From: Jean-Marc Pigeon (Delson) Date: Sun, 6 Apr 2025 18:21:21 +0000 (-0400) Subject: TLS exchange start to be working (???) X-Git-Tag: tag-0.7~29 X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=10601346bdb8decf2c2f5a32daab6ce460d90648;p=jmp%2Fmailleur TLS exchange start to be working (???) --- diff --git a/Makefile b/Makefile index 68b1203..ef637f5 100644 --- a/Makefile +++ b/Makefile @@ -29,6 +29,7 @@ LOCKDIR = $(TESTDIR)/var/run/$(APPNAME) #managing debugging test TESTDIR = $(CURDIR)/test_area +TESTSRV = mailleur.example.com TESTIP = 127.127.10.25 TESTPORT= 1025 EXTIP = safemail3.safe.ca @@ -71,8 +72,12 @@ dbgfeed : debug $(TESTPORT) \ $(DATATST)/feed00.tst #testing TLS connection -testtls : - openssl s_client \ +tlsrcvr : + @ clear + @ openssl s_client \ + -status \ + -msg \ + -debug \ -CAfile certs/safe_CA.pem \ -cert certs/localhost_cert.pem \ -key certs/localhost_key.pem \ @@ -80,6 +85,34 @@ testtls : -starttls \ smtp +xxx : + @ clear + @ openssl s_client \ + -state \ + -key certs/localhost_key.pem \ + -cert certs/localhost_cert.pem \ + -CAfile certs/safe_CA.pem \ + -starttls smtp \ + -connect $(TESTSRV):$(TESTPORT) + +# -showcerts +# -connect mailprod1.safe.ca:25 +# -connect $(TESTSRV):$(TESTPORT) +# -connect smtp.google.com:25 +# +#testing TLS with google +tlsref: + @ clear + @ openssl s_client \ + -status \ + -msg \ + -debug \ + -CAfile certs/safe_CA.pem \ + -cert certs/localhost_cert.pem \ + -key certs/localhost_key.pem \ + -connect smtp.google.com:25 \ + -starttls \ + smtp #-------------------------------------------------------------------- #starting email receiver diff --git a/certs/localhost-cert.tar.gz b/certs/localhost-cert.tar.gz deleted file mode 100644 index b5e1a5b..0000000 Binary files a/certs/localhost-cert.tar.gz and /dev/null differ diff --git a/lib/devsoc.c b/lib/devsoc.c index ab16cdb..2766eaa 100644 --- a/lib/devsoc.c +++ b/lib/devsoc.c @@ -1385,14 +1385,14 @@ if ((soc!=(SOCTYP *)0)&&(soc->modtls==false)) { char buffer[100]; peerip=soc_getaddrinfo(socptr,false,false); - (void) socpurge(soc,peerip); + (void) usleep(100000); //lets wait for 100 millisec tosend=snprintf(buffer,sizeof(buffer),"%d 2.0.0 Ready to start TLS%s", SIGNON,CRLF); (void) soc_writebuffer(soc,buffer,tosend); if ((soc->tls=tls_opentls(soc->handle,true))!=(TLSTYP *)0) { soc->proto=pro_smtps; soc->modtls=true; - (void) socpurge(soc,peerip); + //(void) socpurge(soc,peerip); ok=true; } peerip=rou_freestr(peerip); diff --git a/lib/lvleml.c b/lib/lvleml.c index a8f3f53..aad5583 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -202,7 +202,8 @@ while (proceed==true) { if (contact->tlsok==true) strstart++; for (int i=strstart;ehlostr[i]!=(char *)0;i++) { - (void) transmit(contact,"%d%s",CMDOK,ehlostr[i]); + (void) rou_alert(0,"%s, JMPDNG i='%d'",OPEP,i); + (void) transmit(contact,"%d%s JMPDBG",CMDOK,ehlostr[i]); } done=true; break; @@ -378,7 +379,8 @@ while (proceed==true) { switch (soc_starttls(contact->socptr)) { case true : //link now in TLS crypted mode contact->tlsok=true; - (void) signon(contact); + (void) transmit(contact,"%d Link now encrypted",CMDOK); + (void) rou_alert(0,"%s, CMDOK sent",OPEP); break; case false : //unable to establish link (void) transmit(contact,"%d 5.3.3 command starttls not successful", diff --git a/lib/modrec.c b/lib/modrec.c index 52cb467..19c765b 100644 --- a/lib/modrec.c +++ b/lib/modrec.c @@ -211,7 +211,7 @@ while (proceed==true) { switch (childs[i]) { case -1 : //trouble trouble to fork? childs[i]=(pid_t)0; - (void) sleep(1); //Weathering the storm + (void) sleep(1); //Weathering the storme break; case 0 : //Child process itself (void) free(childs); diff --git a/lib/subrou.c b/lib/subrou.c index 47e3e6c..e86e18c 100644 --- a/lib/subrou.c +++ b/lib/subrou.c @@ -21,7 +21,7 @@ //version definition #define VERSION "0.6" -#define RELEASE "45" +#define RELEASE "46" #define BRANCH "dvl" //Public variables diff --git a/lib/unitls.c b/lib/unitls.c index b45853f..cd97c3e 100644 --- a/lib/unitls.c +++ b/lib/unitls.c @@ -144,10 +144,14 @@ proceed=true; while (proceed==true) { switch (phase) { case 0 : //get remote certificate - if ((peer=SSL_get0_peer_certificate(tls->ssl))==(X509 *)0) { - (void) rou_alert(0,"%s, Unable to get certificate from remote [%s]", - OPEP,tls->peerip); - phase=999; + if ((peer=SSL_get_peer_certificate(tls->ssl))==(X509 *)0) { + char msg[200]; + + (void) snprintf(msg,sizeof(msg),"%s, Unable to get certificate " + "from remote [%s]", + OPEP,tls->peerip); + (void) showtlserror(tls,0,msg); + phase=999; //no need to go furter } break; case 1 : //displaying certificate @@ -220,11 +224,13 @@ static int set_server_certificate(TLSTYP *tls) { #define OPEP "unitls.c:set_link_certificate" int done; +int mode; const char *certpub[3]; int phase; _Bool proceed; done=false; +mode=SSL_VERIFY_NONE; certpub[0]="./certs/safe_CA.pem"; //default and debugging certificats //Default debugging server certificate certpub[1]="./certs/mailleur_server_cert_x509.pem"; @@ -271,7 +277,7 @@ while (proceed==true) { break; case 4 : //verify management (void) SSL_CTX_set_purpose(tls->ctx,X509_PURPOSE_ANY); - (void) SSL_CTX_set_verify(tls->ctx,SSL_VERIFY_PEER,(int(*)())0); + (void) SSL_CTX_set_verify(tls->ctx,mode,(int(*)())0); (void) SSL_CTX_set_verify_depth(tls->ctx,5); (void) SSL_CTX_set_options(tls->ctx,SSL_OP_ALL); if (SSL_CTX_set_cipher_list(tls->ctx,SSL_CIPHER_LIST)==0) { @@ -398,6 +404,7 @@ if (server==true) phase=0; proceed=true; while (proceed==true) { + (void) rou_alert(0,"%s JMPDBG phase='%d', serveur='%d'",OPEP,phase,server); switch (phase) { case 0 : //prepare the structure first; tls=(TLSTYP *)calloc(1,sizeof(TLSTYP)); @@ -580,12 +587,16 @@ if (tls!=(TLSTYP *)0) { status=0; got=SSL_read(tls->ssl,buffer,maxread); + (void) rou_alert(0,"%S JMPDBG got='%d'",OPEP,got); switch (got) { case -1 : //trouble to write - switch (status=SSL_get_error(tls->ssl,-1)) { + status=SSL_get_error(tls->ssl,-1); + (void) rou_alert(0,"%S JMPDBG status='%d'",OPEP,status); + switch (status) { case SSL_ERROR_WANT_READ : //"wanted" error case SSL_ERROR_WANT_WRITE : // (void) usleep(1000); + (void) rou_alert(0,"%S JMPDBG usleep",OPEP); break; default : (void) showtlserror(tls,-1,"%s Premature EOF with crypted link",OPEP);