[exim-cvs] ARC: better diagnostics for keyfile issues

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] ARC: better diagnostics for keyfile issues
Gitweb: https://git.exim.org/exim.git/commitdiff/c59b09dc16145178a29850e7bda7d6bc6dedbc58
Commit:     c59b09dc16145178a29850e7bda7d6bc6dedbc58
Parent:     8aeef98ab27f12cb0fb11498bc0ede87d6bad621
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Thu May 17 09:27:49 2018 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun May 20 19:07:01 2018 +0100


    ARC: better diagnostics for keyfile issues
---
 src/src/arc.c           |  3 +++
 src/src/pdkim/signing.c | 14 +++++++++-----
 test/log/4560           |  2 +-
 3 files changed, 13 insertions(+), 6 deletions(-)


diff --git a/src/src/arc.c b/src/src/arc.c
index 5881127..dd2ad51 100644
--- a/src/src/arc.c
+++ b/src/src/arc.c
@@ -1258,6 +1258,9 @@ if (  (errstr = exim_dkim_signing_init(privkey, &sctx))
    || (errstr = exim_dkim_sign(&sctx, hm, &hhash, sig)))
   {
   log_write(0, LOG_MAIN, "ARC: %s signing: %s\n", why, errstr);
+  DEBUG(D_transport)
+    debug_printf("private key, or private-key file content, was: '%s'\n",
+      privkey);
   return FALSE;
   }
 return TRUE;
diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c
index 0545e48..18b357e 100644
--- a/src/src/pdkim/signing.c
+++ b/src/src/pdkim/signing.c
@@ -90,14 +90,17 @@ exim_dkim_signing_init(const uschar * privkey_pem, es_ctx * sign_ctx)
 {
 gnutls_datum_t k = { .data = (void *)privkey_pem, .size = Ustrlen(privkey_pem) };
 gnutls_x509_privkey_t x509_key;
+const uschar * where;
 int rc;


-if (  (rc = gnutls_x509_privkey_init(&x509_key))
-   || (rc = gnutls_x509_privkey_import(x509_key, &k, GNUTLS_X509_FMT_PEM))
+if (  (where = US"internal init", rc = gnutls_x509_privkey_init(&x509_key))
    || (rc = gnutls_privkey_init(&sign_ctx->key))
-   || (rc = gnutls_privkey_import_x509(sign_ctx->key, x509_key, 0))
+   || (where = US"privkey PEM-block import",
+       rc = gnutls_x509_privkey_import(x509_key, &k, GNUTLS_X509_FMT_PEM))
+   || (where = US"internal privkey transfer",
+       rc = gnutls_privkey_import_x509(sign_ctx->key, x509_key, 0))
    )
-  return CUS gnutls_strerror(rc);
+  return string_sprintf("%s: %s", where, gnutls_strerror(rc));


switch (rc = gnutls_privkey_get_pk_algorithm(sign_ctx->key, NULL))
{
@@ -712,7 +715,8 @@ exim_dkim_signing_init(const uschar * privkey_pem, es_ctx * sign_ctx)
BIO * bp = BIO_new_mem_buf(privkey_pem, -1); 

 if (!(sign_ctx->key = PEM_read_bio_PrivateKey(bp, NULL, NULL, NULL)))
-  return US ERR_error_string(ERR_get_error(), NULL);
+  return string_sprintf("privkey PEM-block import: %s",
+                   ERR_error_string(ERR_get_error(), NULL));


sign_ctx->keytype =
#ifdef SIGN_HAVE_ED25519
diff --git a/test/log/4560 b/test/log/4560
index c072bdd..2ffd41b 100644
--- a/test/log/4560
+++ b/test/log/4560
@@ -254,7 +254,7 @@
1999-03-02 09:44:33 10HmbR-0005vi-00 oldest-p-ams: <>
1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss for za@???
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbR-0005vi-00 ARC: AMS signing: error:0906D06C:PEM routines:PEM_read_bio:no start line
+1999-03-02 09:44:33 10HmbR-0005vi-00 ARC: AMS signing: privkey PEM-block import: error:0906D06C:PEM routines:PEM_read_bio:no start line 

 1999-03-02 09:44:33 10HmbS-0005vi-00 arc_state:      <none>
 1999-03-02 09:44:33 10HmbS-0005vi-00 domains:        <>


This message was posted to the following mailing lists:
exim-cvs
Mailing List Info | Nearby Messages		<-[exim-cvs] Safer handling of argument-logging memory of cwd[exim-cvs] DMARC: do not wipe values set by config options, between message receptions->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)