Gitweb:
http://git.exim.org/exim.git/commitdiff/36b894a60b9431d20a8b8b1aa557673c747c4b47
Commit: 36b894a60b9431d20a8b8b1aa557673c747c4b47
Parent: 360c049264151071203aee2f957472321ff0dc41
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Aug 14 21:21:45 2014 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Thu Aug 14 21:21:45 2014 +0100
Fix fakens TLSA generation and DANE TLSA lookup
---
src/src/tls-openssl.c | 18 ++++++++++++++----
test/src/fakens.c | 19 ++++++++++++++++---
test/stdout/5800 | 2 +-
3 files changed, 31 insertions(+), 8 deletions(-)
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 1ec7786..79beffa 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1806,6 +1806,7 @@ if (dane)
dns_record * rr;
dns_scan dnss;
uschar * hostnames[2] = { host->name, NULL };
+ int found = 0;
if (DANESSL_init(client_ssl, NULL, hostnames) != 1)
return tls_error(US"hostnames load", host, NULL);
@@ -1819,13 +1820,16 @@ if (dane)
int usage, selector, mtype;
const char * mdname;
- GETSHORT(usage, p);
- GETSHORT(selector, p);
- GETSHORT(mtype, p);
+ found++;
+ usage = *p++;
+ selector = *p++;
+ mtype = *p++;
switch (mtype)
{
- default: /* log bad */ return FAIL;
+ default:
+ log_write(0, LOG_MAIN, "DANE error: TLSA record w/bad mtype 0x%x", mtype);
+ return FAIL;
case 0: mdname = NULL; break;
case 1: mdname = "sha256"; break;
case 2: mdname = "sha512"; break;
@@ -1841,6 +1845,12 @@ if (dane)
case 1: break;
}
}
+
+ if (!found)
+ {
+ log_write(0, LOG_MAIN, "DANE error: No TLSA records");
+ return FAIL;
+ }
}
#endif
diff --git a/test/src/fakens.c b/test/src/fakens.c
index 912f419..fd3604a 100644
--- a/test/src/fakens.c
+++ b/test/src/fakens.c
@@ -195,6 +195,19 @@ return pk;
}
uschar *
+bytefield(uschar ** pp, uschar * pk)
+{
+unsigned value = 0;
+uschar * p = *pp;
+
+while (isdigit(*p)) value = value*10 + *p++ - '0';
+while (isspace(*p)) p++;
+*pp = p;
+*pk++ = value & 255;
+return pk;
+}
+
+uschar *
shortfield(uschar ** pp, uschar * pk)
{
unsigned value = 0;
@@ -420,9 +433,9 @@ while (fgets(CS buffer, sizeof(buffer), f) != NULL)
break;
case ns_t_tlsa:
- pk = shortfield(&p, pk); /* usage */
- pk = shortfield(&p, pk); /* selector */
- pk = shortfield(&p, pk); /* match type */
+ pk = bytefield(&p, pk); /* usage */
+ pk = bytefield(&p, pk); /* selector */
+ pk = bytefield(&p, pk); /* match type */
while (isxdigit(*p))
{
value = toupper(*p) - (isdigit(*p) ? '0' : '7') << 4;
diff --git a/test/stdout/5800 b/test/stdout/5800
index bcbbd88..b9c64fe 100644
--- a/test/stdout/5800
+++ b/test/stdout/5800
@@ -1,4 +1,4 @@
>
-> dnslookup tlsa: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d000000
+> dnslookup tlsa: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d
>
>
