[exim-cvs] Fix post-rebase merge issues.

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim Git Commits Mailing List
Date:  
À: exim-cvs
Sujet: [exim-cvs] Fix post-rebase merge issues.
Gitweb: http://git.exim.org/exim.git/commitdiff/389ca47a59cc0247fcee8a50da42aa00af5f7a90
Commit:     389ca47a59cc0247fcee8a50da42aa00af5f7a90
Parent:     b32ddfaa2ca5e305c1edfbbc8facc7b4d4f538b7
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Jun 4 13:36:19 2012 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Mon Jun 4 14:57:04 2012 +0100


    Fix post-rebase merge issues.
---
 src/src/functions.h   |    2 +-
 src/src/globals.h     |    2 --
 src/src/tls-gnu.c     |   10 +++++-----
 src/src/tls-openssl.c |   21 ++++++++-------------
 src/src/tls.c         |   14 +++++++++-----
 src/src/verify.c      |    5 ++---
 test/log/5420         |    4 ++--
 test/stderr/5420      |    2 +-
 8 files changed, 28 insertions(+), 32 deletions(-)


diff --git a/src/src/functions.h b/src/src/functions.h
index bc61f31..02d152a 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -36,7 +36,7 @@ extern int     tls_read(BOOL, uschar *, size_t);
 extern int     tls_server_start(const uschar *);
 extern BOOL    tls_smtp_buffered(void);
 extern int     tls_ungetc(int);
-extern int     tls_write(BOOL, int, const uschar *, size_t);
+extern int     tls_write(BOOL, const uschar *, size_t);
 extern uschar *tls_validate_require_cipher(void);
 extern void    tls_version_report(FILE *);
 #ifndef USE_GNUTLS
diff --git a/src/src/globals.h b/src/src/globals.h
index 7ed9d5a..e910dbe 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -82,9 +82,7 @@ typedef struct {
   BOOL    on_connect;         /* For older MTAs that don't STARTTLS */
   uschar *on_connect_ports;   /* Ports always tls-on-connect */
   uschar *peerdn;             /* DN from peer */
-#ifndef USE_GNUTLS
   uschar *sni;                /* Server Name Indication */
-#endif
 } tls_support;
 extern tls_support tls_in;
 extern tls_support tls_out;
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 8a133c5..f8172e7 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -63,7 +63,7 @@ Some of these correspond to variables in globals.c; those variables will
 be set to point to content in one of these instances, as appropriate for
 the stage of the process lifetime.


-Not handled here: global tls_channelbinding_b64.    /*XXX JGH */
+Not handled here: global tls_channelbinding_b64.
 */


typedef struct exim_gnutls_state {
@@ -94,7 +94,7 @@ typedef struct exim_gnutls_state {
uschar *exp_tls_crl;
uschar *exp_tls_require_ciphers;

-  tls_support *tlsp;
+  tls_support *tlsp;    /* set in tls_init() */


   uschar *xfer_buffer;
   int xfer_buffer_lwm;
@@ -966,7 +966,7 @@ if (rc != OK) return rc;
 /* set SNI in client, only */
 if (host)
   {
-  if (!expand_check_tlsvar(state->tlsp->sni))
+  if (!expand_check(state->tlsp->sni, "tls_sni", &state->exp_tls_sni))
     return DEFER;
   if (state->exp_tls_sni && *state->exp_tls_sni)
     {
@@ -1641,7 +1641,7 @@ tls_close(BOOL is_server, BOOL shutdown)
 {
 exim_gnutls_state_st *state = is_server ? &state_server : &state_client;


-if (state->tlsp->active < 0) return; /* TLS was not active */
+if (!state->tlsp || state->tlsp->active < 0) return; /* TLS was not active */

if (shutdown)
{
@@ -1651,6 +1651,7 @@ if (shutdown)

gnutls_deinit(state->session);

+state->tlsp->active = -1;
memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));

if ((state_server.session == NULL) && (state_client.session == NULL))
@@ -1659,7 +1660,6 @@ if ((state_server.session == NULL) && (state_client.session == NULL))
exim_gnutls_base_init_done = FALSE;
}

-state->tlsp->active = -1;
}


diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index bbf6855..d5b31e7 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -50,6 +50,7 @@ static SSL_CTX *client_ctx = NULL;
 static SSL_CTX *server_ctx = NULL;
 static SSL     *client_ssl = NULL;
 static SSL     *server_ssl = NULL;
+
 #ifdef EXIM_HAVE_OPENSSL_TLSEXT
 static SSL_CTX *client_sni = NULL;
 static SSL_CTX *server_sni = NULL;
@@ -317,11 +318,7 @@ Returns:    TRUE if OK (nothing to set up, or setup worked)
 */


static BOOL
-<<<<<<< HEAD
init_dh(SSL_CTX *sctx, uschar *dhparam, host_item *host)
-=======
-init_dh(SSL_CTX *ctx, uschar *dhparam, host_item *host)
->>>>>>> Dual-tls - split management of TLS into in- and out-bound connection-handling.
{
BIO *bio;
DH *dh;
@@ -683,7 +680,7 @@ OCSP information. */
rc = tls_expand_session_files(server_sni, cbinfo);
if (rc != OK) return SSL_TLSEXT_ERR_NOACK;

-rc = init_dh(ctx_sni, cbinfo->dhparam, NULL);
+rc = init_dh(server_sni, cbinfo->dhparam, NULL);
if (rc != OK) return SSL_TLSEXT_ERR_NOACK;

DEBUG(D_tls) debug_printf("Switching SSL context.\n");
@@ -852,11 +849,7 @@ else

/* Initialize with DH parameters if supplied */

-<<<<<<< HEAD
-if (!init_dh(ctx, dhparam, host)) return DEFER;
-=======
if (!init_dh(*ctxp, dhparam, host)) return DEFER;
->>>>>>> Dual-tls - split management of TLS into in- and out-bound connection-handling.

/* Set up certificate and key (and perhaps OCSP info) */

@@ -1493,16 +1486,17 @@ Only used by the client-side TLS.
*/

int
-tls_read(uschar *buff, size_t len)
+tls_read(BOOL is_server, uschar *buff, size_t len)
{
+SSL *ssl = is_server ? server_ssl : client_ssl;
int inbytes;
int error;

-DEBUG(D_tls) debug_printf("Calling SSL_read(%p, %p, %u)\n", client_ssl,
+DEBUG(D_tls) debug_printf("Calling SSL_read(%p, %p, %u)\n", ssl,
buff, (unsigned int)len);

-inbytes = SSL_read(client_ssl, CS buff, len);
-error = SSL_get_error(client_ssl, inbytes);
+inbytes = SSL_read(ssl, CS buff, len);
+error = SSL_get_error(ssl, inbytes);

if (error == SSL_ERROR_ZERO_RETURN)
{
@@ -1601,6 +1595,7 @@ void
tls_close(BOOL is_server, BOOL shutdown)
{
SSL **sslp = is_server ? &server_ssl : &client_ssl;
+int *fdp = is_server ? &tls_in.active : &tls_out.active;

if (*fdp < 0) return; /* TLS was not active */

diff --git a/src/src/tls.c b/src/src/tls.c
index 0c98aeb..0625c48 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -86,11 +86,11 @@ return TRUE;
#ifdef USE_GNUTLS
#include "tls-gnu.c"

-#define ssl_xfer_buffer (current_global_tls_state->xfer_buffer)
-#define ssl_xfer_buffer_lwm (current_global_tls_state->xfer_buffer_lwm)
-#define ssl_xfer_buffer_hwm (current_global_tls_state->xfer_buffer_hwm)
-#define ssl_xfer_eof (current_global_tls_state->xfer_eof)
-#define ssl_xfer_error (current_global_tls_state->xfer_error)
+#define ssl_xfer_buffer (state_server.xfer_buffer)
+#define ssl_xfer_buffer_lwm (state_server.xfer_buffer_lwm)
+#define ssl_xfer_buffer_hwm (state_server.xfer_buffer_hwm)
+#define ssl_xfer_eof (state_server.xfer_eof)
+#define ssl_xfer_error (state_server.xfer_error)

#else
#include "tls-openssl.c"
@@ -104,6 +104,7 @@ return TRUE;

/* Puts a character back in the input buffer. Only ever
called once.
+Only used by the server-side TLS.

 Arguments:
   ch           the character
@@ -125,6 +126,7 @@ return ch;
 *************************************************/


/* Tests for a previous EOF
+Only used by the server-side TLS.

 Arguments:     none
 Returns:       non-zero if the eof flag is set
@@ -144,6 +146,7 @@ return ssl_xfer_eof;


/* Tests for a previous read error, and returns with errno
restored to what it was when the error was detected.
+Only used by the server-side TLS.

>>>>> Hmm. Errno not handled yet. Where do we get it from? >>>>>


@@ -163,6 +166,7 @@ return ssl_xfer_error;
*************************************************/

/* Tests for unused chars in the TLS input buffer.
+Only used by the server-side TLS.

 Arguments:     none
 Returns:       TRUE/FALSE
diff --git a/src/src/verify.c b/src/src/verify.c
index 6d31b82..6e3e6a3 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -498,7 +498,7 @@ else
     tls_retry_connection:


     inblock.sock = outblock.sock =
-      smtp_connect(host, host_af, port, interface, callout_connect, TRUE);
+      smtp_connect(host, host_af, port, interface, callout_connect, TRUE, NULL);
     /* reconsider DSCP here */
     if (inblock.sock < 0)
       {
@@ -635,8 +635,7 @@ else
        ob->tls_certificate, ob->tls_privatekey,
        ob->tls_sni,
        ob->tls_verify_certificates, ob->tls_crl,
-       ob->tls_require_ciphers,
-       ob->gnutls_require_mac, ob->gnutls_require_kx, ob->gnutls_require_proto,
+       ob->tls_require_ciphers,     ob->tls_dh_min_bits,
        callout);


         /* TLS negotiation failed; give an error.  Try in clear on a new connection,
diff --git a/test/log/5420 b/test/log/5420
index 2e117cb..e859162 100644
--- a/test/log/5420
+++ b/test/log/5420
@@ -1,7 +1,7 @@
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.2:RSA_AES_256_CBC_SHA1:256 S=sss id=E10HmaY-0005vi-00@???
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaY-0005vi-00@???
 1999-03-02 09:44:33 10HmaX-0005vi-00 no immediate delivery: queued by ACL
-1999-03-02 09:44:33 10HmaY-0005vi-00 >> userx@??? R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 C="250 OK id=10HmaX-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 >> userx@??? R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C="250 OK id=10HmaX-0005vi-00"
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? U=CALLER P=local-esmtp S=sss
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-0005vi-00@???
diff --git a/test/stderr/5420 b/test/stderr/5420
index 626e9d1..9059228 100644
--- a/test/stderr/5420
+++ b/test/stderr/5420
@@ -128,7 +128,7 @@ expanding: ${tod_full}
   SMTP>> .
   SMTP<< 250 OK id=10HmaX-0005vi-00
 LOG: MAIN
-  >> userx@??? R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 C="250 OK id=10HmaX-0005vi-00"
+  >> userx@??? R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C="250 OK id=10HmaX-0005vi-00"
   SMTP>> QUIT
 ----------- cutthrough shutdown (delivered) ------------
 LOG: MAIN