[exim-cvs] Fix logging of DANE, client-side under LibreSSL

Startseite
Diese Nachricht ist Teil des folgenden Threads:
MDer komplette Thread sortiert nach Datum
 
 
Nachricht löschen
Nachricht beantworten
Autor: Exim Git Commits Mailing List
Datum:  
To: exim-cvs
Betreff: [exim-cvs] Fix logging of DANE, client-side under LibreSSL
Gitweb: https://git.exim.org/exim.git/commitdiff/4ed67f68df666fe38076e3bfd2183db71e742c7a
Commit:     4ed67f68df666fe38076e3bfd2183db71e742c7a
Parent:     9f6563c0ee45cfb670a38fb97362abd85b60395f
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Oct 21 17:18:28 2019 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Mon Oct 21 17:31:47 2019 +0100


    Fix logging of DANE, client-side under LibreSSL
---
 src/src/tls-openssl.c | 8 ++++++--
 test/runtest          | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)


diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index bd97969..e45ebd3 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2347,7 +2347,11 @@ if (tlsp->peercert)
     for resumption next to the TLS session, and used here. */


     if (!tlsp->verify_override)
-      tlsp->certificate_verified = SSL_get_verify_result(ssl) == X509_V_OK;
+      tlsp->certificate_verified =
+#ifdef SUPPORT_DANE
+    tlsp->dane_verified ||
+#endif
+    SSL_get_verify_result(ssl) == X509_V_OK;
     }
 }


@@ -2720,7 +2724,7 @@ if (rc <= 0)
     case SSL_ERROR_SSL:
       {
       uschar * s = US"SSL_accept";
-      ulong e = ERR_peek_error();
+      unsigned long e = ERR_peek_error();
       if (ERR_GET_REASON(e) == SSL_R_WRONG_VERSION_NUMBER)
     s = string_sprintf("%s (%s)", s, SSL_get_version(server_ssl));
       (void) tls_error(s, NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
diff --git a/test/runtest b/test/runtest
index 58a989f..fea4084 100755
--- a/test/runtest
+++ b/test/runtest
@@ -1351,7 +1351,7 @@ RESET_AFTER_EXTRA_LINE_READ:


     # openssl version variances
     s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/;
-    s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/;
+    s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(?:(?i)ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/;
     s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:(?:(?i)int_rsa_verify|CRYPTO_internal):(?:bad signature|algorithm mismatch)$/$1Public key signature verification has failed./;
     s/ARC: AMS signing: privkey PEM-block import: error:\K[0-9A-F]{8}:(PEM routines):get_name:(no start line)/0906D06C:$1:PEM_read_bio:$2/;



Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
exim-cvs
Mailing-List-Info | Nachrichten um die Zeit		<-[exim-cvs] Testsuite: escape parens in REs[exim-cvs] Testsuite: munge for non-TLS builds->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)