS_X509_FMT_PEM);
- if (rc < 0) return tls_error(US"cert/key setup", host, rc);
+ if (rc < 0)
+ {
+ uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s",
+ cert_expanded, key_expanded);
+ return tls_error(msg, host, rc);
+ }
}
/* A certificate is mandatory in a server, but not in a client */
Index: 550
===================================================================
RCS file: /home/cvs/exim/exim-test-orig/AutoTest/confs/550,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 550 8 Oct 2004 14:49:16 -0000 1.1
+++ 550 25 Nov 2004 10:26:05 -0000 1.2
@@ -1,5 +1,8 @@
# Exim test configuration 550
+CERT=DIR/aux/cert1
+TVC=/dev/null
+
# Macros are set externally in order to get the path
# of the Exim that is being tested, and the directory
# in which the test data lives.
@@ -18,13 +21,10 @@
tls_advertise_hosts = *
-tls_certificate = DIR/aux/cert1
-tls_privatekey = DIR/aux/cert1
+tls_certificate = CERT
+tls_privatekey = CERT
tls_verify_hosts = <; ::1
-tls_verify_certificates = /dev/null
-
-#tls_verify_certificates = DIR/aux/cert2
+tls_verify_certificates = TVC
-
# End of Exim 4 configuration
Index: 550G
===================================================================
RCS file: /home/cvs/exim/exim-test-orig/AutoTest/log/550G,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 550G 8 Oct 2004 14:49:31 -0000 1.1
+++ 550G 25 Nov 2004 10:26:05 -0000 1.2
@@ -1,2 +1,4 @@
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 (IPv6 and IPv4)
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [::1]: certificate verification failed (invalid)
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 (IPv6 and IPv4)
+1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [::1] (cert/key setup: cert=/non/exist key=/non/exist): Error while reading file.
Index: 550
===================================================================
RCS file: /home/cvs/exim/exim-test-orig/AutoTest/scripts/550,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 550 8 Oct 2004 14:49:53 -0000 1.1
+++ 550 25 Nov 2004 10:26:05 -0000 1.2
@@ -1,4 +1,4 @@
-0 TLS (server: empty certificate file)
+0 TLS (server: empty/non-existent certificate file)
exim -DSERVER=server -bd -oX 1225
****
0
@@ -15,6 +15,27 @@
??? 250
starttls
??? 220
+****
+0
+killdaemon
+****
+0
+exim -DSERVER=server -DCERT=/non/exist -bd -oX 1225
+****
+0
+sleep 1
+****
+0
+client ::1 1225 aux/cert2 aux/cert2
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+starttls
+??? 454
****
0
killdaemon
Index: 550G
===================================================================
RCS file: /home/cvs/exim/exim-test-orig/AutoTest/stdout/550G,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 550G 8 Oct 2004 14:50:14 -0000 1.1
+++ 550G 25 Nov 2004 10:26:05 -0000 1.2
@@ -38,3 +38,30 @@
SSL connection using EDH-RSA-DES-CBC3-SHA
Succeeded in starting TLS
End of script
+Certificate file = aux/cert2
+Key file = aux/cert2
+Connecting to ::1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [::1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 454
+<<< 454 TLS currently unavailable
+Attempting to start TLS
+SSL info: before/connect initialization
+SSL info: before/connect initialization
+SSL info: SSLv2/v3 write client hello A
+SSL info: SSLv2/v3 read server hello A
+pppp:error140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:470:
+Failed to start TLS
+End of script
