[exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-cvs
Subject: [exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim/exim-src/src tls-openssl.c
pdp 2010/06/05 11:34:29 BST

  Modified files:
    exim-doc/doc-txt     ChangeLog 
    exim-src/src         tls-openssl.c 
  Log:
  Deal with anonymous SSL giving us no peer certificate.


  Revision  Changes    Path
  1.620     +12 -3     exim/exim-doc/doc-txt/ChangeLog
  1.26      +9 -3      exim/exim-src/src/tls-openssl.c


  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.619
  retrieving revision 1.620
  diff -u -r1.619 -r1.620
  --- ChangeLog    5 Jun 2010 10:16:36 -0000    1.619
  +++ ChangeLog    5 Jun 2010 10:34:29 -0000    1.620
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.619 2010/06/05 10:16:36 pdp Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.620 2010/06/05 10:34:29 pdp Exp $


Change log file for Exim from version 4.21
-------------------------------------------
@@ -22,13 +22,22 @@

PP/06 Adjust NTLM authentication to handle SASL Initial Response.

  +PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
  +      without a peer certificate (I believe), leading to a segfault because of
  +      an assumption that peers always have certificates.  Be a little more
  +      paranoid.  Problem reported by Martin Tscholak.
  +


Exim version 4.72
-----------------

  -JJ/01 installed exipick 20100104.1, adding $max_received_linelength, $data_path, and $header_path variables; fixed documentation bugs and typos
  -
  -JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow exipick to access non-standard spools, including the "frozen" queue (Finput)
  +JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
  +      $data_path, and $header_path variables; fixed documentation bugs and
  +      typos
  +
  +JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
  +      exipick to access non-standard spools, including the "frozen" queue
  +      (Finput)


   NM/01 Bugzilla 965: Support mysql stored procedures.
         Patch from Alain Williams


  Index: tls-openssl.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/tls-openssl.c,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- tls-openssl.c    5 Jun 2010 09:36:11 -0000    1.25
  +++ tls-openssl.c    5 Jun 2010 10:34:29 -0000    1.26
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/tls-openssl.c,v 1.25 2010/06/05 09:36:11 pdp Exp $ */
  +/* $Cambridge: exim/exim-src/src/tls-openssl.c,v 1.26 2010/06/05 10:34:29 pdp Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -833,10 +833,16 @@


DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");

  +/* Beware anonymous ciphers which lead to server_cert being NULL */
   server_cert = SSL_get_peer_certificate (ssl);
  -tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
  -  CS txt, sizeof(txt));
  -tls_peerdn = txt;
  +if (server_cert)
  +  {
  +  tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
  +    CS txt, sizeof(txt));
  +  tls_peerdn = txt;
  +  }
  +else
  +  tls_peerdn = NULL;


construct_cipher_name(ssl); /* Sets tls_cipher */