header and the rest of the message, violating the draft
domainkeys spec.
-20070602
+20060702
Cleanup: more graceful handling of queue file read/write
errors while processing milter message modification requests.
Bugfix: the Milter client skipped zero-length body lines.
File: milter/milter8.c.
+ Feature (just this one): RFC 3834 "Auto-Submitted:" message
+ header in DSNs. File: bounce/bounce_notify_util.c.
+
+20060705
+
+ Portability: LP64 systems required a few ssize_t->int casts
+ in debug logging statements. Files: milter/test_milter.c,
+ cleanup/cleanup_milter.c.
+
+ Cleanup: comments, error messages, and crumbling interfaces.
+
Wish list:
+ The usage of TLScontext->cache_type is not clear. It specifies
+ a TLS session cache name, but it is sometimes used as an
+ indicator whether or not TLS session caching is available.
+ In reality, that decision is made by the tlsmgr process,
+ and in response to initialization errors in a TLS server
+ or client process.
+
+ Postfix TLS library code should copy any strings that it
+ receives from the application, instead of passing them
+ around as pointers. TLScontext->cache_type is a case in
+ point.
+
In the SMTPD policy client (encode or strip) non-printable
non-ASCII in (TLS or all) attributes.
Introduce structured API for tls_server_mumble() just like
with smtp(8): this eliminates ever-growing lists of arguments.
- With (non)delivery notifications, prepend an "Auto-Submitted:
- auto-replied" header, as per RFC 3834.
-
Defer delivery when a SASL password exists but the server
does not offer SASL authentication, as mail might otherwise
be bounced. This may become an issue now that Postfix will
Sendmail. Likewise, addresses in add/delete requests should
be internalized before updating the queue file.
- Check that UINT32 == in choice is ok (i.e. LP64 UNIX).
+ Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
+ UNIX).
Fix milter_argv() so it does not forget how much memory it
has.
while it is configured in an SMTP server that runs before
the smtpd_proxy filter.
- Don't send xforward attributes to every site that announces
- xforward support.
-
The sendmail command should not return non-std exit status
after fatal error in some internal library routine.
Keep whitespace between label and ":"?
- Make XCLIENT/XFORWARD future proof: send xtext and accept
- old non-xtext.
-
Make the map case folding/locking options configurable, if
not at run-time then at least at compile time so we get
consistent behavior across applications.
- Investigate if it is feasible to eliminate cleanup(8) from
- the path of mail that is forwarded or generated internally.
- Good: we don't want header rewriting or content inspection.
- Bad: we still need virtual aliasing, even when mail is
- forwarded internally. This almost seems to imply that we
- do virtual aliasing earlier?
-
Investigate what it would take to eliminate oqmgr, and to
make the old behavior configurable in a unified queue
manager. This would shave another 2.7 KLOC from the source
Softbounce fallback-to-ISP for SOHO users. This requires
playing with with the soft_error test in the smtp_trouble.c
- module, and a way to avoid trying direct-to-MX-backup.
+ module, and a way to avoid trying direct-to-backup-MX.
select -> kqueue, epoll, /dev/poll, poll() ...
access rule.
Centralize main.cf parameter input so that defaults work
- consistently.
+ consistently. What about parameter names that are prefixed
+ with mail delivery transport names?
Fix default time unit handling so that we can have a default
bounce lifetime of $maximal_queue_lifetime, without causing
Remove defer(8) and trace(8) references and man pages. These
are services not program names.
- dsb_formal -> dsb_form_all, dsb_status -> dsb_form_status
-
Is it safe to cache a connection after it has been used for
more than some number of address verification probes?
Low: replace_sender/replace_recipient actions in access
maps?
- Feature: need "soft-bounce before fall-back relay" for SOHO
- type operations, so they can send direct mail without having
- to route everything through a provider.
-
- Med: disable header address rewriting after XCLIENT?
- Introduce a better concept of original submission?
-
Low: configurable order of local(8) delivery methods.
Med: local and remote source port and IP address for smtpd
Low: configurable internal/system locking method.
- Low: make sure CCARGS -I options come at the end.
-
Low: add INSTALL section for pre-existing Postfix systems.
Low: add INSTALL section for pre-existing RPM Postfixes.
Med: postsuper -r should do something with recipients in
bounce logfiles, to make sure the sender will be notified.
To be perfectly safe, no process other than the queue manager
- should move a queue file from the active queue.
+ should move a queue file away from the active queue.
This could involve tagging a queue file, and use up another
permission bit.
L\bLi\bim\bmi\bit\bta\bat\bti\bio\bon\bns\bs
This section lists limitations of the Postfix Milter implementation. Some
-limitations will be removed disappear as support is extended over time. Of
+limitations will be removed as the implementation is extended over time. Of
course the usual limitations of before-queue filtering will always apply. See
the CONTENT_INSPECTION_README document for a discussion.
The new policy table is specified via the smtp_tls_policy_maps parameter. This
lists optional lookup tables with the Postfix SMTP client TLS security policy
-by next-hop destination. It supersedes the obsolete smtp_tls_per_site
-parameter. When $smtp_tls_policy_maps is not empty, the smtp_tls_per_site
-parameter is ignored (a warning is written to the logs if it is also non-
-empty).
+by next-hop destination. When $smtp_tls_policy_maps is not empty, the obsolete
+smtp_tls_per_site parameter is ignored (a warning is written to the logs if
+both parameter values are non-empty).
The TLS policy table is indexed by the full next-hop destination, which is
either the recipient domain, or the verbatim next-hop specified in the
<h2><a name="limitations">Limitations</a></h2>
<p> This section lists limitations of the Postfix Milter implementation.
-Some limitations will be removed disappear as support is extended
+Some limitations will be removed as the implementation is extended
over time. Of course the usual limitations of before-queue filtering
will always apply. See the <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a> document for
a discussion. </p>
<p> The new policy table is specified via the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
parameter. This lists optional lookup tables with the Postfix SMTP client
-TLS security policy by next-hop destination. It supersedes the obsolete
-<a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. When $<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> is not empty,
-the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter is ignored (a warning is written to the
-logs if it is also non-empty). </p>
+TLS security policy by next-hop destination. When $<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
+is not empty, the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter is ignored
+(a warning is written to the logs if both parameter values are
+non-empty). </p>
<p> The TLS policy table is indexed by the full next-hop destination,
which is either the recipient domain, or the verbatim next-hop
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
<a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a> (ARPA Internet Text Messages)
<a href="http://www.faqs.org/rfcs/rfc3462.html">RFC 3462</a> (Delivery Status Notifications)
<a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery Status Notifications)
- <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
+ <a href="http://www.faqs.org/rfcs/rfc3834.html">RFC 3834</a> (Auto-Submitted: message header)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
.na
.nf
RFC 822 (ARPA Internet Text Messages)
+RFC 2045 (Format of Internet Message Bodies)
RFC 2822 (ARPA Internet Text Messages)
RFC 3462 (Delivery Status Notifications)
RFC 3464 (Delivery Status Notifications)
-RFC 2045 (Format of Internet Message Bodies)
+RFC 3834 (Auto-Submitted: message header)
.SH DIAGNOSTICS
.ad
.fi
<h2><a name="limitations">Limitations</a></h2>
<p> This section lists limitations of the Postfix Milter implementation.
-Some limitations will be removed disappear as support is extended
+Some limitations will be removed as the implementation is extended
over time. Of course the usual limitations of before-queue filtering
will always apply. See the CONTENT_INSPECTION_README document for
a discussion. </p>
<p> The new policy table is specified via the smtp_tls_policy_maps
parameter. This lists optional lookup tables with the Postfix SMTP client
-TLS security policy by next-hop destination. It supersedes the obsolete
-smtp_tls_per_site parameter. When $smtp_tls_policy_maps is not empty,
-the smtp_tls_per_site parameter is ignored (a warning is written to the
-logs if it is also non-empty). </p>
+TLS security policy by next-hop destination. When $smtp_tls_policy_maps
+is not empty, the obsolete smtp_tls_per_site parameter is ignored
+(a warning is written to the logs if both parameter values are
+non-empty). </p>
<p> The TLS policy table is indexed by the full next-hop destination,
which is either the recipient domain, or the verbatim next-hop
/* themselves, and that depend on retry logic in their own client.
/* STANDARDS
/* RFC 822 (ARPA Internet Text Messages)
+/* RFC 2045 (Format of Internet Message Bodies)
/* RFC 2822 (ARPA Internet Text Messages)
/* RFC 3462 (Delivery Status Notifications)
/* RFC 3464 (Delivery Status Notifications)
-/* RFC 2045 (Format of Internet Message Bodies)
+/* RFC 3834 (Auto-Submitted: message header)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
/* CONFIGURATION PARAMETERS
STR(quote_822_local(bounce_info->buf, dest)),
postmaster_copy);
+ /*
+ * Auto-Submitted header, as per RFC 3834.
+ */
+ post_mail_fprintf(bounce, "Auto-Submitted: %s", postmaster_copy ?
+ "auto-generated" : "auto-replied");
+
/*
* MIME header. Use 8bit encoding when either the bounced message or the
* template requires it.
} \
if (msg_verbose > 1) \
msg_info("%s: read: %ld: %.*s", myname, (long) curr_offset, \
- LEN(buf) > 30 ? 30 : LEN(buf), STR(buf)); \
+ LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf)); \
if (rec_type == REC_TYPE_DTXT) \
continue; \
if (rec_type != REC_TYPE_NORM && rec_type != REC_TYPE_CONT \
cleanup_out_header(state, buf);
if (msg_verbose > 1)
msg_info("%s: %ld: write %.*s", myname, (long) new_hdr_offset,
- LEN(buf) > 30 ? 30 : LEN(buf), STR(buf));
+ LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf));
/*
* Optionally, save the existing text record or pointer record that will
CLEANUP_OUT_BUF(state, rec_type, old_rec_buf);
if (msg_verbose > 1)
msg_info("%s: write %.*s", myname, LEN(old_rec_buf) > 30 ?
- 30 : LEN(old_rec_buf), STR(old_rec_buf));
+ 30 : (int) LEN(old_rec_buf), STR(old_rec_buf));
}
/*
}
if (msg_verbose > 1)
msg_info("%s: %ld: read %.*s", myname, (long) read_offset,
- LEN(buf) > 30 ? 30 : LEN(buf), STR(buf));
+ LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf));
if (rec_type != REC_TYPE_NORM && rec_type != REC_TYPE_CONT
&& rec_type != REC_TYPE_PTR && rec_type != REC_TYPE_DTXT)
msg_panic("%s: non-text/ptr record type %d in header, file %s",
CLEANUP_OUT_BUF(state, rec_type, buf);
if (msg_verbose > 1)
msg_info("%s: %ld: write %.*s", myname, (long) write_offset,
- LEN(buf) > 30 ? 30 : LEN(buf), STR(buf));
+ LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf));
/* Update cached location of "append header" pointer record. */
if (saved_read_offset == state->append_hdr_pt_offset)
state->append_hdr_pt_offset = write_offset;
return ((state == IN_CHAR || state == IN_CHAR_SPACE) ? len : 0);
}
}
+ /* Redundant return for future proofing. */
return (0);
}
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20060704"
-#define MAIL_VERSION_NUMBER "2.3-RC5"
+#define MAIL_RELEASE_DATE "20060705"
+#define MAIL_VERSION_NUMBER "2.3-RC6"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER
VSTRING *buf;
const char *str;
const char **cpp;
- unsigned char ch;
+ char ch;
/*
* Deliver the packet.
* Get here when the reply was followed by data bytes that weren't
* supposed to be there.
*/
- msg_warn("milter %s: reply %s was followed by %d data bytes",
+ msg_warn("milter %s: reply %s was followed by %ld data bytes",
milter->m.name, (smfir_name = str_name_code(smfir_table, cmd)) != 0 ?
- smfir_name : "unknown", data_len);
+ smfir_name : "unknown", (long) data_len);
milter8_comm_error(milter);
return (milter->def_reply);
}
if (verbose == 0)
printf("test_body %ld bytes\n", (long) data_len);
else
- printf("%.*s", data_len, data);
+ printf("%.*s", (int) data_len, data);
return (test_reply(ctx, test_body_reply));
}
levels.o: ../../include/match_ops.h
levels.o: ../../include/msg.h
levels.o: ../../include/msg_stats.h
+levels.o: ../../include/name_code.h
levels.o: ../../include/name_mask.h
levels.o: ../../include/recipient_list.h
levels.o: ../../include/resolve_clnt.h
smtp_addr.o: ../../include/msg_stats.h
smtp_addr.o: ../../include/myaddrinfo.h
smtp_addr.o: ../../include/mymalloc.h
+smtp_addr.o: ../../include/name_code.h
smtp_addr.o: ../../include/name_mask.h
smtp_addr.o: ../../include/own_inet_addr.h
smtp_addr.o: ../../include/recipient_list.h
smtp_chat.o: ../../include/msg.h
smtp_chat.o: ../../include/msg_stats.h
smtp_chat.o: ../../include/mymalloc.h
+smtp_chat.o: ../../include/name_code.h
smtp_chat.o: ../../include/name_mask.h
smtp_chat.o: ../../include/post_mail.h
smtp_chat.o: ../../include/recipient_list.h
smtp_connect.o: ../../include/msg_stats.h
smtp_connect.o: ../../include/myaddrinfo.h
smtp_connect.o: ../../include/mymalloc.h
+smtp_connect.o: ../../include/name_code.h
smtp_connect.o: ../../include/name_mask.h
smtp_connect.o: ../../include/own_inet_addr.h
smtp_connect.o: ../../include/recipient_list.h
smtp_map11.o: ../../include/match_ops.h
smtp_map11.o: ../../include/msg.h
smtp_map11.o: ../../include/msg_stats.h
+smtp_map11.o: ../../include/name_code.h
smtp_map11.o: ../../include/name_mask.h
smtp_map11.o: ../../include/quote_822_local.h
smtp_map11.o: ../../include/quote_flags.h
smtp_rcpt.o: ../../include/msg.h
smtp_rcpt.o: ../../include/msg_stats.h
smtp_rcpt.o: ../../include/mymalloc.h
+smtp_rcpt.o: ../../include/name_code.h
smtp_rcpt.o: ../../include/name_mask.h
smtp_rcpt.o: ../../include/recipient_list.h
smtp_rcpt.o: ../../include/resolve_clnt.h
smtp_reuse.o: ../../include/msg.h
smtp_reuse.o: ../../include/msg_stats.h
smtp_reuse.o: ../../include/mymalloc.h
+smtp_reuse.o: ../../include/name_code.h
smtp_reuse.o: ../../include/name_mask.h
smtp_reuse.o: ../../include/recipient_list.h
smtp_reuse.o: ../../include/resolve_clnt.h
smtp_sasl_glue.o: ../../include/msg.h
smtp_sasl_glue.o: ../../include/msg_stats.h
smtp_sasl_glue.o: ../../include/mymalloc.h
+smtp_sasl_glue.o: ../../include/name_code.h
smtp_sasl_glue.o: ../../include/name_mask.h
smtp_sasl_glue.o: ../../include/recipient_list.h
smtp_sasl_glue.o: ../../include/resolve_clnt.h
smtp_sasl_proto.o: ../../include/msg.h
smtp_sasl_proto.o: ../../include/msg_stats.h
smtp_sasl_proto.o: ../../include/mymalloc.h
+smtp_sasl_proto.o: ../../include/name_code.h
smtp_sasl_proto.o: ../../include/name_mask.h
smtp_sasl_proto.o: ../../include/recipient_list.h
smtp_sasl_proto.o: ../../include/resolve_clnt.h
smtp_state.o: ../../include/msg.h
smtp_state.o: ../../include/msg_stats.h
smtp_state.o: ../../include/mymalloc.h
+smtp_state.o: ../../include/name_code.h
smtp_state.o: ../../include/name_mask.h
smtp_state.o: ../../include/recipient_list.h
smtp_state.o: ../../include/resolve_clnt.h
smtp_trouble.o: ../../include/match_ops.h
smtp_trouble.o: ../../include/msg.h
smtp_trouble.o: ../../include/msg_stats.h
+smtp_trouble.o: ../../include/name_code.h
smtp_trouble.o: ../../include/name_mask.h
smtp_trouble.o: ../../include/recipient_list.h
smtp_trouble.o: ../../include/resolve_clnt.h
smtp_unalias.o: ../../include/msg.h
smtp_unalias.o: ../../include/msg_stats.h
smtp_unalias.o: ../../include/myaddrinfo.h
+smtp_unalias.o: ../../include/name_code.h
smtp_unalias.o: ../../include/name_mask.h
smtp_unalias.o: ../../include/recipient_list.h
smtp_unalias.o: ../../include/resolve_clnt.h
#define CACHE_THIS_SESSION_UNTIL(when) \
(session->expire_time = (when))
+ /*
+ * Encapsulate the following so that we don't expose details of of
+ * connection management and error handling to the SMTP protocol engine.
+ */
+#define RETRY_AS_PLAINTEXT do { \
+ session->tls_retry_plain = 1; \
+ state->misc_flags &= ~SMTP_MISC_FLAG_FINAL_SERVER; \
+ } while (0)
+
/*
* smtp_chat.c
*/
/*
* When an opportunistic TLS handshake fails, try the
- * same address again, with TLS disabled.
+ * same address again, with TLS disabled. See also the
+ * RETRY_AS_PLAINTEXT macro.
*/
if ((retry_plain = session->tls_retry_plain) != 0) {
--addr_count;
*
* - Expiration code would need to selectively delete sessions from a list -
* Re-use code would need to decode many sessions and choose the best -
- * Store code would needs to choose between replace and append.
+ * Store code would need to choose between replace and append.
*
* Note: checking the compatibility of re-activated sessions against the
* cipher requirements of the session under construction requires us to
* store the cipher name in the session cache with the passivated session
- * object, the name is not available when the session is revived until
- * the handshake is complete, which is too late.
+ * object. But the name is not available when the session is revived
+ * until the handshake is complete, which is too late.
*
- * XXX: When cached ciphers are reloaded, their cipher is not available via
+ * XXX: When a cached session is reloaded, its cipher is not available via
* documented APIs until the handshake completes. We need to filter out
* sessions that use the wrong ciphers, but may not peek at the
* undocumented session->cipher_id and cipher->id structure members.
*
* Since cipherlists are typically shared by many domains, we include the
* cipherlist in the session cache lookup key. This avoids false
- * positives results from the session cache.
+ * positives from the TLS session cache.
*
* To support mutually incompatible protocol/cipher combinations, our
* session key must include both the protocol and the cipherlist.
* Specifically, this session is not final, don't defer any
* recipients yet.
*/
- if (session->tls_level == TLS_LEV_MAY) {
- session->tls_retry_plain = 1;
- state->misc_flags &= ~SMTP_MISC_FLAG_FINAL_SERVER;
- }
+ if (session->tls_level == TLS_LEV_MAY)
+ RETRY_AS_PLAINTEXT;
return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
SMTP_RESP_FAKE(&fake, "4.7.5"),
"Cannot start TLS: handshake failure"));
smtpd_chat.o: ../../include/msg.h
smtpd_chat.o: ../../include/myaddrinfo.h
smtpd_chat.o: ../../include/mymalloc.h
+smtpd_chat.o: ../../include/name_code.h
smtpd_chat.o: ../../include/name_mask.h
smtpd_chat.o: ../../include/post_mail.h
smtpd_chat.o: ../../include/rec_type.h
smtpd_check.o: ../../include/myaddrinfo.h
smtpd_check.o: ../../include/mymalloc.h
smtpd_check.o: ../../include/namadr_list.h
+smtpd_check.o: ../../include/name_code.h
smtpd_check.o: ../../include/name_mask.h
smtpd_check.o: ../../include/own_inet_addr.h
smtpd_check.o: ../../include/rec_type.h
smtpd_milter.o: ../../include/mail_stream.h
smtpd_milter.o: ../../include/milter.h
smtpd_milter.o: ../../include/myaddrinfo.h
+smtpd_milter.o: ../../include/name_code.h
smtpd_milter.o: ../../include/name_mask.h
smtpd_milter.o: ../../include/sys_defs.h
smtpd_milter.o: ../../include/tls.h
smtpd_peer.o: ../../include/msg.h
smtpd_peer.o: ../../include/myaddrinfo.h
smtpd_peer.o: ../../include/mymalloc.h
+smtpd_peer.o: ../../include/name_code.h
smtpd_peer.o: ../../include/name_mask.h
smtpd_peer.o: ../../include/sock_addr.h
smtpd_peer.o: ../../include/stringops.h
smtpd_sasl_glue.o: ../../include/msg.h
smtpd_sasl_glue.o: ../../include/myaddrinfo.h
smtpd_sasl_glue.o: ../../include/mymalloc.h
+smtpd_sasl_glue.o: ../../include/name_code.h
smtpd_sasl_glue.o: ../../include/name_mask.h
smtpd_sasl_glue.o: ../../include/stringops.h
smtpd_sasl_glue.o: ../../include/sys_defs.h
smtpd_sasl_proto.o: ../../include/msg.h
smtpd_sasl_proto.o: ../../include/myaddrinfo.h
smtpd_sasl_proto.o: ../../include/mymalloc.h
+smtpd_sasl_proto.o: ../../include/name_code.h
smtpd_sasl_proto.o: ../../include/name_mask.h
smtpd_sasl_proto.o: ../../include/stringops.h
smtpd_sasl_proto.o: ../../include/sys_defs.h
smtpd_state.o: ../../include/msg.h
smtpd_state.o: ../../include/myaddrinfo.h
smtpd_state.o: ../../include/mymalloc.h
+smtpd_state.o: ../../include/name_code.h
smtpd_state.o: ../../include/name_mask.h
smtpd_state.o: ../../include/sys_defs.h
smtpd_state.o: ../../include/tls.h
smtpd_xforward.o: ../../include/msg.h
smtpd_xforward.o: ../../include/myaddrinfo.h
smtpd_xforward.o: ../../include/mymalloc.h
+smtpd_xforward.o: ../../include/name_code.h
smtpd_xforward.o: ../../include/name_mask.h
smtpd_xforward.o: ../../include/sys_defs.h
smtpd_xforward.o: ../../include/tls.h
# do not edit below this line - it is generated by 'make depend'
tls_bio_ops.o: ../../include/iostuff.h
tls_bio_ops.o: ../../include/msg.h
+tls_bio_ops.o: ../../include/name_code.h
tls_bio_ops.o: ../../include/name_mask.h
tls_bio_ops.o: ../../include/sys_defs.h
tls_bio_ops.o: ../../include/vbuf.h
tls_bio_ops.o: tls.h
tls_bio_ops.o: tls_bio_ops.c
tls_certkey.o: ../../include/msg.h
+tls_certkey.o: ../../include/name_code.h
tls_certkey.o: ../../include/name_mask.h
tls_certkey.o: ../../include/sys_defs.h
tls_certkey.o: ../../include/vbuf.h
tls_client.o: ../../include/mail_params.h
tls_client.o: ../../include/msg.h
tls_client.o: ../../include/mymalloc.h
+tls_client.o: ../../include/name_code.h
tls_client.o: ../../include/name_mask.h
tls_client.o: ../../include/stringops.h
tls_client.o: ../../include/sys_defs.h
tls_client.o: tls_client.c
tls_client.o: tls_mgr.h
tls_dh.o: ../../include/msg.h
+tls_dh.o: ../../include/name_code.h
tls_dh.o: ../../include/name_mask.h
tls_dh.o: ../../include/sys_defs.h
tls_dh.o: ../../include/vbuf.h
tls_mgr.o: tls_mgr.h
tls_misc.o: ../../include/msg.h
tls_misc.o: ../../include/mymalloc.h
+tls_misc.o: ../../include/name_code.h
tls_misc.o: ../../include/name_mask.h
tls_misc.o: ../../include/stringops.h
tls_misc.o: ../../include/sys_defs.h
tls_prng_file.o: ../../include/sys_defs.h
tls_prng_file.o: tls_prng.h
tls_prng_file.o: tls_prng_file.c
+tls_rsa.o: ../../include/name_code.h
tls_rsa.o: ../../include/name_mask.h
tls_rsa.o: ../../include/sys_defs.h
tls_rsa.o: ../../include/vbuf.h
tls_scache.o: tls_scache.c
tls_scache.o: tls_scache.h
tls_seed.o: ../../include/msg.h
+tls_seed.o: ../../include/name_code.h
tls_seed.o: ../../include/name_mask.h
tls_seed.o: ../../include/sys_defs.h
tls_seed.o: ../../include/vbuf.h
tls_server.o: ../../include/mail_params.h
tls_server.o: ../../include/msg.h
tls_server.o: ../../include/mymalloc.h
+tls_server.o: ../../include/name_code.h
tls_server.o: ../../include/name_mask.h
tls_server.o: ../../include/stringops.h
tls_server.o: ../../include/sys_defs.h
tls_server.o: tls_server.c
tls_session.o: ../../include/msg.h
tls_session.o: ../../include/mymalloc.h
+tls_session.o: ../../include/name_code.h
tls_session.o: ../../include/name_mask.h
tls_session.o: ../../include/sys_defs.h
tls_session.o: ../../include/vbuf.h
tls_session.o: tls_session.c
tls_stream.o: ../../include/iostuff.h
tls_stream.o: ../../include/msg.h
+tls_stream.o: ../../include/name_code.h
tls_stream.o: ../../include/name_mask.h
tls_stream.o: ../../include/sys_defs.h
tls_stream.o: ../../include/vbuf.h
tls_stream.o: tls_stream.c
tls_verify.o: ../../include/msg.h
tls_verify.o: ../../include/mymalloc.h
+tls_verify.o: ../../include/name_code.h
tls_verify.o: ../../include/name_mask.h
tls_verify.o: ../../include/sys_defs.h
tls_verify.o: ../../include/vbuf.h
name_code(tls_cipher_level_table, NAME_CODE_FLAG_NONE, (str))
#define TLS_END_EXCLUDE ((char *)0)
-extern char *tls_cipher_list(int,...);
+extern const char *tls_cipher_list(int,...);
/*
* tls_client.c
/* SYNOPSIS
/* #include <tls.h>
/*
-/* SSL_CTX *tls_client_init(props)
-/* const tls_client_init_props *props;
+/* SSL_CTX *tls_client_init(init_props)
+/* const tls_client_init_props *init_props;
/*
-/* TLScontext_t *tls_client_start(props)
-/* const tls_client_start_props *props;
+/* TLScontext_t *tls_client_start(start_props)
+/* const tls_client_start_props *start_props;
/*
/* void tls_client_stop(client_ctx, stream, failure, TLScontext)
/* SSL_CTX *client_ctx;
static SSL_SESSION *load_clnt_session(TLScontext_t *TLScontext)
{
+ const char *myname = "load_clnt_session";
SSL_SESSION *session = 0;
VSTRING *session_data = vstring_alloc(2048);
* server SSL context.
*/
if (TLScontext->cache_type == 0)
- msg_panic("null client session cache type in session lookup");
+ msg_panic("%s: null client session cache type in session lookup",
+ myname);
/*
* Look up and activate the SSL_SESSION object. Errors are non-fatal,
static int new_client_session_cb(SSL *ssl, SSL_SESSION *session)
{
+ const char *myname = "new_client_session_cb";
TLScontext_t *TLScontext;
VSTRING *session_data;
* null at this point.
*/
if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0)
- msg_panic("null TLScontext in new session callback");
+ msg_panic("%s: null TLScontext in new session callback", myname);
/*
* We only get here if the cache_type is not empty. This callback is not
* server SSL context.
*/
if (TLScontext->cache_type == 0)
- msg_panic("null session cache type in new session callback");
+ msg_panic("%s: null session cache type in new session callback",
+ myname);
if (TLScontext->log_level >= 2)
msg_info("save session %s to %s cache",
int idlen;
int patlen;
+ /*
+ * Match the peerid against each pattern until we find a match.
+ */
for (i = 0; i < cmatch_argv->argc; ++i) {
sub = 0;
if (!strcasecmp(cmatch_argv->argv[i], "nexthop"))
}
/*
- * Sub-domain match, peerid is any sub-domain of pattern.
+ * Sub-domain match: peerid is any sub-domain of pattern.
*/
- if (sub)
+ if (sub) {
if ((idlen = strlen(peerid)) > (patlen = strlen(pattern)) + 1
&& peerid[idlen - patlen - 1] == '.'
&& !strcasecmp(peerid + (idlen - patlen), pattern))
return (1);
else
continue;
+ }
/*
- * NOT sub-domain match, but "*.domain.tld" in peerid matches any
- * host.domain.tld in the pattern.
+ * Exact match and initial "*" match. The initial "*" in a peerid
+ * matches exactly one hostname component, under the condition that
+ * the peerid contains multiple hostname components.
*/
if (!strcasecmp(peerid, pattern)
|| (peerid[0] == '*' && peerid[1] == '.' && peerid[2] != 0
/* verify_extract_peer - verify peer name and extract peer information */
static void verify_extract_peer(const char *nexthop, const char *hname,
- char *certmatch, X509 *peercert,
+ const char *certmatch, X509 *peercert,
TLScontext_t *TLScontext)
{
int i;
*/
if (!BIO_new_bio_pair(&TLScontext->internal_bio, TLS_BIO_BUFSIZE,
&TLScontext->network_bio, TLS_BIO_BUFSIZE)) {
- msg_info("Could not obtain BIO_pair");
+ msg_warn("Could not obtain BIO_pair");
tls_print_errors();
tls_free_context(TLScontext);
return (0);
while (vstring_fgets_nonl(inbuf, VSTREAM_IN)) {
argv = argv_split(STR(inbuf), " \t\r\n");
- if (argv->argc == 0)
+ if (argv->argc == 0) {
+ argv_free(argv);
continue;
+ }
#define COMMAND(argv, str, len) \
(strcasecmp(argv->argv[0], str) == 0 && argv->argc == len)
if (COMMAND(argv, "policy", 2)) {
int cachable;
- status = tls_mgr_policy(argv[2], &cachable);
+ status = tls_mgr_policy(argv->argv[1], &cachable);
vstream_printf("status=%d cachable=%d\n", status, cachable);
} else if (COMMAND(argv, "seed", 2)) {
VSTRING *buf = vstring_alloc(10);
} else if (COMMAND(argv, "lookup", 3)) {
VSTRING *buf = vstring_alloc(10);
- status = tls_mgr_lookup(argv[1], argv->argv[2], buf);
+ status = tls_mgr_lookup(argv->argv[1], argv->argv[2], buf);
vstream_printf("status=%d session=%.*s\n",
status, LEN(buf), STR(buf));
+ vstring_free(buf);
} else if (COMMAND(argv, "update", 4)) {
- status = tls_mgr_update(argv[1], argv->argv[2],
+ status = tls_mgr_update(argv->argv[1], argv->argv[2],
argv->argv[3], strlen(argv->argv[3]));
vstream_printf("status=%d\n", status);
} else if (COMMAND(argv, "delete", 3)) {
- status = tls_mgr_delete(argv[1], argv->argv[2]);
+ status = tls_mgr_delete(argv->argv[1], argv->argv[2]);
vstream_printf("status=%d\n", status);
} else {
vstream_printf("usage:\n"
"delete smtpd|smtp|lmtp cache_id\n");
}
vstream_fflush(VSTREAM_OUT);
- }
- if (argv)
argv_free(argv);
+ }
vstring_free(inbuf);
return (0);
/*
/* long tls_bug_bits()
/*
+/* const char *tls_cipher_list(grade, ...)
+/* int grade;
+/*
/* void tls_print_errors()
/*
/* void tls_info_callback(ssl, where, ret)
/* for the run-time library. Some of the bug work-arounds are
/* not appropriate for some library versions.
/*
+/* tls_cipher_list() generates a cipher list from the specified
+/* grade, minus any ciphers specified via a null-terminated
+/* list of string-valued exclusions. The result is overwritten
+/* upon each call.
+/*
/* tls_print_errors() queries the OpenSSL error stack,
/* logs the error messages, and clears the error stack.
/*
/* tls_cipher_list - Cipherlist for given grade, less exclusions */
-char *tls_cipher_list(int level,...)
+const char *tls_cipher_list(int grade,...)
{
const char *myname = "tls_cipher_list";
static VSTRING *buf;
buf = buf ? buf : vstring_alloc(10);
VSTRING_RESET(buf);
- switch (level) {
+ switch (grade) {
case TLS_CIPHER_HIGH:
vstring_strcpy(buf, var_tls_high_clist);
break;
case TLS_CIPHER_NONE:
return 0;
default:
- msg_panic("%s: invalid cipher level: %d", myname, level);
+ msg_panic("%s: invalid cipher grade: %d", myname, grade);
}
if (VSTRING_LEN(buf) == 0)
msg_panic("%s: empty cipherlist", myname);
- va_start(ap, level);
+ va_start(ap, grade);
while ((exclude = va_arg(ap, char *)) != 0) {
if (*exclude == '\0')
continue;
int session_id_length,
int *unused_copy)
{
+ const char *myname = "get_server_session_cb";
TLScontext_t *TLScontext;
VSTRING *cache_id;
VSTRING *session_data = vstring_alloc(2048);
SSL_SESSION *session = 0;
if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0)
- msg_panic("null TLScontext in session lookup callback");
+ msg_panic("%s: null TLScontext in session lookup callback", myname);
#define HEX_CACHE_ID(id, len) \
hex_encode(vstring_alloc(2 * (len) + 1), (char *) (id), (len))
static int new_server_session_cb(SSL *ssl, SSL_SESSION *session)
{
+ const char *myname = "new_server_session_cb";
VSTRING *cache_id;
TLScontext_t *TLScontext;
VSTRING *session_data;
if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0)
- msg_panic("null TLScontext in new session callback");
+ msg_panic("%s: null TLScontext in new session callback", myname);
cache_id = HEX_CACHE_ID(session->session_id, session->session_id_length);
SSL_CTX_sess_set_new_cb(server_ctx, new_server_session_cb);
/*
- * OpenSSL ignores timed-out sessions, we need to set the internal
- * cache timeut at least as high as the external cache timeout. This
+ * OpenSSL ignores timed-out sessions. We need to set the internal
+ * cache timeout at least as high as the external cache timeout. This
* applies even if no internal cache is used.
*/
SSL_CTX_set_timeout(server_ctx, props->scache_timeout);
} else {
/*
- * If we have no external cache, disable all caching, no use wasting
- * client memory resources with sessions they are unlikely to be able
+ * If we have no external cache, disable all caching. No use wasting
+ * server memory resources with sessions they are unlikely to be able
* to reuse.
*/
SSL_CTX_set_session_cache_mode(server_ctx, SSL_SESS_CACHE_OFF);
TLScontext->cache_type = SSL_CTX_get_ex_data(server_ctx, TLSscache_index);
if ((TLScontext->con = (SSL *) SSL_new(server_ctx)) == NULL) {
- msg_info("Could not allocate 'TLScontext->con' with SSL_new()");
+ msg_warn("Could not allocate 'TLScontext->con' with SSL_new()");
tls_print_errors();
tls_free_context(TLScontext);
return (0);
}
if (!SSL_set_ex_data(TLScontext->con, TLScontext_index, TLScontext)) {
- msg_info("Could not set application data for 'TLScontext->con'");
+ msg_warn("Could not set application data for 'TLScontext->con'");
tls_print_errors();
tls_free_context(TLScontext);
return (0);
*/
if (!BIO_new_bio_pair(&TLScontext->internal_bio, TLS_BIO_BUFSIZE,
&TLScontext->network_bio, TLS_BIO_BUFSIZE)) {
- msg_info("Could not obtain BIO_pair");
+ msg_warn("Could not obtain BIO_pair");
tls_print_errors();
tls_free_context(TLScontext);
return (0);
tlsmgr.o: ../../include/master_proto.h
tlsmgr.o: ../../include/msg.h
tlsmgr.o: ../../include/mymalloc.h
+tlsmgr.o: ../../include/name_code.h
tlsmgr.o: ../../include/name_mask.h
tlsmgr.o: ../../include/stringops.h
tlsmgr.o: ../../include/sys_defs.h
/*
* If nothing else works then at least this will get us a few bits of
* entropy.
+ *
+ * XXX This is our first call into the OpenSSL library. We should find out
+ * if this can be moved to the post-jail initialization phase, without
+ * breaking compatibility with existing installations.
*/
GETTIMEOFDAY(&tv);
tv.tv_sec ^= getpid();
RAND_seed(&tv, sizeof(struct timeval));
-
/*
* Open the external entropy source. We will not be able to open it again
* after we are sent to chroot jail, so we keep it open. Errors are not
projects / thirdparty / postfix.git / commitdiff
