Improving certifcate handling

diff --git a/Makefile b/Makefile
index eac29f689d6110e70df141c2166ee96aaa6ee8ac..930e1990e3faa491d8358016b6810fecd338731c 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -139,7 +139,7 @@ onefeed     :  debug
           @ rm -fr $(TESTDIR)/var/spool/$(APPNAME)/queue/*
           @ bin/feeder                                 \
                        -f                              \
-                       -d 9                            \
+                       -d 2                            \
                        -c ./conf/$(APPNAME).conf.dvl   \
                        $(TESTIP)                       \
                        $(TESTPORT)                     \
@@ -220,9 +220,6 @@ xxx :
                @ openssl s_client                      \
                        -crlf                           \
                        --showcerts                     \
-                       -status                         \
-                       -msg                            \
-                       -debug                          \
                        -key certs/localhost-key.pem    \
                        -cert certs/localhost-cert.pem  \
                        -CAfile certs/root-safe_CA.pem  \
@@ -315,6 +312,7 @@ prepare     :  clean debug newtest
 #to kill all remaining emlrcvr process
 killall        :
          @ - kill -HUP emlrcvr
+         @ - kill -9 sender
          @ - kill -9 sorter
 
 #--------------------------------------------------------------------

diff --git a/conf/mailleur.conf.dvl b/conf/mailleur.conf.dvl
index a58cd9f476406a8e251ad9b61b55f8d95244d3d1..7a9c9ff994065bbbb84c2b0b4c215ddc744a4764 100644 (file)
--- a/conf/mailleur.conf.dvl
+++ b/conf/mailleur.conf.dvl
@@ -5,12 +5,13 @@
 CA_ROOT_SRV    =       "./certs/root-safe_CA.pem"
 CA_CERT_SRV    =       "./certs/mailleur_server-chain-cert_x509.pem"
 CA_KEY_SRV     =       "./certs/mailleur_server-key.pem"
-CA_VERIFY      =       1       #to check PEER certificat
+CA_VERIFY_SRV  =       1       #to check PEER/client remote certificate
 #------------------------------------------------
 #Defining CLIENT mode Certificate data
 CA_ROOT_CLT    =       "./certs/root-safe_CA.pem"
 CA_CERT_CLT    =       "./certs/localhost-chain-cert.pem"
 CA_KEY_CLT     =       "./certs/localhost-key.pem"
+CA_VERIFY_CLT  =       0       #to check PEER/server remote certificate
 #------------------------------------------------
 #Configured for Postgresql database
 DB_TYPE                =       POSTGRES

diff --git a/lib/devsoc.c b/lib/devsoc.c
index a3e07726ed0739121acd271eba22b363c24c2aee..6fb79ec4970fb72d27a953be13a339998ece6688 100644 (file)
--- a/lib/devsoc.c
+++ b/lib/devsoc.c
@@ -1004,17 +1004,21 @@ if ((soc!=(SOCTYP *)0)&&(isconnected(soc)==true)) {
     }
   switch (status) {
     case -1     :       //polling error
+      (void) rou_alert(0,"%s Polling error (error=<%s>)",OPEP,strerror(errno));
       break;
     case  0     :       //polling timeout
+      (void) rou_alert(0,"%s Polling timeout (error=<%s>)",OPEP,strerror(errno));
       break;
     case 1      :       //polling early return (data or event)
                         //checking if link still available
+      //(void) rou_alert(0,"%s Polling early (error=<%s>)",OPEP,strerror(errno));
       if (tls_write(soc->tls,(char *)0,0)<0) {
         (void) rou_alert(0,"%s, TLS link disconnect detected",OPEP);
         status=0;
         }
       break;
     default     :
+      (void) rou_alert(0,"%s Polling default (error=<%s>)",OPEP,strerror(errno));
       break;
     }
   }

diff --git a/lib/gestcp.c b/lib/gestcp.c
index 3d12d02ff09277dfbfb8437e2b08d6f116d6212b..0c47474abc25d27c14ca8e91362dabf7d3cf904e 100644 (file)
--- a/lib/gestcp.c
+++ b/lib/gestcp.c
@@ -125,19 +125,25 @@ return sent;
 PUBLIC int tcp_get_smtp_reply(RMTTYP *rmt,int wait)
 
 {
+#define OPEP    "gestcp.c:cp_get_smtp_reply,"
+
 int code;
 int maxlines;
 
 code=ERRPROC;
 maxlines=20;     //maximun number of line error
+if (debug>0)
+  wait/=10;     //debug mode not waiting form long
 while (maxlines>0) {
   char *line;
   int sofar;
   
   line=(char *)0;
+  (void) rou_alert(0,"%s JMPDBG waiting for answer",OPEP);
   if (tcp_getline(rmt->socptr,wait,&line)<0) {
     char cmt[100]; 
 
+    (void) rou_alert(0,"%s JMPDBG timeout",OPEP);
     (void) snprintf(cmt,sizeof(cmt),"%d Timeout waiting '%d' sec for MX <%s>",
                                     ERRPROC,wait,rmt->curmx->mxname);
     line=strdup(cmt);
@@ -153,6 +159,8 @@ while (maxlines>0) {
   maxlines--;
   }
 return code;
+
+#undef  OPEP
 }
 /*
 ^L

diff --git a/lib/lvleml.c b/lib/lvleml.c
index 7a9e59e01f9a7954251ae2fc39ffbce1bde0b6f6..8bbcd02ea4cb252d2392f3d75be6797bedac745a 100644 (file)
--- a/lib/lvleml.c
+++ b/lib/lvleml.c
@@ -717,10 +717,12 @@ while (proceed==true) {
       rspcode=tcp_smtp_command(rmt,"STARTTLS",rmt->orgdomain);
       switch (rspcode) {
         case SIGNON      :       //link is now encrypted
-          debug=9;
+          int bigre;
           (void) usleep(100000); 
           done=soc_starttls(rmt->socptr,false);
           (void) rou_alert(0,"%s JMPDBG should start tls done='%d'",OPEP,done);
+          bigre=tcp_get_smtp_reply(rmt,WAITRMT);
+          (void) rou_alert(0,"%s JMPDBG tls done='%d'",OPEP,bigre);
           break;
         default         :       //Trouble
           (void) rou_alert(0,"%s Unable to establish crypted link with <%s>",

diff --git a/lib/subrou.c b/lib/subrou.c
index 6ffc88cba87bda3f8ce65cdca90939ed96222314..d33cde7b40b8410c083d04ccdfc20a4ec74a269e 100644 (file)
--- a/lib/subrou.c
+++ b/lib/subrou.c
@@ -644,6 +644,17 @@ while (proceed==true) {
         *ptr='\000';
       if ((ptr=strrchr(line,'\n'))!=(char *)0)
         *ptr='\000';
+      //cleaning the end of line
+      if (strlen(line)>0) {
+        ptr=line+strlen(line)-1;
+        while (*ptr!='\000') {
+          if ((*ptr!=' ')&&(*ptr!='\t'))
+            break;
+          *ptr='\000';
+          ptr--;
+          }
+        }
+      //check remaining clean line
       if (strlen(line)==0)
         phase=0;        //next line
       break;

diff --git a/lib/unitls.c b/lib/unitls.c
index f22e89ca7e0a33d33d65e9296e30b0ec1eaa9177..244e1fb693e5a0243ef8b510e65a768b051e2352 100644 (file)
--- a/lib/unitls.c
+++ b/lib/unitls.c
@@ -160,8 +160,7 @@ static int set_crypting(TLSTYP *tls,_Bool server)
 {
 #define OPEP    "unitls.c:set_crypting"
 
-static const char *cenv[]={"CA_KEY","CA_CERT","CA_ROOT"};
-static const char *envver="CA_VERIFY";
+static const char *cenv[]={"CA_KEY","CA_CERT","CA_ROOT","CA_VERIFY"};
 
 int done;
 const char *certs[sizeof(cenv)/sizeof(char *)];
@@ -197,8 +196,10 @@ while (proceed==true) {
           phase=999;    //missing  certificate info.
           }
         }
-      if (getenv(envver)!=(char *)0) {  //env value can be missing
-        if (atoi(getenv(envver))!=0) {
+      //Set the verify mode
+      if (certs[3]!=(char *)0) {  //env value can be missing
+        if (atoi(certs[3])==1) {
+          (void) rou_alert(0,"%s JMPDBG verifiyng certificate",OPEP);
           mode=SSL_VERIFY_PEER; //to make sure peer certificate is OK
           }
         }
@@ -820,13 +821,15 @@ while (proceed==true) {
         }
       break;
     case 2      :       //lets wait for char
+      (void) rou_alert(0,"%s JMPDBG waiting %d millisec",OPEP,millisec);
       status=poll(polling,1,millisec);
       switch (status) {
         case -1         :       //Polling error
-          (void) rou_alert(0,"%s Polling error (error=<%s>",OPEP,strerror(errno));
+          (void) rou_alert(0,"%s Polling error (error=<%s>)",OPEP,strerror(errno));
           break;
         case  0         :       //polling time out
                                 //nothing to do
+          (void) rou_alert(0,"%s Polling timeout (error=<%s>)",OPEP,strerror(errno));
           break;
         case  1         :       //char is available.
                                 //nothing to do