diff options
author | Gilles Chehade <gilles@poolp.org> | 2020-01-09 16:38:36 +0100 |
---|---|---|
committer | Gilles Chehade <gilles@poolp.org> | 2020-01-09 16:38:36 +0100 |
commit | 80bd2bde6ced5e5e54221cf2d58d74f5ff5a387a (patch) | |
tree | 1960813b522762486209871c985a670d226aaee8 | |
parent | Merge branch 'master' into libtls (diff) | |
download | OpenSMTPD-80bd2bde6ced5e5e54221cf2d58d74f5ff5a387a.tar.xz OpenSMTPD-80bd2bde6ced5e5e54221cf2d58d74f5ff5a387a.zip |
allow building again
-rw-r--r-- | smtpd/smtp.h | 3 | ||||
-rw-r--r-- | smtpd/smtp_client.c | 8 | ||||
-rw-r--r-- | smtpd/smtp_session.c | 2 | ||||
-rw-r--r-- | smtpd/smtpc.c | 41 | ||||
-rw-r--r-- | smtpd/to.c | 2 |
5 files changed, 7 insertions, 49 deletions
diff --git a/smtpd/smtp.h b/smtpd/smtp.h index f1f1c56c..514a4303 100644 --- a/smtpd/smtp.h +++ b/smtpd/smtp.h @@ -44,6 +44,7 @@ struct smtp_params { int timeout; /* timeout in seconds */ /* TLS options */ + struct tls *tls_ctx; const char *tls_name; /* hostname of requested server */ int tls_req; /* requested TLS mode */ int tls_verify; /* need valid server certificate */ @@ -87,8 +88,6 @@ void smtp_quit(struct smtp_client *); void smtp_sendmail(struct smtp_client *, struct smtp_mail *); /* callbacks */ -void smtp_verify_server_cert(void *, struct smtp_client *, void *); -void smtp_require_tls(void *, struct smtp_client *); void smtp_ready(void *, struct smtp_client *); void smtp_failed(void *, struct smtp_client *, int, const char *); void smtp_closed(void *, struct smtp_client *); diff --git a/smtpd/smtp_client.c b/smtpd/smtp_client.c index 2e73562a..0b2e4a5a 100644 --- a/smtpd/smtp_client.c +++ b/smtpd/smtp_client.c @@ -507,8 +507,9 @@ smtp_client_response(struct smtp_client *proto, const char *line) } smtp_client_state(proto, STATE_AUTH); } - else - smtp_require_tls(proto->tag, proto); + else { + //smtp_require_tls(proto->tag, proto); + } break; case STATE_AUTH_PLAIN: @@ -618,7 +619,7 @@ smtp_client_io(struct io *io, int evt, void *arg) case IO_CONNECTED: if (proto->params.tls_req == TLS_SMTPS) { io_set_write(io); - smtp_require_tls(proto->tag, proto); + //smtp_require_tls(proto->tag, proto); } else smtp_client_state(proto, STATE_BANNER); @@ -627,7 +628,6 @@ smtp_client_io(struct io *io, int evt, void *arg) case IO_TLSREADY: proto->flags |= FLAG_TLS; io_pause(proto->io, IO_IN); - smtp_verify_server_cert(proto->tag, proto, io_tls(proto->io)); break; case IO_DATAIN: diff --git a/smtpd/smtp_session.c b/smtpd/smtp_session.c index 1038da45..f254db21 100644 --- a/smtpd/smtp_session.c +++ b/smtpd/smtp_session.c @@ -2822,7 +2822,7 @@ smtp_message_begin(struct smtp_tx *tx) m_printf(tx, " (%s:%s:%d:%s)", tls_conn_version(io_tls(s->io)), tls_conn_cipher(io_tls(s->io)), - tls_conn_cipher_bits(io_tls(s->io)), + tls_conn_cipher_strength(io_tls(s->io)), (s->flags & SF_VERIFIED) ? "YES" : "NO"); if (s->listener->flags & F_RECEIVEDAUTH) { diff --git a/smtpd/smtpc.c b/smtpd/smtpc.c index c2cfc710..9f60b964 100644 --- a/smtpd/smtpc.c +++ b/smtpd/smtpc.c @@ -351,47 +351,6 @@ log_trace(int lvl, const char *emsg, ...) } void -smtp_verify_server_cert(void *tag, struct smtp_client *proto, void *ctx) -{ - SSL *ssl = ctx; - X509 *cert; - long res; - int match; - - if ((cert = SSL_get_peer_certificate(ssl))) { - (void)ssl_check_name(cert, servname, &match); - X509_free(cert); - res = SSL_get_verify_result(ssl); - if (res == X509_V_OK) { - if (match) { - log_debug("valid certificate"); - smtp_cert_verified(proto, CERT_OK); - } - else { - log_debug("certificate does not match hostname"); - smtp_cert_verified(proto, CERT_INVALID); - } - return; - } - log_debug("certificate validation error %ld", res); - } - else - log_debug("no certificate provided"); - - smtp_cert_verified(proto, CERT_INVALID); -} - -void -smtp_require_tls(void *tag, struct smtp_client *proto) -{ - SSL *ssl = NULL; - - if ((ssl = SSL_new(ssl_ctx)) == NULL) - fatal("SSL_new"); - smtp_set_tls(proto, ssl); -} - -void smtp_ready(void *tag, struct smtp_client *proto) { log_debug("connection ready..."); @@ -838,7 +838,7 @@ tls_to_text(struct tls *tls) (void)snprintf(buf, sizeof buf, "%s:%s:%d", tls_conn_version(tls), tls_conn_cipher(tls), - tls_conn_cipher_bits(tls)); + tls_conn_cipher_strength(tls)); return (buf); } |