[exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog NewSt…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Philip Hazel
Dátum:  
Címzett: exim-cvs
Tárgy: [exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog NewStuff exim/exim-src/src tls-gnu.c tls-openssl.c
ph10 2006/02/14 14:12:07 GMT

  Modified files:
    exim-doc/doc-txt     ChangeLog NewStuff 
    exim-src/src         tls-gnu.c tls-openssl.c 
  Log:
  Fix GnuTLS privatekey forced fail bug; in both TLS's treat an empty
  privatekey as unset.


  Revision  Changes    Path
  1.297     +4 -0      exim/exim-doc/doc-txt/ChangeLog
  1.84      +3 -0      exim/exim-doc/doc-txt/NewStuff
  1.12      +8 -1      exim/exim-src/src/tls-gnu.c
  1.7       +7 -3      exim/exim-src/src/tls-openssl.c


  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.296
  retrieving revision 1.297
  diff -u -r1.296 -r1.297
  --- ChangeLog    14 Feb 2006 10:26:26 -0000    1.296
  +++ ChangeLog    14 Feb 2006 14:12:06 -0000    1.297
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.296 2006/02/14 10:26:26 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.297 2006/02/14 14:12:06 ph10 Exp $


   Change log file for Exim from version 4.21
   -------------------------------------------
  @@ -153,6 +153,10 @@
         allows the sender and the authenticated sender to be set when
         submitting a message from within Exim. Since child_open_exim() is
         documented for local_scan(), the new function should be too.
  +
  +PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
  +      ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
  +      results in an empty string is now treated as unset.



Exim version 4.60

  Index: NewStuff
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/NewStuff,v
  retrieving revision 1.83
  retrieving revision 1.84
  diff -u -r1.83 -r1.84
  --- NewStuff    13 Feb 2006 12:02:59 -0000    1.83
  +++ NewStuff    14 Feb 2006 14:12:06 -0000    1.84
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.83 2006/02/13 12:02:59 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.84 2006/02/14 14:12:06 ph10 Exp $


   New Features in Exim
   --------------------
  @@ -45,6 +45,9 @@
         message (that is, nobody is told about the freezing), provided all the
         "control=freeze" modifiers that are obeyed in the current message have
         the /no_tell option.
  +
  +PH/06 In both GnuTLS and OpenSSL, an expansion of tls_privatekey that results
  +      in an empty string is now treated as unset.



Version 4.60

  Index: tls-gnu.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/tls-gnu.c,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- tls-gnu.c    7 Feb 2006 11:19:00 -0000    1.11
  +++ tls-gnu.c    14 Feb 2006 14:12:07 -0000    1.12
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/tls-gnu.c,v 1.11 2006/02/07 11:19:00 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/tls-gnu.c,v 1.12 2006/02/14 14:12:07 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -455,12 +455,19 @@
   if (!expand_check(certificate, US"tls_certificate", &cert_expanded))
     return DEFER;


  +key_expanded = NULL;
   if (privatekey != NULL)
     {
     if (!expand_check(privatekey, US"tls_privatekey", &key_expanded))
       return DEFER;
     }
  -else key_expanded = cert_expanded;
  +
  +/* If expansion was forced to fail, key_expanded will be NULL. If the result of
  +the expansion is an empty string, ignore it also, and assume that the private
  +key is in the same file as the certificate. */
  +
  +if (key_expanded == NULL || *key_expanded == 0)
  +  key_expanded = cert_expanded;


/* Set the certificate and private keys */


  Index: tls-openssl.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/tls-openssl.c,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- tls-openssl.c    7 Feb 2006 11:19:00 -0000    1.6
  +++ tls-openssl.c    14 Feb 2006 14:12:07 -0000    1.7
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/tls-openssl.c,v 1.6 2006/02/07 11:19:00 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/tls-openssl.c,v 1.7 2006/02/14 14:12:07 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -290,8 +290,8 @@
   */


   static int
  -tls_init(host_item *host, uschar *dhparam, uschar *certificate, uschar *privatekey,
  -  address_item *addr)
  +tls_init(host_item *host, uschar *dhparam, uschar *certificate,
  +  uschar *privatekey, address_item *addr)
   {
   SSL_load_error_strings();          /* basic set up */
   OpenSSL_add_ssl_algorithms();
  @@ -386,7 +386,11 @@
         !expand_check(privatekey, US"tls_privatekey", &expanded))
       return DEFER;


  -  if (expanded != NULL)
  +  /* If expansion was forced to fail, key_expanded will be NULL. If the result
  +  of the expansion is an empty string, ignore it also, and assume the private
  +  key is in the same file as the certificate. */
  +
  +  if (expanded != NULL && *expanded != 0)
       {
       DEBUG(D_tls) debug_printf("tls_privatekey file %s\n", expanded);
       if (!SSL_CTX_use_PrivateKey_file(ctx, CS expanded, SSL_FILETYPE_PEM))