From: Jean-Marc Pigeon (Delson) <jmp@safe.ca>
Date: Sun, 8 Jun 2025 19:12:46 +0000 (-0400)
Subject: Certifcate set according server/client mode
X-Git-Tag: tag-0.8~52
X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=d3930caa249c2fe9ecf1feb5c9388a2cb275ca7f;p=jmp%2Fmailleur

Certifcate set according server/client mode
---

diff --git a/Makefile b/Makefile
index f1200f4..eac29f6 100644
--- a/Makefile
+++ b/Makefile
@@ -140,7 +140,7 @@ onefeed	:  debug
 	   @ bin/feeder					\
 			-f				\
 			-d 9				\
-	   		-c ./conf/feeder.conf.dvl	\
+	   		-c ./conf/$(APPNAME).conf.dvl	\
 			$(TESTIP)			\
 			$(TESTPORT)			\
 		  	./$(DATATST)/feed01.tst
diff --git a/conf/mailleur.conf.dvl b/conf/mailleur.conf.dvl
index 9fbc63d..a58cd9f 100644
--- a/conf/mailleur.conf.dvl
+++ b/conf/mailleur.conf.dvl
@@ -1,12 +1,17 @@
 #file used to set environment configuration
 #Used for developpement purpose ONLY
 #------------------------------------------------
-#Defining Certificate
-CA_ROOT		=	"./certs/root-safe_CA.pem"
-CA_CERT		=	"./certs/mailleur_server-chain-cert_x509.pem"
-CA_KEY		=	"./certs/mailleur_server-key.pem"
+#Defining SERVER mode Certificate data
+CA_ROOT_SRV	=	"./certs/root-safe_CA.pem"
+CA_CERT_SRV	=	"./certs/mailleur_server-chain-cert_x509.pem"
+CA_KEY_SRV	=	"./certs/mailleur_server-key.pem"
 CA_VERIFY	=	1	#to check PEER certificat
 #------------------------------------------------
+#Defining CLIENT mode Certificate data
+CA_ROOT_CLT	=	"./certs/root-safe_CA.pem"
+CA_CERT_CLT	=	"./certs/localhost-chain-cert.pem"
+CA_KEY_CLT	=	"./certs/localhost-key.pem"
+#------------------------------------------------
 #Configured for Postgresql database
 DB_TYPE		=	POSTGRES
 DB_NAME		=	mailleur
diff --git a/data-feed/feed01.tst b/data-feed/feed01.tst
index c4c67e8..1babf0e 100644
--- a/data-feed/feed01.tst
+++ b/data-feed/feed01.tst
@@ -1,10 +1,10 @@
 #====================================================
 T:(feed01) Sending a a simple mail to remote server
-R:220 mailleur.example.com ESMTP (cleartext) emlrcvr...
+R:220 mailleur.example.com, ESMTP (cleartext) emlrcvr...
 #====================================================
 S:HELO example.com
 #R:250-mailleur.example.com, link (cleartext) ready, your IP/FQDN=[127.127.0.2/feed2.example.com]
-R:250-mailleur.example.com, link (cleartext) ready,...
+R:250 mailleur.example.com, link (cleartext) ready,...
 C:GOTLS
 R:250 Link now encryp...
 S:MAIL FROM: <postmaster@example.com>
diff --git a/lib/geseml.c b/lib/geseml.c
index 31bcea7..fff34d9 100644
--- a/lib/geseml.c
+++ b/lib/geseml.c
@@ -648,7 +648,6 @@ switch (fork()) {
       (void) rou_alert(0,"%s Unable to exec process=<%s> (error=<%s> Bug?)",
                         OPEP,execpath,strerror(errno));
       (void) rou_freestr(execpath);
-      (void) system("ls -ails /home/jmp/safe-mailleur/mailleur/test_area/var/spool/mailleur/queue/");
       (void) exit(-1);
       }
     break;
diff --git a/lib/lvleml.c b/lib/lvleml.c
index 6340a99..7a9e59e 100644
--- a/lib/lvleml.c
+++ b/lib/lvleml.c
@@ -140,7 +140,7 @@ va_end(args);
 static void signon(CONTYP *contact)
 
 {
-#define FMT     "%d %s ESMTP (%s) %s-%s; %s"
+#define FMT     "%d %s, ESMTP (%s) %s-%s; %s"
 
 if (contact!=(CONTYP *)0) {
   const char *mode;
@@ -176,7 +176,7 @@ sepa=' ';
 if (suite==true)
   sepa='-';
 mode=soc_getstrmode(contact->socptr);
-(void) transmit(contact,"%d%c%s link (%s) ready, your IP/FQDN=[%s/%s]",
+(void) transmit(contact,"%d%c%s, link (%s) ready, your IP/FQDN=[%s/%s]",
                          CMDOK,sepa,contact->locname,mode,
                          contact->peerip,contact->peername);
 }
diff --git a/lib/unitls.c b/lib/unitls.c
index 759d6b1..f22e89c 100644
--- a/lib/unitls.c
+++ b/lib/unitls.c
@@ -155,7 +155,7 @@ return tls;
 /*	Procedure to set the link certificate           */
 /*                                                      */
 /********************************************************/
-static int set_crypting(TLSTYP *tls)
+static int set_crypting(TLSTYP *tls,_Bool server)
 
 {
 #define OPEP    "unitls.c:set_crypting"
@@ -166,14 +166,18 @@ static const char *envver="CA_VERIFY";
 int done;
 const char *certs[sizeof(cenv)/sizeof(char *)];
 const SSL_METHOD *(*tls_methode)();
+const char *certext;
 int mode;
 int phase;
 _Bool proceed;
 
 done=false;
 tls_methode=TLS_client_method;
-if (tls->server==true)
+certext="CLT";
+if (tls->server==true) {
   tls_methode=TLS_server_method;
+  certext="SRV";
+  }
 mode=SSL_VERIFY_NONE;
 phase=0;
 proceed=true;
@@ -182,10 +186,14 @@ while (proceed==true) {
   switch (phase) {
     case 0      :       //loading certificate names
       for (int i=0;i<(sizeof(cenv)/sizeof(char *));i++) {
-        certs[i]=getenv(cenv[i]);
+        char data[100];
+
+        (void) snprintf(data,sizeof(data),"%s_%s",cenv[i],certext);
+        certs[i]=getenv(data);
+        (void) rou_alert(0,"%s JMPDBG certs[%d]=<%s>",OPEP,i,certs[i]);
         if (certs[i]==(char *)0) {
           (void) rou_alert(0,"%s Missing <%s> environment variable (config?)",
-                              OPEP,cenv[i]);
+                              OPEP,data);
           phase=999;    //missing  certificate info.
           }
         }
@@ -266,8 +274,9 @@ while (proceed==true) {
       break;
     }
   phase++;
-  }
+ }
 return done;
+
 #undef  OPEP
 }
 /*
@@ -557,8 +566,8 @@ while (proceed==true) {
       tls->server=server;
       (void) getnames(tls);
       break;
-    case 1      :       //set certificate
-      if (set_crypting(tls)==false) {
+    case 1      :       //set certificate according client/server mode
+      if (set_crypting(tls,server)==false) {
         (void) rou_alert(1,"%s Unable to open a TLS channel",OPEP);
         tls=freetls(tls);
         phase=999;