diff options
author | Phil Pennock <pdp@exim.org> | 2012-05-21 00:20:37 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-05-21 00:20:37 -0400 |
commit | 9d26b8c05f5308b474b560fa2a8a1046e2f5c1b6 (patch) | |
tree | 44575e953c03cb8815ca96a06b0c1f2fc5bc9f59 | |
parent | 1d7a353eb367991d8de63c32efa64f8224f3089f (diff) |
features.h; tls_validate_require_cipher: log flag & testsexim-4_80_RC3
Pull in <features.h> on Linux.
Switch readconf log from D_all (bug) to D_tls (though D_any would have
worked).
Modified runtest to handle clamped DH bits and
tls_validate_require_cipher added debug logging.
-rw-r--r-- | doc/doc-txt/ChangeLog | 3 | ||||
-rw-r--r-- | src/OS/os.h-Linux | 7 | ||||
-rw-r--r-- | src/src/readconf.c | 2 | ||||
-rwxr-xr-x | test/runtest | 17 |
4 files changed, 24 insertions, 5 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 23c727c92..8c7dc7230 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -146,6 +146,9 @@ PP/34 Validate tls_require_ciphers on startup, since debugging an invalid relatively easy to get wrong. Should also expose TLS library linkage problems. +PP/35 Pull in <features.h> on Linux, for some portability edge-cases of + 64-bit ${eval} (JH/03). + Exim version 4.77 ----------------- diff --git a/src/OS/os.h-Linux b/src/OS/os.h-Linux index eb7036d0f..5186ec89d 100644 --- a/src/OS/os.h-Linux +++ b/src/OS/os.h-Linux @@ -1,5 +1,12 @@ /* Exim: OS-specific C header file for Linux */ +/* Some weird variants may require invocation with C99 and features.h +inclusion to build, with the 64-bit arithmetic. Make compiler selection +their problem, but build anyway. */ + +#include <features.h> + + #define CRYPT_H #define GLIBC_IP_OPTIONS #define HAVE_MMAP diff --git a/src/src/readconf.c b/src/src/readconf.c index 3235d4556..c3ffe4f82 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -2824,7 +2824,7 @@ do { rc = waitpid(pid, &status, 0); } while (rc < 0 && errno == EINTR); -DEBUG(D_all) +DEBUG(D_tls) debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n", (int)pid, status); diff --git a/test/runtest b/test/runtest index 5ac52ae56..3e961ca98 100755 --- a/test/runtest +++ b/test/runtest @@ -28,9 +28,10 @@ $testversion = "4.80 (08-May-12)"; # This gets embedded in the D-H params filename, and the value comes # from asking GnuTLS for "normal", but there appears to be no way to # use certtool/... to ask what that value currently is. *sigh* -# This value is correct as of GnuTLS 2.12.18. -# -$gnutls_dh_bits_normal = 2432; +# We also clamp it because of NSS interop, see addition of tls_dh_max_bits. +# This value is correct as of GnuTLS 2.12.18 as clamped by tls_dh_max_bits. +# normal = 2432 tls_dh_max_bits = 2236 +$gnutls_dh_bits_normal = 2236; $cf = "bin/cf -exact"; $cr = "\r"; @@ -716,7 +717,6 @@ RESET_AFTER_EXTRA_LINE_READ: s/(TLS error on connection (?:from|to) .*? \(SSL_\w+\): error:)(.*)/$1 <<detail omitted>>/; - # ======== Maildir things ======== # timestamp output in maildir processing s/(timestamp=|\(timestamp_only\): )\d+/$1ddddddd/g; @@ -849,6 +849,15 @@ RESET_AFTER_EXTRA_LINE_READ: # be the case next if /^changing group to \d+ failed: Operation not permitted/; + # We might not keep this check; rather than change all the tests, just + # ignore it as long as it succeeds; then we only need to change the + # TLS tests where tls_require_ciphers has been set. + if (m{^changed uid/gid: calling tls_validate_require_cipher}) { + my $discard = <IN>; + next; + } + next if /^tls_validate_require_cipher child \d+ ended: status=0x0/; + # We invoke Exim with -D, so we hit this new messag as of Exim 4.73: next if /^macros_trusted overridden to true by whitelisting/; |