← Back to branch summary

~ubuntu-branches/ubuntu/hardy/exim4/hardy-proposed

~ubuntu-branches/ubuntu/hardy/exim4/hardy-proposed

« back to all changes in this revision

Viewing changes to src/tls-openssl.c

Committer: Bazaar Package Importer
Author(s): Marc Haber
Date: 2005-07-02 06:08:34 UTC
mfrom: (1.1.1 upstream)
Revision ID: james.westby@ubuntu.com-20050702060834-qk17pd52kb9nt3bj

Tags: 4.52-1

http://bugs.debian.org/315775

* new upstream version 4.51. (mh)
  * adapt 70_remove_exim-users_references
  * remove 37_gnutlsparams
  * adapt 36_pcre
  * adapt 31_eximmanpage
* fix package priorities to have them in sync with override again. (mh)
* Fix error in nb (Norwegian) translation.
  Thanks to Helge Hafting. (mh). Closes: #315775
* Standards-Version: 3.6.2, no changes needed. (mh)

files added:
OS/Makefile-GNUkFreeBSD

OS/Makefile-GNUkNetBSD

OS/os.h-GNUkFreeBSD

OS/os.h-GNUkNetBSD

debian/config-custom/debian/install

debian/linda

debian/linda-overrides

debian/linda/overrides

debian/linda/overrides/exim4-daemon-heavy

debian/linda/overrides/exim4-daemon-light

debian/lintian

debian/lintian/overrides

debian/lintian/overrides/exim4-config

debian/lintian/overrides/exim4-daemon-heavy

debian/lintian/overrides/exim4-daemon-light

debian/patches/60_convert4r4.dpatch

debian/patches/70_remove_exim-users_references.dpatch

debian/po/et.po

debian/po/gl.po

debian/po/tl.po

debian/po/vi.po

doc/experimental-spec.txt

src/auths/cyrus_sasl.c

src/auths/cyrus_sasl.h

src/bmi_spam.c

src/bmi_spam.h

src/demime.c

src/demime.h

src/dk.c

src/dk.h

src/lookups/lf_quote.c

src/lookups/spf.c

src/lookups/spf.h

src/malware.c

src/mime.c

src/mime.h

src/pcre/pcre_compile.c

src/pcre/pcre_config.c

src/pcre/pcre_exec.c

src/pcre/pcre_fullinfo.c

src/pcre/pcre_get.c

src/pcre/pcre_globals.c

src/pcre/pcre_internal.h

src/pcre/pcre_maketables.c

src/pcre/pcre_printint.c

src/pcre/pcre_study.c

src/pcre/pcre_tables.c

src/pcre/pcre_try_flipped.c

src/pcre/pcre_version.c

src/pcre/ucp.h

src/regex.c

src/spam.c

src/spam.h

src/spf.c

src/spf.h

src/spool_mbox.c

src/srs.c

src/srs.h

util/README

util/mkcdb.pl

files removed:
OS/Makefile-Linux-libc5

OS/os.c-Linux-libc5

OS/os.h-Linux-libc5

debian/README.TLS

debian/config-custom/debian/files

debian/debconf/30_exim4-config_example_check_rcpt

debian/exim4-config-medium

debian/exim4-config-medium/debian

debian/exim4-config-medium/debian/changelog

debian/exim4-config-medium/debian/compat

debian/exim4-config-medium/debian/config

debian/exim4-config-medium/debian/config/30_exim4-config_example_check_rcpt

debian/exim4-config-medium/debian/config/conf.d

debian/exim4-config-medium/debian/config/conf.d/30_exim4-config-medium_example_check_rcpt

debian/exim4-config-medium/debian/config/conf.d/conf.d

debian/exim4-config-medium/debian/config/conf.d/conf.d/acl

debian/exim4-config-medium/debian/config/conf.d/conf.d/acl/00_exim4-config-medium_header

debian/exim4-config-medium/debian/config/conf.d/conf.d/acl/20_exim4-config-medium_whitelist_local_deny

debian/exim4-config-medium/debian/config/conf.d/conf.d/acl/30_exim4-config-medium_check_rcpt

debian/exim4-config-medium/debian/config/conf.d/conf.d/acl/40_exim4-config-medium_check_data

debian/exim4-config-medium/debian/config/conf.d/conf.d/auth

debian/exim4-config-medium/debian/config/conf.d/conf.d/auth/00_exim4-config-medium_header

debian/exim4-config-medium/debian/config/conf.d/conf.d/auth/30_exim4-config-medium_examples

debian/exim4-config-medium/debian/config/conf.d/conf.d/main

debian/exim4-config-medium/debian/config/conf.d/conf.d/main/01_exim4-config-medium_listmacrosdefs

debian/exim4-config-medium/debian/config/conf.d/conf.d/main/02_exim4-config-medium_options

debian/exim4-config-medium/debian/config/conf.d/conf.d/main/03_exim4-config-medium_tlsoptions

debian/exim4-config-medium/debian/config/conf.d/conf.d/retry

debian/exim4-config-medium/debian/config/conf.d/conf.d/retry/00_exim4-config-medium_header

debian/exim4-config-medium/debian/config/conf.d/conf.d/retry/30_exim4-config-medium

debian/exim4-config-medium/debian/config/conf.d/conf.d/rewrite

debian/exim4-config-medium/debian/config/conf.d/conf.d/rewrite/00_exim4-config-medium_header

debian/exim4-config-medium/debian/config/conf.d/conf.d/rewrite/31_exim4-config-medium_rewriting

debian/exim4-config-medium/debian/config/conf.d/conf.d/router

debian/exim4-config-medium/debian/config/conf.d/conf.d/router/00_exim4-config-medium_header

debian/exim4-config-medium/debian/config/conf.d/conf.d/router/100_exim4-config-medium_domain_literal

debian/exim4-config-medium/debian/config/conf.d/conf.d/router/200_exim4-config-medium_primary

debian/exim4-config-medium/debian/config/conf.d/conf.d/router/300_exim4-config-medium_real_local

debian/exim4-config-medium/debian/config/conf.d/conf.d/router/400_exim4-config-medium_system_aliases

debian/exim4-config-medium/debian/config/conf.d/conf.d/router/500_exim4-config-medium_hubuser

debian/exim4-config-medium/debian/config/conf.d/conf.d/router/600_exim4-config-medium_userforward

debian/exim4-config-medium/debian/config/conf.d/conf.d/router/700_exim4-config-medium_procmail

debian/exim4-config-medium/debian/config/conf.d/conf.d/router/800_exim4-config-medium_maildrop

debian/exim4-config-medium/debian/config/conf.d/conf.d/router/900_exim4-config-medium_local_user

debian/exim4-config-medium/debian/config/conf.d/conf.d/router/mmm_mail4root

debian/exim4-config-medium/debian/config/conf.d/conf.d/transport

debian/exim4-config-medium/debian/config/conf.d/conf.d/transport/00_exim4-config-medium_header

debian/exim4-config-medium/debian/config/conf.d/conf.d/transport/30_exim4-config-medium_address_file

debian/exim4-config-medium/debian/config/conf.d/conf.d/transport/30_exim4-config-medium_address_pipe

debian/exim4-config-medium/debian/config/conf.d/conf.d/transport/30_exim4-config-medium_address_reply

debian/exim4-config-medium/debian/config/conf.d/conf.d/transport/30_exim4-config-medium_mail_spool

debian/exim4-config-medium/debian/config/conf.d/conf.d/transport/30_exim4-config-medium_maildir_home

debian/exim4-config-medium/debian/config/conf.d/conf.d/transport/30_exim4-config-medium_maildrop_pipe

debian/exim4-config-medium/debian/config/conf.d/conf.d/transport/30_exim4-config-medium_procmail_pipe

debian/exim4-config-medium/debian/config/conf.d/conf.d/transport/30_exim4-config-medium_remote_smtp

debian/exim4-config-medium/debian/config/conf.d/conf.d/transport/35_exim4-config-medium_address_directory

debian/exim4-config-medium/debian/config/conf.d/default_acl

debian/exim4-config-medium/debian/config/default_acl

debian/exim4-config-medium/debian/config/update-exim4.conf

debian/exim4-config-medium/debian/control

debian/exim4-config-medium/debian/copyright

debian/exim4-config-medium/debian/email-addresses

debian/exim4-config-medium/debian/exim4-config-medium.dirs

debian/exim4-config-medium/debian/exim4-config-medium.manpages

debian/exim4-config-medium/debian/exim4-config-medium.postinst

debian/exim4-config-medium/debian/exim4-config-medium.postrm

debian/exim4-config-medium/debian/ip-up.d

debian/exim4-config-medium/debian/manpages

debian/exim4-config-medium/debian/manpages/update-exim4.conf.8

debian/exim4-config-medium/debian/manpages/update-exim4defaults.8

debian/exim4-config-medium/debian/rules

debian/exim4-config-medium/debian/update-exim4.conf.conf

debian/exim4-config-medium/debian/update-exim4defaults

debian/exim4-config-simple

debian/exim4-config-simple/debian

debian/exim4-config-simple/debian/changelog

debian/exim4-config-simple/debian/compat

debian/exim4-config-simple/debian/control

debian/exim4-config-simple/debian/copyright

debian/exim4-config-simple/debian/debconf

debian/exim4-config-simple/debian/debconf/update-exim4.conf

debian/exim4-config-simple/debian/exim4-config-simple.dirs

debian/exim4-config-simple/debian/exim4-config-simple.manpages

debian/exim4-config-simple/debian/exim4-config-simple.postinst

debian/exim4-config-simple/debian/exim4-config-simple.postrm

debian/exim4-config-simple/debian/exim4.conf.defaults

debian/exim4-config-simple/debian/exim4.conf.source

debian/exim4-config-simple/debian/manpages

debian/exim4-config-simple/debian/manpages/update-exim4.conf.8

debian/exim4-config-simple/debian/rules

debian/patches/10_daemon_close_fds.dpatch

debian/patches/60_upstream_fixes.dpatch

debian/patches/61_queryprogramrouter.dpatch

debian/patches/62_statvfs.dpatch

debian/patches/63_nomorecrashongnutlserror.dpatch

debian/patches/64_pipeliningfixup.dpatch

debian/patches/65_tidydb-splitspool.dpatch

debian/patches/66_can2005-0021_can2005-0022.dpatch

debian/patches/exiscan.patch

files modified:
ACKNOWLEDGMENTS

CHANGES

LICENCE

Makefile

NOTICE

OS/Makefile-AIX

OS/Makefile-BSDI

OS/Makefile-Base

OS/Makefile-CYGWIN

OS/Makefile-DGUX

OS/Makefile-Darwin

OS/Makefile-Default

OS/Makefile-FreeBSD

OS/Makefile-GNU

OS/Makefile-HI-OSF

OS/Makefile-HI-UX

OS/Makefile-HP-UX

OS/Makefile-HP-UX-9

OS/Makefile-IRIX

OS/Makefile-IRIX6

OS/Makefile-IRIX632

OS/Makefile-IRIX65

OS/Makefile-Linux

OS/Makefile-NetBSD

OS/Makefile-NetBSD-a.out

OS/Makefile-OSF1

OS/Makefile-OpenBSD

OS/Makefile-OpenUNIX

OS/Makefile-QNX

OS/Makefile-SCO

OS/Makefile-SCO_SV

OS/Makefile-SunOS4

OS/Makefile-SunOS5

OS/Makefile-SunOS5-hal

OS/Makefile-ULTRIX

OS/Makefile-UNIX_SV

OS/Makefile-USG

OS/Makefile-Unixware7

OS/Makefile-mips

OS/eximon.conf-Default

OS/os.Configuring

OS/os.c-GNU

OS/os.c-HI-OSF

OS/os.c-IRIX

OS/os.c-IRIX6

OS/os.c-IRIX632

OS/os.c-IRIX65

OS/os.c-Linux

OS/os.c-OSF1

OS/os.c-cygwin

OS/os.h-AIX

OS/os.h-BSDI

OS/os.h-DGUX

OS/os.h-Darwin

OS/os.h-FreeBSD

OS/os.h-GNU

OS/os.h-HI-OSF

OS/os.h-HI-UX

OS/os.h-HP-UX

OS/os.h-HP-UX-9

OS/os.h-IRIX

OS/os.h-IRIX6

OS/os.h-IRIX632

OS/os.h-IRIX65

OS/os.h-Linux

OS/os.h-NetBSD

OS/os.h-NetBSD-a.out

OS/os.h-OSF1

OS/os.h-OpenBSD

OS/os.h-OpenUNIX

OS/os.h-QNX

OS/os.h-SCO

OS/os.h-SCO_SV

OS/os.h-SunOS4

OS/os.h-SunOS5

OS/os.h-SunOS5-hal

OS/os.h-ULTRIX

OS/os.h-UNIX_SV

OS/os.h-USG

OS/os.h-Unixware7

OS/os.h-cygwin

OS/os.h-mips

README

README.UPDATING

debian/EDITME.exim4-heavy.diff

debian/EDITME.exim4-light.diff

debian/EDITME.eximon.diff

debian/README.Debian

debian/README.Debian-accountname

debian/README.Debian.UUCP

debian/README.Debian.xinetd

debian/README.SMTP-AUTH

debian/README.system_aliases

debian/TODO

debian/changelog

debian/config-custom/create-custom-config-package

debian/config-custom/debian/rules

debian/control

debian/create-custom-package

debian/debconf/conf.d/acl/20_exim4-config_whitelist_local_deny

debian/debconf/conf.d/acl/30_exim4-config_check_rcpt

debian/debconf/conf.d/acl/40_exim4-config_check_data

debian/debconf/conf.d/auth/30_exim4-config_examples

debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs

debian/debconf/conf.d/main/02_exim4-config_options

debian/debconf/conf.d/main/03_exim4-config_tlsoptions

debian/debconf/conf.d/rewrite/31_exim4-config_rewriting

debian/debconf/conf.d/router/100_exim4-config_domain_literal

debian/debconf/conf.d/router/300_exim4-config_real_local

debian/debconf/conf.d/router/400_exim4-config_system_aliases

debian/debconf/conf.d/router/500_exim4-config_hubuser

debian/debconf/conf.d/transport/30_exim4-config_maildir_home

debian/debconf/default_acl

debian/debconf/update-exim4.conf

debian/debconf/update-exim4.conf.template

debian/exim-gencert

debian/exim4-base.config

debian/exim4-base.cron.daily

debian/exim4-base.docs

debian/exim4-base.init

debian/exim4-base.postinst

debian/exim4-base.postrm

debian/exim4-base.templates

debian/exim4-config.NEWS

debian/exim4-config.config

debian/exim4-config.docs

debian/exim4-config.install

debian/exim4-config.postinst

debian/exim4-config.postrm

debian/exim4-config.templates

debian/exim4-config.templates.master

debian/exim4-daemon-custom.links

debian/exim4-daemon-heavy.install

debian/exim4-daemon-heavy.links

debian/exim4-daemon-light.install

debian/exim4-daemon-light.links

debian/exim4-daemon-light.postinst

debian/exim4-daemon-light.prerm

debian/ip-up.d

debian/manpages/exiwhat.8

debian/manpages/update-exim4.conf.8

debian/manpages/update-exim4.conf.template.8

debian/patches/00list

debian/patches/31_eximmanpage.dpatch

debian/patches/36_pcre.dpatch

debian/po/ar.po

debian/po/bg.po

debian/po/bs.po

debian/po/ca.po

debian/po/cs.po

debian/po/cy.po

debian/po/da.po

debian/po/de.po

debian/po/el.po

debian/po/es.po

debian/po/eu.po

debian/po/fi.po

debian/po/fr.po

debian/po/he.po

debian/po/hr.po

debian/po/hu.po

debian/po/id.po

debian/po/it.po

debian/po/ja.po

debian/po/ko.po

debian/po/lt.po

debian/po/mk.po

debian/po/nb.po

debian/po/nl.po

debian/po/nn.po

debian/po/pl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/ro.po

debian/po/ru.po

debian/po/sk.po

debian/po/sl.po

debian/po/sq.po

debian/po/sv.po

debian/po/templates.pot

debian/po/tr.po

debian/po/uk.po

debian/po/zh_CN.po

debian/po/zh_TW.po

debian/rules

debian/script

debian/update-exim4defaults

doc/ChangeLog

doc/Exim3.upgrade

doc/Exim4.upgrade

doc/NewStuff

doc/OptionLists.txt

doc/README

doc/README.SIEVE

doc/dbm.discuss.txt

doc/exim.8

doc/filter.txt

doc/pcrepattern.txt

doc/pcretest.txt

doc/spec.txt

exim_monitor/EDITME

exim_monitor/em_StripChart.c

exim_monitor/em_TextPop.c

exim_monitor/em_globals.c

exim_monitor/em_hdr.h

exim_monitor/em_init.c

exim_monitor/em_log.c

exim_monitor/em_main.c

exim_monitor/em_menu.c

exim_monitor/em_queue.c

exim_monitor/em_strip.c

exim_monitor/em_text.c

exim_monitor/em_version.c

exim_monitor/em_xs.c

scripts/Configure

scripts/Configure-Makefile

scripts/Configure-config.h

scripts/Configure-eximon

scripts/Configure-os.c

scripts/Configure-os.h

scripts/MakeLinks

scripts/arch-type

scripts/exim_install

scripts/newer

scripts/os-type

src/EDITME

src/acl.c

src/aliases.default

src/auths/Makefile

src/auths/README

src/auths/auth-spa.c

src/auths/auth-spa.h

src/auths/b64decode.c

src/auths/b64encode.c

src/auths/call_pam.c

src/auths/call_pwcheck.c

src/auths/call_radius.c

src/auths/cram_md5.c

src/auths/cram_md5.h

src/auths/get_data.c

src/auths/get_no64_data.c

src/auths/md5.c

src/auths/plaintext.c

src/auths/plaintext.h

src/auths/pwcheck.c

src/auths/pwcheck.h

src/auths/sha1.c

src/auths/spa.c

src/auths/spa.h

src/auths/xtextdecode.c

src/auths/xtextencode.c

src/buildconfig.c

src/child.c

src/config.h.defaults

src/configure.default

src/convert4r3.src

src/convert4r4.src

src/crypt16.c

src/daemon.c

src/dbfn.c

src/dbfunctions.h

src/dbstuff.h

src/debug.c

src/deliver.c

src/directory.c

src/dns.c

src/drtables.c

src/dummies.c

src/enq.c

src/exicyclog.src

src/exigrep.src

src/exim.c

src/exim.h

src/exim_checkaccess.src

src/exim_dbmbuild.c

src/exim_dbutil.c

src/exim_lock.c

src/eximon.src

src/eximstats.src

src/exinext.src

src/exipick.src

src/exiqgrep.src

src/exiqsumm.src

src/exiwhat.src

src/expand.c

src/filter.c

src/filtertest.c

src/functions.h

src/globals.c

src/globals.h

src/header.c

src/host.c

src/ip.c

src/local_scan.c

src/local_scan.h

src/log.c

src/lookups/Makefile

src/lookups/README

src/lookups/cdb.c

src/lookups/cdb.h

src/lookups/dbmdb.c

src/lookups/dbmdb.h

src/lookups/dnsdb.c

src/lookups/dnsdb.h

src/lookups/dsearch.c

src/lookups/dsearch.h

src/lookups/ibase.c

src/lookups/ibase.h

src/lookups/ldap.c

src/lookups/ldap.h

src/lookups/lf_check_file.c

src/lookups/lf_functions.h

src/lookups/lsearch.c

src/lookups/lsearch.h

src/lookups/mysql.c

src/lookups/mysql.h

src/lookups/nis.c

src/lookups/nis.h

src/lookups/nisplus.c

src/lookups/nisplus.h

src/lookups/oracle.c

src/lookups/oracle.h

src/lookups/passwd.c

src/lookups/passwd.h

src/lookups/pgsql.c

src/lookups/pgsql.h

src/lookups/testdb.c

src/lookups/testdb.h

src/lookups/whoson.c

src/lookups/whoson.h

src/lss.c

src/macros.h

src/match.c

src/moan.c

src/mytypes.h

src/os.c

src/osfunctions.h

src/parse.c

src/pcre/ChangeLog

src/pcre/LICENCE

src/pcre/Makefile

src/pcre/README

src/pcre/config.h

src/pcre/dftables.c

src/pcre/get.c

src/pcre/internal.h

src/pcre/maketables.c

src/pcre/pcre.c

src/pcre/pcre.h

src/pcre/pcretest.c

src/pcre/printint.c

src/pcre/study.c

src/perl.c

src/queue.c

src/rda.c

src/readconf.c

src/receive.c

src/retry.c

src/rewrite.c

src/rfc2047.c

src/route.c

src/routers/Makefile

src/routers/README

src/routers/accept.c

src/routers/accept.h

src/routers/dnslookup.c

src/routers/dnslookup.h

src/routers/ipliteral.c

src/routers/ipliteral.h

src/routers/iplookup.c

src/routers/iplookup.h

src/routers/manualroute.c

src/routers/manualroute.h

src/routers/queryprogram.c

src/routers/queryprogram.h

src/routers/redirect.c

src/routers/redirect.h

src/routers/rf_change_domain.c

src/routers/rf_expand_data.c

src/routers/rf_functions.h

src/routers/rf_get_errors_address.c

src/routers/rf_get_munge_headers.c

src/routers/rf_get_transport.c

src/routers/rf_get_ugid.c

src/routers/rf_lookup_hostlist.c

src/routers/rf_queue_add.c

src/routers/rf_self_action.c

src/routers/rf_set_ugid.c

src/search.c

src/sieve.c

src/smtp_in.c

src/smtp_out.c

src/spool_in.c

src/spool_out.c

src/store.c

src/store.h

src/string.c

src/structs.h

src/tls-gnu.c

src/tls-openssl.c

src/tls.c

src/tod.c

src/transport-filter.src

src/transport.c

src/transports/Makefile

src/transports/README

src/transports/appendfile.c

src/transports/appendfile.h

src/transports/autoreply.c

src/transports/autoreply.h

src/transports/lmtp.c

src/transports/lmtp.h

src/transports/pipe.c

src/transports/pipe.h

src/transports/smtp.c

src/transports/smtp.h

src/transports/tf_maildir.c

src/transports/tf_maildir.h

src/tree.c

src/verify.c

src/version.c

util/cramtest.pl

util/logargs.sh

util/unknownuser.sh

Show diffs side-by-side

added added

removed removed

src/tls-openssl.c

1

/* $Cambridge: exim/exim-src/src/tls-openssl.c,v 1.5 2005/05/03 14:20:01 ph10 Exp $ */

2

1

3

/*************************************************

2

4

* Exim - an Internet mail transport agent *

3

5

*************************************************/

4

6

5

/* Copyright (c) University of Cambridge 1995 - 2004 */

7

/* Copyright (c) University of Cambridge 1995 - 2005 */

6

8

/* See the file NOTICE for conditions of use and distribution. */

7

9

8

10

/* This module provides the TLS (aka SSL) support for Exim using the OpenSSL

180

182

tls_peerdn = txt;

181

183

}

182

184

183

184

debug_printf("+++verify_callback_called=%d\n", verify_callback_called);

185

186

185

if (!verify_callback_called) tls_certificate_verified = TRUE;

187

186

verify_callback_called = TRUE;

188

187

379

378

{

380

379

DEBUG(D_tls) debug_printf("tls_certificate file %s\n", expanded);

381

380

if (!SSL_CTX_use_certificate_chain_file(ctx, CS expanded))

382

return tls_error(US"SSL_CTX_use_certificate_chain_file", host);

381

return tls_error(string_sprintf(

382

"SSL_CTX_use_certificate_chain_file file=%s", expanded), host);

383

383

}

384

384

385

385

if (privatekey != NULL &&

390

390

{

391

391

DEBUG(D_tls) debug_printf("tls_privatekey file %s\n", expanded);

392

392

if (!SSL_CTX_use_PrivateKey_file(ctx, CS expanded, SSL_FILETYPE_PEM))

393

return tls_error(US"SSL_CTX_use_PrivateKey_file", host);

393

return tls_error(string_sprintf(

394

"SSL_CTX_use_PrivateKey_file file=%s", expanded), host);

394

395

}

395

396

}

396

397

522

523

523

524

#if OPENSSL_VERSION_NUMBER > 0x00907000L

524

525

526

/* This bit of code is now the version supplied by Lars Mainka. (I have

527

* merely reformatted it into the Exim code style.)

528

529

* "From here I changed the code to add support for multiple crl's

530

* in pem format in one file or to support hashed directory entries in

531

* pem format instead of a file. This method now uses the library function

532

* X509_STORE_load_locations to add the CRL location to the SSL context.

533

* OpenSSL will then handle the verify against CA certs and CRLs by

534

* itself in the verify callback." */

535

525

536

if (!expand_check(crl, US"tls_crl", &expcrl)) return DEFER;

526

537

if (expcrl != NULL && *expcrl != 0)

527

538

{

528

BIO *crl_bio;

529

X509_CRL *crl_x509;

530

X509_STORE *cvstore;

531

532

cvstore = SSL_CTX_get_cert_store(ctx); /* cert validation store */

533

534

crl_bio = BIO_new(BIO_s_file_internal());

535

if (crl_bio != NULL)

536

{

537

if (BIO_read_filename(crl_bio, expcrl))

539

struct stat statbufcrl;

540

if (Ustat(expcrl, &statbufcrl) < 0)

541

{

542

log_write(0, LOG_MAIN|LOG_PANIC,

543

"failed to stat %s for certificates revocation lists", expcrl);

544

return DEFER;

545

}

546

else

547

{

548

/* is it a file or directory? */

549

uschar *file, *dir;

550

X509_STORE *cvstore = SSL_CTX_get_cert_store(ctx);

551

if ((statbufcrl.st_mode & S_IFMT) == S_IFDIR)

538

552

{

539

crl_x509 = PEM_read_bio_X509_CRL(crl_bio, NULL, NULL, NULL);

540

BIO_free(crl_bio);

541

X509_STORE_add_crl(cvstore, crl_x509);

542

X509_CRL_free(crl_x509);

543

X509_STORE_set_flags(cvstore,

544

X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);

553

file = NULL;

554

dir = expcrl;

555

DEBUG(D_tls) debug_printf("SSL CRL value is a directory %s\n", dir);

545

556

}

546

557

else

547

558

{

548

BIO_free(crl_bio);

549

return tls_error(US"BIO_read_filename", host);

559

file = expcrl;

560

dir = NULL;

561

DEBUG(D_tls) debug_printf("SSL CRL value is a file %s\n", file);

550

562

}

563

if (X509_STORE_load_locations(cvstore, CS file, CS dir) == 0)

564

return tls_error(US"X509_STORE_load_locations", host);

565

566

/* setting the flags to check against the complete crl chain */

567

568

X509_STORE_set_flags(cvstore,

569

X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);

551

570

}

552

else return tls_error(US"BIO_new", host);

553

571

}

554

572

555

573

#endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */

900

918

int error;

901

919

902

920

DEBUG(D_tls) debug_printf("Calling SSL_read(%lx, %lx, %u)\n", (long)ssl,

903

(long)buff, len);

921

(long)buff, (unsigned int)len);

904

922

905

923

inbytes = SSL_read(ssl, CS buff, len);

906

924

error = SSL_get_error(ssl, inbytes);

Older »