[exim-cvs] GnuTLS: fix $tls_out_ocsp under hosts_request_ocs…

Inizio della pagina
Questo messaggio è parte di questo thread:
Mil thread completo ordinato per data
 
 
Delete this message
Reply to this message
Autore: Exim Git Commits Mailing List
Data:  
To: exim-cvs
Oggetto: [exim-cvs] GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp
Gitweb: https://git.exim.org/exim.git/commitdiff/7a501c874f028f689c44999ab05bb0d39da46941
Commit:     7a501c874f028f689c44999ab05bb0d39da46941
Parent:     c82de233a9bf264bb0db7ae72b2aa6da62ade2f0
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Tue May 7 22:42:18 2019 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Tue May 7 22:45:51 2019 +0100


    GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp
---
 doc/doc-txt/ChangeLog |  3 +++
 src/src/tls-gnu.c     | 12 ++++++++----
 test/log/5651         |  2 +-
 test/log/5730         |  8 ++++----
 test/log/5890         | 32 ++++++++++++++++----------------
 5 files changed, 32 insertions(+), 25 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 59a025b..05f2545 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -91,6 +91,9 @@ JH/16 GnuTLS: rework ciphersuite strings under recent library versions. Thanks

JH/17 OpenSSL: the default openssl_options now disables ssl_v3. 

+JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the
+      verification result was not updated unless hosts_require_ocsp applied.
+


Exim version 4.92
-----------------
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index df07c53..dc8cdab 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -2757,7 +2757,7 @@ if (!verify_certificate(state, errstr))
} 

 #ifndef DISABLE_OCSP
-if (require_ocsp)
+if (request_ocsp)
   {
   DEBUG(D_tls)
     {
@@ -2781,10 +2781,14 @@ if (require_ocsp)
     {
     tlsp->ocsp = OCSP_FAILED;
     tls_error(US"certificate status check failed", NULL, state->host, errstr);
-    return FALSE;
+    if (require_ocsp)
+      return FALSE;
+    }
+  else
+    {
+    DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
+    tlsp->ocsp = OCSP_VFIED;
     }
-  DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
-  tlsp->ocsp = OCSP_VFIED;
   }
 #endif


diff --git a/test/log/5651 b/test/log/5651
index bdba648..2b2af41 100644
--- a/test/log/5651
+++ b/test/log/5651
@@ -16,7 +16,7 @@

******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: OCSP status 1 (notresp)
+1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: OCSP status 3 (failed)
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@???
1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <norequire@???> R=server
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
diff --git a/test/log/5730 b/test/log/5730
index ad14fe4..6582d75 100644
--- a/test/log/5730
+++ b/test/log/5730
@@ -1,10 +1,10 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 => norequire@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 client ocsp status: 1 (notresp)
+1999-03-02 09:44:33 10HmaX-0005vi-00 client ocsp status: 3 (failed)
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 => norequire@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 client ocsp status: 1 (notresp)
+1999-03-02 09:44:33 10HmaZ-0005vi-00 client ocsp status: 4 (verified)
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbB-0005vi-00 => nostaple@??? R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
@@ -26,12 +26,12 @@ 

 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: OCSP status 1 (notresp)
+1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: OCSP status 3 (failed)
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@???
 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <norequire@???> R=server
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbA-0005vi-00 client claims: OCSP status 1 (notresp)
+1999-03-02 09:44:33 10HmbA-0005vi-00 client claims: OCSP status 4 (verified)
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@???
 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <norequire@???> R=server
 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
diff --git a/test/log/5890 b/test/log/5890
index 17ae494..324e5a4 100644
--- a/test/log/5890
+++ b/test/log/5890
@@ -4,7 +4,7 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmaX-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmaX-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmaX-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmaX-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaX-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmaX-0005vi-00 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
@@ -15,7 +15,7 @@
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption not requested or offered
@@ -23,7 +23,7 @@
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
@@ -36,7 +36,7 @@
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbC-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbC-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbC-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbC-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00"
@@ -47,7 +47,7 @@
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbE-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbE-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbE-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbE-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbF-0005vi-00"
@@ -58,7 +58,7 @@
 1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbG-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbG-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbG-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbG-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbG-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbG-0005vi-00 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbH-0005vi-00"
@@ -69,7 +69,7 @@
 1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbI-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbI-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbI-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbI-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbI-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbJ-0005vi-00"
@@ -80,7 +80,7 @@
 1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert verified    0
 1999-03-02 09:44:33 10HmbK-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbK-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbK-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbK-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbK-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbK-0005vi-00 => noverify_getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="CN=server1.example.com" C="250 OK id=10HmbL-0005vi-00"
@@ -91,7 +91,7 @@
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified    0
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbM-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbM-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbM-0005vi-00 => noverify_resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no DN="CN=server1.example.com" C="250 OK id=10HmbN-0005vi-00"
@@ -102,7 +102,7 @@
 1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbO-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbO-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbO-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbO-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbO-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbO-0005vi-00 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbP-0005vi-00"
@@ -113,7 +113,7 @@
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbQ-0005vi-00 tls_out_resumption not requested or offered
@@ -121,7 +121,7 @@
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbQ-0005vi-00 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbR-0005vi-00"
@@ -134,7 +134,7 @@
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbT-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbT-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbT-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbT-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbT-0005vi-00 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbU-0005vi-00"
@@ -145,7 +145,7 @@
 1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbV-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbV-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbV-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbV-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbV-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbV-0005vi-00 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbW-0005vi-00"
@@ -156,7 +156,7 @@
 1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbX-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbX-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbX-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbX-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbX-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbX-0005vi-00 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbY-0005vi-00"
@@ -167,7 +167,7 @@
 1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbZ-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbZ-0005vi-00 ocsp    1
+1999-03-02 09:44:33 10HmbZ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbZ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbZ-0005vi-00 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcA-0005vi-00"


Questo messaggio è stato inviato alle seguenti mailing lists:
exim-cvs
Informazioni sulla Mailing List | Messaggi correlati		<-[exim-cvs] OpenSSL: discard expired resumption session in client[exim-cvs] OpenSSL: fix tls_try_verify_hosts under resumption->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)