[exim-cvs] CRL addition returns count of CRLs added

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] CRL addition returns count of CRLs added
Gitweb: http://git.exim.org/exim.git/commitdiff/5c8cda3a8089ff340224e6ab147d4bbe18dca0e2
Commit:     5c8cda3a8089ff340224e6ab147d4bbe18dca0e2
Parent:     9e45c72b8e4f14f722c704634ee0880ca65e4686
Author:     Phil Pennock <pdp@???>
AuthorDate: Thu May 17 20:07:04 2012 -0400
Committer:  Phil Pennock <pdp@???>
CommitDate: Thu May 17 20:07:04 2012 -0400


    CRL addition returns count of CRLs added


    A couple more cert1/2 strings updated, plus some disambiguating rhubarb.
---
 src/src/tls-gnu.c             |   13 +++++++----
 test/log/2014                 |   13 ++++++-----
 test/rejectlog/2014           |    6 ++--
 test/scripts/2000-GnuTLS/2014 |   18 ++++++++--------
 test/stdout/2014              |   44 ++++++++++++++++++++--------------------
 5 files changed, 49 insertions(+), 45 deletions(-)


diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 1953be1..a9a82e8 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -728,15 +728,18 @@ if (cert_count < 0)
}
DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n", cert_count);

-if (state->tls_crl && *state->tls_crl)
+if (state->tls_crl && *state->tls_crl &&
+    state->exp_tls_crl && *state->exp_tls_crl)
   {
-  if (state->exp_tls_crl && *state->exp_tls_crl)
+  DEBUG(D_tls) debug_printf("loading CRL file = %s\n", state->exp_tls_crl);
+  cert_count = gnutls_certificate_set_x509_crl_file(state->x509_cred,
+      CS state->exp_tls_crl, GNUTLS_X509_FMT_PEM);
+  if (cert_count < 0)
     {
-    DEBUG(D_tls) debug_printf("loading CRL file = %s\n", state->exp_tls_crl);
-    rc = gnutls_certificate_set_x509_crl_file(state->x509_cred,
-        CS state->exp_tls_crl, GNUTLS_X509_FMT_PEM);
+    rc = cert_count;
     exim_gnutls_err_check(US"gnutls_certificate_set_x509_crl_file");
     }
+  DEBUG(D_tls) debug_printf("Processed %d CRLs.\n", cert_count);
   }


return OK;
diff --git a/test/log/2014 b/test/log/2014
index 0abc041..554100b 100644
--- a/test/log/2014
+++ b/test/log/2014
@@ -1,8 +1,9 @@
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate.
-1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
-1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
+1999-03-02 09:44:33 TLS error on connection from (rhu1.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate.
+1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
+1999-03-02 09:44:33 TLS error on connection from (rhu5.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): revoked
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
+1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): A TLS packet with unexpected length was received.
+1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason.
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
diff --git a/test/rejectlog/2014 b/test/rejectlog/2014
index b8cc95a..fb9f7cd 100644
--- a/test/rejectlog/2014
+++ b/test/rejectlog/2014
@@ -1,3 +1,3 @@
-1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
+1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
diff --git a/test/scripts/2000-GnuTLS/2014 b/test/scripts/2000-GnuTLS/2014
index 3e6710b..dfddfa5 100644
--- a/test/scripts/2000-GnuTLS/2014
+++ b/test/scripts/2000-GnuTLS/2014
@@ -5,7 +5,7 @@ exim -DSERVER=server -bd -oX PORT_D
# No certificate, certificate required
client-gnutls HOSTIPV4 PORT_D
??? 220
-ehlo rhu.barb
+ehlo rhu1.barb
??? 250-
??? 250-
??? 250-
@@ -18,7 +18,7 @@ starttls
# No certificate, certificate optional at TLS time, required by ACL
client-gnutls 127.0.0.1 PORT_D
??? 220
-ehlo rhu.barb
+ehlo rhu2.barb
??? 250-
??? 250-
??? 250-
@@ -27,7 +27,7 @@ ehlo rhu.barb
??? 250
starttls
??? 220
-helo rhu.barb
+helo rhu2tls.barb
??? 250
mail from:<userx@???>
??? 250
@@ -39,7 +39,7 @@ quit
# Good certificate, certificate required
client-gnutls HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
-ehlo rhu.barb
+ehlo rhu3.barb
??? 250-
??? 250-
??? 250-
@@ -58,7 +58,7 @@ quit
# Good certificate, certificate optional at TLS time, checked by ACL
client-gnutls 127.0.0.1 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
-ehlo rhu.barb
+ehlo rhu4.barb
??? 250-
??? 250-
??? 250-
@@ -77,7 +77,7 @@ quit
# Bad certificate, certificate required
client-gnutls HOSTIPV4 PORT_D aux-fixed/cert1 aux-fixed/cert1
??? 220
-ehlo rhu.barb
+ehlo rhu5.barb
??? 250-
??? 250-
??? 250-
@@ -90,7 +90,7 @@ starttls
# Bad certificate, certificate optional at TLS time, reject at ACL time
client-gnutls 127.0.0.1 PORT_D aux-fixed/cert1 aux-fixed/cert1
??? 220
-ehlo rhu.barb
+ehlo rhu6.barb
??? 250-
??? 250-
??? 250-
@@ -113,7 +113,7 @@ exim -DCRL=DIR/aux-fixed/crl.pem -DSERVER=server -bd -oX PORT_D
# Good but revoked certificate, certificate required
client-gnutls HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
-ehlo rhu.barb
+ehlo rhu7.barb
??? 250-
??? 250-
??? 250-
@@ -126,7 +126,7 @@ starttls
# Revoked certificate, certificate optional at TLS time, reject at ACL time
client-gnutls 127.0.0.1 PORT_D aux-fixed/cert1 aux-fixed/cert1
??? 220
-ehlo rhu.barb
+ehlo rhu8.barb
??? 250-
??? 250-
??? 250-
diff --git a/test/stdout/2014 b/test/stdout/2014
index 0c14ca6..56c959f 100644
--- a/test/stdout/2014
+++ b/test/stdout/2014
@@ -1,9 +1,9 @@
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu1.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu1.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -23,9 +23,9 @@ End of script
Connecting to 127.0.0.1 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu2.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu2.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -41,9 +41,9 @@ Connecting to 127.0.0.1 port 1225 ... connected
<<< 220 TLS go ahead
Attempting to start TLS
Succeeded in starting TLS
->>> helo rhu.barb
+>>> helo rhu2tls.barb
??? 250
-<<< 250 myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250 myhost.test.ex Hello rhu2tls.barb [127.0.0.1]
>>> mail from:<userx@???>

??? 250
<<< 250 OK
@@ -59,9 +59,9 @@ Certificate file = aux-fixed/cert2
Key file = aux-fixed/cert2
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu3.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu3.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -92,9 +92,9 @@ Certificate file = aux-fixed/cert2
Key file = aux-fixed/cert2
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu4.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu4.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -125,9 +125,9 @@ Certificate file = aux-fixed/cert1
Key file = aux-fixed/cert1
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu5.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu5.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -149,9 +149,9 @@ Certificate file = aux-fixed/cert1
Key file = aux-fixed/cert1
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu6.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu6.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -172,9 +172,9 @@ Succeeded in starting TLS
<<< 250 OK
>>> rcpt to:<userx@???>

??? 550-
-<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of
+<<< 550-certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test
??? 550
-<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel
+<<< 550 Suite,CN=Phil Pennock
>>> quit

??? 221
<<< 221 myhost.test.ex closing connection
@@ -184,9 +184,9 @@ Certificate file = aux-fixed/cert2
Key file = aux-fixed/cert2
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu7.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu7.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -208,9 +208,9 @@ Certificate file = aux-fixed/cert1
Key file = aux-fixed/cert1
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu8.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu8.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -231,9 +231,9 @@ Succeeded in starting TLS
<<< 250 OK
>>> rcpt to:<userx@???>

??? 550-
-<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of
+<<< 550-certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test
??? 550
-<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel
+<<< 550 Suite,CN=Phil Pennock
>>> quit

??? 221
<<< 221 myhost.test.ex closing connection