TLS exchange start to be working (???)

diff --git a/Makefile b/Makefile
index 68b1203ddb05a41fa9329cb5ebc2dbd5946cd011..ef637f542d71c9e1b9903f8491b53b8be1e23e9f 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -29,6 +29,7 @@ LOCKDIR       =       $(TESTDIR)/var/run/$(APPNAME)
 
 #managing debugging test
 TESTDIR        =       $(CURDIR)/test_area
+TESTSRV        =       mailleur.example.com
 TESTIP =       127.127.10.25
 TESTPORT=      1025
 EXTIP  =       safemail3.safe.ca
@@ -71,8 +72,12 @@ dbgfeed      :       debug
                                $(TESTPORT)             \
                                $(DATATST)/feed00.tst
 #testing TLS connection
-testtls        :       
-               openssl s_client                        \
+tlsrcvr        :       
+               @ clear
+               @ openssl s_client                      \
+                       -status                         \
+                       -msg                            \
+                       -debug                          \
                        -CAfile certs/safe_CA.pem       \
                        -cert certs/localhost_cert.pem  \
                        -key certs/localhost_key.pem    \
@@ -80,6 +85,34 @@ testtls      :
                        -starttls                       \
                        smtp
 
+xxx    :
+               @ clear
+               @ openssl s_client                      \
+                       -state                          \
+                       -key certs/localhost_key.pem    \
+                       -cert certs/localhost_cert.pem  \
+                       -CAfile certs/safe_CA.pem       \
+                       -starttls smtp                  \
+                       -connect $(TESTSRV):$(TESTPORT) 
+
+#                      -showcerts                      
+#                      -connect mailprod1.safe.ca:25
+#                      -connect $(TESTSRV):$(TESTPORT) 
+#                      -connect smtp.google.com:25
+#
+#testing TLS with google
+tlsref:        
+               @ clear
+               @ openssl s_client                      \
+                       -status                         \
+                       -msg                            \
+                       -debug                          \
+                       -CAfile certs/safe_CA.pem       \
+                       -cert certs/localhost_cert.pem  \
+                       -key certs/localhost_key.pem    \
+                       -connect smtp.google.com:25     \
+                       -starttls                       \
+                       smtp
 #--------------------------------------------------------------------
 #starting email receiver
 

diff --git a/certs/localhost-cert.tar.gz b/certs/localhost-cert.tar.gz
deleted file mode 100644 (file)
index b5e1a5b..0000000
Binary files a/certs/localhost-cert.tar.gz and /dev/null differ

diff --git a/lib/devsoc.c b/lib/devsoc.c
index ab16cdb4c0da27f15fe84255eeede094757e24f1..2766eaab0c70ae73aef2e0b8e320b08b5e638f04 100644 (file)
--- a/lib/devsoc.c
+++ b/lib/devsoc.c
@@ -1385,14 +1385,14 @@ if ((soc!=(SOCTYP *)0)&&(soc->modtls==false)) {
   char buffer[100];
 
   peerip=soc_getaddrinfo(socptr,false,false);
-  (void) socpurge(soc,peerip);
+  (void) usleep(100000);        //lets wait for 100 millisec
   tosend=snprintf(buffer,sizeof(buffer),"%d 2.0.0 Ready to start TLS%s",
                                         SIGNON,CRLF);
   (void) soc_writebuffer(soc,buffer,tosend);
   if ((soc->tls=tls_opentls(soc->handle,true))!=(TLSTYP *)0) {
     soc->proto=pro_smtps;
     soc->modtls=true;
-    (void) socpurge(soc,peerip);
+    //(void) socpurge(soc,peerip);
     ok=true;
     }
   peerip=rou_freestr(peerip);

diff --git a/lib/lvleml.c b/lib/lvleml.c
index a8f3f535bd16ace8c41e6d894703b43280226ddb..aad55831e59a18486097757589e943174ff08acf 100644 (file)
--- a/lib/lvleml.c
+++ b/lib/lvleml.c
@@ -202,7 +202,8 @@ while (proceed==true) {
       if (contact->tlsok==true)
         strstart++;
       for (int i=strstart;ehlostr[i]!=(char *)0;i++) {
-        (void) transmit(contact,"%d%s",CMDOK,ehlostr[i]);
+        (void) rou_alert(0,"%s, JMPDNG i='%d'",OPEP,i);
+        (void) transmit(contact,"%d%s JMPDBG",CMDOK,ehlostr[i]);
         }
       done=true;
       break;
@@ -378,7 +379,8 @@ while (proceed==true) {
       switch (soc_starttls(contact->socptr)) {
         case true       :       //link now in TLS crypted mode
           contact->tlsok=true;
-          (void) signon(contact);
+          (void) transmit(contact,"%d Link now encrypted",CMDOK);
+          (void) rou_alert(0,"%s, CMDOK sent",OPEP);
           break;
         case false      :       //unable to establish link
           (void) transmit(contact,"%d 5.3.3 command starttls not successful",

diff --git a/lib/modrec.c b/lib/modrec.c
index 52cb467d478df3d5d4735cb7cd6f1a4e41e6c527..19c765bc7edec39b86a68803e184b1e19e4e0674 100644 (file)
--- a/lib/modrec.c
+++ b/lib/modrec.c
@@ -211,7 +211,7 @@ while (proceed==true) {
         switch (childs[i]) {
           case  -1      :       //trouble trouble to fork?
             childs[i]=(pid_t)0;
-            (void) sleep(1);    //Weathering the storm
+            (void) sleep(1);    //Weathering the storme
             break;
           case   0      :       //Child process itself
             (void) free(childs);

diff --git a/lib/subrou.c b/lib/subrou.c
index 47e3e6cdbf602b0a2e46abdca812430825d20d9c..e86e18ccaed029983c0c51594abdc4f966f0c872 100644 (file)
--- a/lib/subrou.c
+++ b/lib/subrou.c
@@ -21,7 +21,7 @@
 
 //version definition 
 #define VERSION "0.6"
-#define RELEASE "45"
+#define RELEASE "46"
 #define BRANCH "dvl"
 
 //Public variables

diff --git a/lib/unitls.c b/lib/unitls.c
index b45853f8b28ff3424c1f56a0938241fbba561bc6..cd97c3e12bf2df9cf06c92bc5b9b10e78122de51 100644 (file)
--- a/lib/unitls.c
+++ b/lib/unitls.c
@@ -144,10 +144,14 @@ proceed=true;
 while (proceed==true) {
   switch (phase) {
     case 0      :       //get remote certificate
-      if ((peer=SSL_get0_peer_certificate(tls->ssl))==(X509 *)0) {
-        (void) rou_alert(0,"%s, Unable to get certificate from remote [%s]",
-                            OPEP,tls->peerip);
-        phase=999;
+      if ((peer=SSL_get_peer_certificate(tls->ssl))==(X509 *)0) {
+        char msg[200];
+
+        (void) snprintf(msg,sizeof(msg),"%s, Unable to get certificate "
+                                        "from remote [%s]",
+                                        OPEP,tls->peerip);
+        (void) showtlserror(tls,0,msg);
+        phase=999;      //no need to go furter
         }
       break;
     case 1      :       //displaying certificate
@@ -220,11 +224,13 @@ static int set_server_certificate(TLSTYP *tls)
 {
 #define OPEP    "unitls.c:set_link_certificate"
 int done;
+int mode;
 const char *certpub[3];
 int phase;
 _Bool proceed;
 
 done=false;
+mode=SSL_VERIFY_NONE;
 certpub[0]="./certs/safe_CA.pem";               //default and debugging certificats
 //Default debugging server certificate
 certpub[1]="./certs/mailleur_server_cert_x509.pem";
@@ -271,7 +277,7 @@ while (proceed==true) {
       break;
     case 4      :       //verify management
       (void) SSL_CTX_set_purpose(tls->ctx,X509_PURPOSE_ANY);
-      (void) SSL_CTX_set_verify(tls->ctx,SSL_VERIFY_PEER,(int(*)())0);
+      (void) SSL_CTX_set_verify(tls->ctx,mode,(int(*)())0);
       (void) SSL_CTX_set_verify_depth(tls->ctx,5);
       (void) SSL_CTX_set_options(tls->ctx,SSL_OP_ALL);
       if (SSL_CTX_set_cipher_list(tls->ctx,SSL_CIPHER_LIST)==0) {
@@ -398,6 +404,7 @@ if (server==true)
 phase=0;
 proceed=true;
 while (proceed==true) {
+  (void) rou_alert(0,"%s JMPDBG phase='%d', serveur='%d'",OPEP,phase,server);
   switch (phase) {
     case 0      :       //prepare the structure first;
       tls=(TLSTYP *)calloc(1,sizeof(TLSTYP));
@@ -580,12 +587,16 @@ if (tls!=(TLSTYP *)0) {
 
   status=0;
   got=SSL_read(tls->ssl,buffer,maxread);
+  (void) rou_alert(0,"%S JMPDBG got='%d'",OPEP,got);
   switch (got) {
     case -1     :       //trouble to write
-      switch (status=SSL_get_error(tls->ssl,-1)) {
+      status=SSL_get_error(tls->ssl,-1);
+      (void) rou_alert(0,"%S JMPDBG status='%d'",OPEP,status);
+      switch (status) {
         case SSL_ERROR_WANT_READ        :     //"wanted" error
         case SSL_ERROR_WANT_WRITE       :     //
           (void) usleep(1000);
+          (void) rou_alert(0,"%S JMPDBG usleep",OPEP);
           break;
         default                         :
           (void) showtlserror(tls,-1,"%s Premature EOF with crypted link",OPEP);