pdp 2010/06/05 11:34:29 BST
Modified files:
exim-doc/doc-txt ChangeLog
exim-src/src tls-openssl.c
Log:
Deal with anonymous SSL giving us no peer certificate.
Revision Changes Path
1.620 +12 -3 exim/exim-doc/doc-txt/ChangeLog
1.26 +9 -3 exim/exim-src/src/tls-openssl.c
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.619
retrieving revision 1.620
diff -u -r1.619 -r1.620
--- ChangeLog 5 Jun 2010 10:16:36 -0000 1.619
+++ ChangeLog 5 Jun 2010 10:34:29 -0000 1.620
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.619 2010/06/05 10:16:36 pdp Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.620 2010/06/05 10:34:29 pdp Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -22,13 +22,22 @@
PP/06 Adjust NTLM authentication to handle SASL Initial Response.
+PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
+ without a peer certificate (I believe), leading to a segfault because of
+ an assumption that peers always have certificates. Be a little more
+ paranoid. Problem reported by Martin Tscholak.
+
Exim version 4.72
-----------------
-JJ/01 installed exipick 20100104.1, adding $max_received_linelength, $data_path, and $header_path variables; fixed documentation bugs and typos
-
-JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow exipick to access non-standard spools, including the "frozen" queue (Finput)
+JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
+ $data_path, and $header_path variables; fixed documentation bugs and
+ typos
+
+JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
+ exipick to access non-standard spools, including the "frozen" queue
+ (Finput)
NM/01 Bugzilla 965: Support mysql stored procedures.
Patch from Alain Williams
Index: tls-openssl.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/tls-openssl.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- tls-openssl.c 5 Jun 2010 09:36:11 -0000 1.25
+++ tls-openssl.c 5 Jun 2010 10:34:29 -0000 1.26
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/tls-openssl.c,v 1.25 2010/06/05 09:36:11 pdp Exp $ */
+/* $Cambridge: exim/exim-src/src/tls-openssl.c,v 1.26 2010/06/05 10:34:29 pdp Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -833,10 +833,16 @@
DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");
+/* Beware anonymous ciphers which lead to server_cert being NULL */
server_cert = SSL_get_peer_certificate (ssl);
-tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
- CS txt, sizeof(txt));
-tls_peerdn = txt;
+if (server_cert)
+ {
+ tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
+ CS txt, sizeof(txt));
+ tls_peerdn = txt;
+ }
+else
+ tls_peerdn = NULL;
construct_cipher_name(ssl); /* Sets tls_cipher */
