[exim-cvs] Fix development-testing induced crash on second u…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim Git Commits Mailing List
Date:  
À: exim-cvs
Sujet: [exim-cvs] Fix development-testing induced crash on second use
Gitweb: http://git.exim.org/exim.git/commitdiff/6634ac8dc1c8fa3f429835a4735adfeb1bcc4390
Commit:     6634ac8dc1c8fa3f429835a4735adfeb1bcc4390
Parent:     043b12481513cec52c31717c8ad5248d2b344ad2
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Fri Aug 1 19:07:56 2014 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Fri Aug 1 19:59:34 2014 +0100


    Fix development-testing induced crash on second use
---
 src/src/dane-openssl.c         |   17 +++++++++++++++++
 src/src/tls-openssl.c          |    6 +++---
 test/scripts/2100-OpenSSL/2100 |    2 +-
 3 files changed, 21 insertions(+), 4 deletions(-)


diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index 407e680..4a17780 100644
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -859,6 +859,8 @@ X509 *cert = ctx->cert;             /* XXX: accessor? */
 int matched = 0;
 int chain_length = sk_X509_num(ctx->chain);


+DEBUG(D_tls) debug_printf("Dane library verify_chain fn called\n");
+
 issuer_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_ISSUER];
 leaf_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_LEAF];
 ctx->verify = dane->verify;
@@ -950,6 +952,8 @@ int (*cb)(int, X509_STORE_CTX *) = ctx->verify_cb;
 int matched;
 X509 *cert = ctx->cert;             /* XXX: accessor? */


+DEBUG(D_tls) debug_printf("Dane library verify_cert fn called\n");
+
if(ssl_idx < 0)
ssl_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
if(dane_idx < 0)
@@ -1080,6 +1084,8 @@ DANESSL_cleanup(SSL *ssl)
ssl_dane *dane;
int u;

+DEBUG(D_tls) debug_printf("Dane library cleanup fn called\n");
+
if(dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx)))
return;
(void) SSL_set_ex_data(ssl, dane_idx, 0);
@@ -1100,6 +1106,7 @@ if(dane->roots)
if(dane->chain)
sk_X509_pop_free(dane->chain, X509_free);
OPENSSL_free(dane);
+DEBUG(D_tls) debug_printf("Dane library cleanup fn return\n");
}

static dane_host_list
@@ -1155,6 +1162,8 @@ dane_cert_list xlist = 0;
dane_pkey_list klist = 0;
const EVP_MD *md = 0;

+DEBUG(D_tls) debug_printf("Dane add_tlsa\n");
+
if(dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx)))
{
DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_DANE_INIT);
@@ -1324,12 +1333,14 @@ int i;
#ifdef OPENSSL_INTERNAL
SSL_CTX *sctx = SSL_get_SSL_CTX(ssl);

+
if(sctx->app_verify_callback != verify_cert)
{
DANEerr(DANE_F_SSL_DANE_INIT, DANE_R_SCTX_INIT);
return -1;
}
#else
+DEBUG(D_tls) debug_printf("Dane ssl_init\n");
if(dane_idx < 0)
{
DANEerr(DANE_F_SSL_DANE_INIT, DANE_R_LIBRARY_INIT);
@@ -1351,7 +1362,11 @@ if(!SSL_set_ex_data(ssl, dane_idx, dane))
OPENSSL_free(dane);
return 0;
}
+DEBUG(D_tls) debug_printf("Dane ssl-init: new dane struct: %p\n", dane);

+dane->verify = 0;
+dane->hosts = 0;
+dane->thost = 0;
dane->pkeys = 0;
dane->certs = 0;
dane->chain = 0;
@@ -1396,6 +1411,7 @@ Return
int
DANESSL_CTX_init(SSL_CTX *ctx)
{
+DEBUG(D_tls) debug_printf("Dane ctx-init\n");
if(dane_idx >= 0)
{
SSL_CTX_set_cert_verify_callback(ctx, verify_cert, 0);
@@ -1481,6 +1497,7 @@ Return
int
DANESSL_library_init(void)
{
+DEBUG(D_tls) debug_printf("Dane lib-init\n");
if(err_lib_dane < 0)
init_once(&err_lib_dane, ERR_get_next_error_library, dane_init);

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index b96dbbf..fa29f4e 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1608,16 +1608,16 @@ int rc;
static uschar cipherbuf[256];

#ifndef DISABLE_OCSP
-BOOL require_ocsp = FALSE;
BOOL request_ocsp = FALSE;
+BOOL require_ocsp = FALSE;
#endif
#ifdef EXPERIMENTAL_DANE
-BOOL dane_in_use;
+BOOL dane_in_use = FALSE;
#endif

#ifdef EXPERIMENTAL_DANE
/*XXX TBD: test for transport options, and for TLSA records */
-dane_in_use = FALSE;
+/*dane_in_use = TRUE;*/

if (!dane_in_use)
#endif
diff --git a/test/scripts/2100-OpenSSL/2100 b/test/scripts/2100-OpenSSL/2100
index c2b0f89..61c2fd6 100644
--- a/test/scripts/2100-OpenSSL/2100
+++ b/test/scripts/2100-OpenSSL/2100
@@ -4,7 +4,7 @@ exim -DSERVER=server -bd -oX PORT_D
exim CALLER@???
Testing
****
-exim -qf
+exim -d+all -qf
****
killdaemon
no_msglog_check