[exim-cvs] OpenSSL: add remote host info to log line for in-…

Inizio della pagina
Delete this message
Reply to this message
Autore: Exim Git Commits Mailing List
Data:  
To: exim-cvs
Oggetto: [exim-cvs] OpenSSL: add remote host info to log line for in-connection TLS error. Bug 3010
Gitweb: https://git.exim.org/exim.git/commitdiff/b90406e36cfef4cf6aaf104c3a403f6745763b5b
Commit:     b90406e36cfef4cf6aaf104c3a403f6745763b5b
Parent:     05144fcef30e94a727e26e011f60df8bb851f07b
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Jul 15 16:12:58 2023 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sat Jul 15 16:12:58 2023 +0100


    OpenSSL: add remote host info to log line for in-connection TLS error.  Bug 3010
---
 src/src/receive.c     | 5 ++---
 src/src/tls-openssl.c | 7 ++++++-
 test/runtest          | 2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)


diff --git a/src/src/receive.c b/src/src/receive.c
index 0891a4a8c..4271561d7 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -3911,8 +3911,7 @@ else
       break;
     }


-  g = string_append(NULL, 2, US"F=",
-    sender_address[0] == 0 ? US"<>" : sender_address);
+  g = string_append(NULL, 2, US"F=", *sender_address ? sender_address : US"<>");
   g = add_host_info_for_log(g);


log_write(0, LOG_MAIN|LOG_REJECT, "%Y %srejected by local_scan(): %.256s",
@@ -4056,7 +4055,7 @@ g = string_get(256);

g = string_append(g, 2,
fake_response == FAIL ? US"(= " : US"<= ",
- sender_address[0] == 0 ? US"<>" : sender_address);
+ *sender_address ? sender_address : US"<>");
if (message_reference)
g = string_append(g, 2, US" R=", message_reference);

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 22c8ea99a..2e537a160 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -4532,10 +4532,15 @@ switch(error)

   /* Handle genuine errors */
   case SSL_ERROR_SSL:
+    {
+    uschar * conn_info = smtp_get_connection_info();
+    if (Ustrncmp(conn_info, US"SMTP ", 5) == 0) conn_info += 5;
+    /* I'd like to get separated H= here, but too hard for now */
     ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
-    log_write(0, LOG_MAIN, "TLS error (SSL_read): %s", ssl_errstring);
+    log_write(0, LOG_MAIN, "TLS error (SSL_read): on %s %s", conn_info, ssl_errstring);
     ssl_xfer_error = TRUE;
     return FALSE;
+    }


   default:
     DEBUG(D_tls) debug_printf("Got SSL error %d\n", error);
diff --git a/test/runtest b/test/runtest
index e918b0cdf..17f7ab4c9 100755
--- a/test/runtest
+++ b/test/runtest
@@ -1556,7 +1556,7 @@ RESET_AFTER_EXTRA_LINE_READ:


     # OpenSSL version variances
     s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)|):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/;
-    next if /TLS error \(SSL_read\): error:0A000126:SSL routines::unexpected eof while reading$/ ;
+    next if /TLS error \(SSL_read\): .*error:0A000126:SSL routines::unexpected eof while reading$/ ;
     s/EVDATA: \K\(SSL_accept\): error:0A000126:SSL routines::unexpected eof while reading/SSL_accept: TCP connection closed by peer/;
     s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(?:(?i)ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT|)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/;
     s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:(?:(?i)int_rsa_verify|CRYPTO_internal):(?:bad signature|algorithm mismatch)$/$1Public key signature verification has failed./;


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/