summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2012-05-17 20:07:04 -0400
committerPhil Pennock <pdp@exim.org>2012-05-17 20:07:04 -0400
commit5c8cda3a8089ff340224e6ab147d4bbe18dca0e2 (patch)
tree91a3a4bac3ecaed7b3ea6cfcd27df5246e7783eb
parent9e45c72b8e4f14f722c704634ee0880ca65e4686 (diff)
CRL addition returns count of CRLs added
A couple more cert1/2 strings updated, plus some disambiguating rhubarb.
-rw-r--r--src/src/tls-gnu.c13
-rw-r--r--test/log/201413
-rw-r--r--test/rejectlog/20146
-rw-r--r--test/scripts/2000-GnuTLS/201418
-rw-r--r--test/stdout/201444
5 files changed, 49 insertions, 45 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 1953be1e4..a9a82e88f 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -728,15 +728,18 @@ if (cert_count < 0)
}
DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n", cert_count);
-if (state->tls_crl && *state->tls_crl)
+if (state->tls_crl && *state->tls_crl &&
+ state->exp_tls_crl && *state->exp_tls_crl)
{
- if (state->exp_tls_crl && *state->exp_tls_crl)
+ DEBUG(D_tls) debug_printf("loading CRL file = %s\n", state->exp_tls_crl);
+ cert_count = gnutls_certificate_set_x509_crl_file(state->x509_cred,
+ CS state->exp_tls_crl, GNUTLS_X509_FMT_PEM);
+ if (cert_count < 0)
{
- DEBUG(D_tls) debug_printf("loading CRL file = %s\n", state->exp_tls_crl);
- rc = gnutls_certificate_set_x509_crl_file(state->x509_cred,
- CS state->exp_tls_crl, GNUTLS_X509_FMT_PEM);
+ rc = cert_count;
exim_gnutls_err_check(US"gnutls_certificate_set_x509_crl_file");
}
+ DEBUG(D_tls) debug_printf("Processed %d CRLs.\n", cert_count);
}
return OK;
diff --git a/test/log/2014 b/test/log/2014
index 0abc041e2..554100b77 100644
--- a/test/log/2014
+++ b/test/log/2014
@@ -1,8 +1,9 @@
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate.
-1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
-1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
+1999-03-02 09:44:33 TLS error on connection from (rhu1.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate.
+1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
+1999-03-02 09:44:33 TLS error on connection from (rhu5.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): revoked
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
+1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): A TLS packet with unexpected length was received.
+1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason.
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
diff --git a/test/rejectlog/2014 b/test/rejectlog/2014
index b8cc95ac2..fb9f7cd99 100644
--- a/test/rejectlog/2014
+++ b/test/rejectlog/2014
@@ -1,3 +1,3 @@
-1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
+1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
diff --git a/test/scripts/2000-GnuTLS/2014 b/test/scripts/2000-GnuTLS/2014
index 3e6710b59..dfddfa54c 100644
--- a/test/scripts/2000-GnuTLS/2014
+++ b/test/scripts/2000-GnuTLS/2014
@@ -5,7 +5,7 @@ exim -DSERVER=server -bd -oX PORT_D
# No certificate, certificate required
client-gnutls HOSTIPV4 PORT_D
??? 220
-ehlo rhu.barb
+ehlo rhu1.barb
??? 250-
??? 250-
??? 250-
@@ -18,7 +18,7 @@ starttls
# No certificate, certificate optional at TLS time, required by ACL
client-gnutls 127.0.0.1 PORT_D
??? 220
-ehlo rhu.barb
+ehlo rhu2.barb
??? 250-
??? 250-
??? 250-
@@ -27,7 +27,7 @@ ehlo rhu.barb
??? 250
starttls
??? 220
-helo rhu.barb
+helo rhu2tls.barb
??? 250
mail from:<userx@test.ex>
??? 250
@@ -39,7 +39,7 @@ quit
# Good certificate, certificate required
client-gnutls HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
-ehlo rhu.barb
+ehlo rhu3.barb
??? 250-
??? 250-
??? 250-
@@ -58,7 +58,7 @@ quit
# Good certificate, certificate optional at TLS time, checked by ACL
client-gnutls 127.0.0.1 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
-ehlo rhu.barb
+ehlo rhu4.barb
??? 250-
??? 250-
??? 250-
@@ -77,7 +77,7 @@ quit
# Bad certificate, certificate required
client-gnutls HOSTIPV4 PORT_D aux-fixed/cert1 aux-fixed/cert1
??? 220
-ehlo rhu.barb
+ehlo rhu5.barb
??? 250-
??? 250-
??? 250-
@@ -90,7 +90,7 @@ starttls
# Bad certificate, certificate optional at TLS time, reject at ACL time
client-gnutls 127.0.0.1 PORT_D aux-fixed/cert1 aux-fixed/cert1
??? 220
-ehlo rhu.barb
+ehlo rhu6.barb
??? 250-
??? 250-
??? 250-
@@ -113,7 +113,7 @@ exim -DCRL=DIR/aux-fixed/crl.pem -DSERVER=server -bd -oX PORT_D
# Good but revoked certificate, certificate required
client-gnutls HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
-ehlo rhu.barb
+ehlo rhu7.barb
??? 250-
??? 250-
??? 250-
@@ -126,7 +126,7 @@ starttls
# Revoked certificate, certificate optional at TLS time, reject at ACL time
client-gnutls 127.0.0.1 PORT_D aux-fixed/cert1 aux-fixed/cert1
??? 220
-ehlo rhu.barb
+ehlo rhu8.barb
??? 250-
??? 250-
??? 250-
diff --git a/test/stdout/2014 b/test/stdout/2014
index 0c14ca635..56c959f20 100644
--- a/test/stdout/2014
+++ b/test/stdout/2014
@@ -1,9 +1,9 @@
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu1.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu1.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -23,9 +23,9 @@ End of script
Connecting to 127.0.0.1 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu2.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu2.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -41,9 +41,9 @@ Connecting to 127.0.0.1 port 1225 ... connected
<<< 220 TLS go ahead
Attempting to start TLS
Succeeded in starting TLS
->>> helo rhu.barb
+>>> helo rhu2tls.barb
??? 250
-<<< 250 myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250 myhost.test.ex Hello rhu2tls.barb [127.0.0.1]
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
@@ -59,9 +59,9 @@ Certificate file = aux-fixed/cert2
Key file = aux-fixed/cert2
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu3.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu3.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -92,9 +92,9 @@ Certificate file = aux-fixed/cert2
Key file = aux-fixed/cert2
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu4.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu4.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -125,9 +125,9 @@ Certificate file = aux-fixed/cert1
Key file = aux-fixed/cert1
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu5.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu5.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -149,9 +149,9 @@ Certificate file = aux-fixed/cert1
Key file = aux-fixed/cert1
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu6.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu6.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -172,9 +172,9 @@ Succeeded in starting TLS
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 550-
-<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of
+<<< 550-certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test
??? 550
-<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel
+<<< 550 Suite,CN=Phil Pennock
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
@@ -184,9 +184,9 @@ Certificate file = aux-fixed/cert2
Key file = aux-fixed/cert2
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu7.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu7.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -208,9 +208,9 @@ Certificate file = aux-fixed/cert1
Key file = aux-fixed/cert1
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu8.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu8.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
@@ -231,9 +231,9 @@ Succeeded in starting TLS
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 550-
-<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of
+<<< 550-certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test
??? 550
-<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel
+<<< 550 Suite,CN=Phil Pennock
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection