summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2012-05-21 00:20:37 -0400
committerPhil Pennock <pdp@exim.org>2012-05-21 00:20:37 -0400
commit9d26b8c05f5308b474b560fa2a8a1046e2f5c1b6 (patch)
tree44575e953c03cb8815ca96a06b0c1f2fc5bc9f59
parent1d7a353eb367991d8de63c32efa64f8224f3089f (diff)
features.h; tls_validate_require_cipher: log flag & testsexim-4_80_RC3
Pull in <features.h> on Linux. Switch readconf log from D_all (bug) to D_tls (though D_any would have worked). Modified runtest to handle clamped DH bits and tls_validate_require_cipher added debug logging.
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--src/OS/os.h-Linux7
-rw-r--r--src/src/readconf.c2
-rwxr-xr-xtest/runtest17
4 files changed, 24 insertions, 5 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 23c727c92..8c7dc7230 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -146,6 +146,9 @@ PP/34 Validate tls_require_ciphers on startup, since debugging an invalid
relatively easy to get wrong. Should also expose TLS library linkage
problems.
+PP/35 Pull in <features.h> on Linux, for some portability edge-cases of
+ 64-bit ${eval} (JH/03).
+
Exim version 4.77
-----------------
diff --git a/src/OS/os.h-Linux b/src/OS/os.h-Linux
index eb7036d0f..5186ec89d 100644
--- a/src/OS/os.h-Linux
+++ b/src/OS/os.h-Linux
@@ -1,5 +1,12 @@
/* Exim: OS-specific C header file for Linux */
+/* Some weird variants may require invocation with C99 and features.h
+inclusion to build, with the 64-bit arithmetic. Make compiler selection
+their problem, but build anyway. */
+
+#include <features.h>
+
+
#define CRYPT_H
#define GLIBC_IP_OPTIONS
#define HAVE_MMAP
diff --git a/src/src/readconf.c b/src/src/readconf.c
index 3235d4556..c3ffe4f82 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -2824,7 +2824,7 @@ do {
rc = waitpid(pid, &status, 0);
} while (rc < 0 && errno == EINTR);
-DEBUG(D_all)
+DEBUG(D_tls)
debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n",
(int)pid, status);
diff --git a/test/runtest b/test/runtest
index 5ac52ae56..3e961ca98 100755
--- a/test/runtest
+++ b/test/runtest
@@ -28,9 +28,10 @@ $testversion = "4.80 (08-May-12)";
# This gets embedded in the D-H params filename, and the value comes
# from asking GnuTLS for "normal", but there appears to be no way to
# use certtool/... to ask what that value currently is. *sigh*
-# This value is correct as of GnuTLS 2.12.18.
-#
-$gnutls_dh_bits_normal = 2432;
+# We also clamp it because of NSS interop, see addition of tls_dh_max_bits.
+# This value is correct as of GnuTLS 2.12.18 as clamped by tls_dh_max_bits.
+# normal = 2432 tls_dh_max_bits = 2236
+$gnutls_dh_bits_normal = 2236;
$cf = "bin/cf -exact";
$cr = "\r";
@@ -716,7 +717,6 @@ RESET_AFTER_EXTRA_LINE_READ:
s/(TLS error on connection (?:from|to) .*? \(SSL_\w+\): error:)(.*)/$1 <<detail omitted>>/;
-
# ======== Maildir things ========
# timestamp output in maildir processing
s/(timestamp=|\(timestamp_only\): )\d+/$1ddddddd/g;
@@ -849,6 +849,15 @@ RESET_AFTER_EXTRA_LINE_READ:
# be the case
next if /^changing group to \d+ failed: Operation not permitted/;
+ # We might not keep this check; rather than change all the tests, just
+ # ignore it as long as it succeeds; then we only need to change the
+ # TLS tests where tls_require_ciphers has been set.
+ if (m{^changed uid/gid: calling tls_validate_require_cipher}) {
+ my $discard = <IN>;
+ next;
+ }
+ next if /^tls_validate_require_cipher child \d+ ended: status=0x0/;
+
# We invoke Exim with -D, so we hit this new messag as of Exim 4.73:
next if /^macros_trusted overridden to true by whitelisting/;