From 10601346bdb8decf2c2f5a32daab6ce460d90648 Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Sun, 6 Apr 2025 14:21:21 -0400 Subject: [PATCH] TLS exchange start to be working (???) --- Makefile | 37 ++++++++++++++++++++++++++++++++++-- certs/localhost-cert.tar.gz | Bin 30720 -> 0 bytes lib/devsoc.c | 4 ++-- lib/lvleml.c | 6 ++++-- lib/modrec.c | 2 +- lib/subrou.c | 2 +- lib/unitls.c | 23 ++++++++++++++++------ 7 files changed, 60 insertions(+), 14 deletions(-) delete mode 100644 certs/localhost-cert.tar.gz diff --git a/Makefile b/Makefile index 68b1203..ef637f5 100644 --- a/Makefile +++ b/Makefile @@ -29,6 +29,7 @@ LOCKDIR = $(TESTDIR)/var/run/$(APPNAME) #managing debugging test TESTDIR = $(CURDIR)/test_area +TESTSRV = mailleur.example.com TESTIP = 127.127.10.25 TESTPORT= 1025 EXTIP = safemail3.safe.ca @@ -71,8 +72,12 @@ dbgfeed : debug $(TESTPORT) \ $(DATATST)/feed00.tst #testing TLS connection -testtls : - openssl s_client \ +tlsrcvr : + @ clear + @ openssl s_client \ + -status \ + -msg \ + -debug \ -CAfile certs/safe_CA.pem \ -cert certs/localhost_cert.pem \ -key certs/localhost_key.pem \ @@ -80,6 +85,34 @@ testtls : -starttls \ smtp +xxx : + @ clear + @ openssl s_client \ + -state \ + -key certs/localhost_key.pem \ + -cert certs/localhost_cert.pem \ + -CAfile certs/safe_CA.pem \ + -starttls smtp \ + -connect $(TESTSRV):$(TESTPORT) + +# -showcerts +# -connect mailprod1.safe.ca:25 +# -connect $(TESTSRV):$(TESTPORT) +# -connect smtp.google.com:25 +# +#testing TLS with google +tlsref: + @ clear + @ openssl s_client \ + -status \ + -msg \ + -debug \ + -CAfile certs/safe_CA.pem \ + -cert certs/localhost_cert.pem \ + -key certs/localhost_key.pem \ + -connect smtp.google.com:25 \ + -starttls \ + smtp #-------------------------------------------------------------------- #starting email receiver diff --git a/certs/localhost-cert.tar.gz b/certs/localhost-cert.tar.gz deleted file mode 100644 index b5e1a5b6b0bae9a5e6768b4614458029e5d8b411..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 30720 zcmeHvS(l<(wr)N1E8?-va92u?FvfnMQ&B;&$Coqc#0JF%LH+gjTSSv)rm?GP->Q4= zts60N?=S?`n%$c7n~kPf=%=gfoPXQKx4-;*erWuNH2oLyn-_$)-+c9(T;dq|FAOh9 zyg>7;!2X41SXyBI@<&L(`01~+zl?u+>p$VozmXr!Y+26B zU}#O%vH8+9z3N@cwychuSek06j+ShXtL?fam$at3W>Zy1x;`q)B-v(aVybFp>8h)X z^ZR_HIdhsV^eeTS)$i`s>d!nz3iQ!D7>$?W;Akwn;;0@qy|y;2S?y*#Y#vLoed-U# z{poSNEGC60&(@AajrsF->=xX#G`aNwNmo;Br8gr&`3WFxs*4?hL zx`%$R9yTw=uGov`E!DpbEn(j+oR#Wa^P61ed~-~nWVU%`I=x-vemryiVqfn~#=2ea zj7FP9IOp~KeHjM9bjDH4%1*<4Ivr2P^=v4}E3ZiSRWPJS)=Cq0`7Sk6b>Ebxmnqjw zLho8|@wIQHQ@6>>o9mc5-Y3y;knBzkdzh`6O?cZki@=@Byi+rxZI|`UePe%XNQWuw z_wVNNKHUzTVeZoY!fo~(D!0{PKaWpKyVlMp=Ix-{`JizZ&$~R}{HfP$XWQF7+iB)* zpz(P?_at3fk7Ig1?rG+_M%Cs+zsXp!aW;->-W1!Hc%24Au60=Cj-~M{w`K~PJn3-L z$Y!c?H2Z=G}0y%gJGYmet^ zDddhOTOa9eTfEr=d)v1UK|vk0ZDd=^VPo5CPvfZ7>D))7m8`4F<;ic>XZa!%`LyMx z&0SPjgNU{E2d7(~xvW1}@sksEJvEIy*^Ms6c*AT8ZFXbW`_w-#r9$!yJvF(--I)q| zPUf2RW08(!R-LYPJKkB1&ucBD=7w8jW3y+jqicRS1ij+8S?hJK)4Yrg*D_RB)hZKK z6KlYk?qG6Q7x#VQ^3h%xwU3lNat1Bt7|n-EX_kzl+*)LAIS}^ILMry*sI^+_*LHcH zrcpn%8mCB2VEEd?I?sB8Eb3BX{cfFQS6kg3emuE{%j?wSnuW!lPRD#6)RUvR=Rz$G z26Q_dv0AVQt=+1zX|r8cl9?SfJj@sViFPHfb+jZy*PT_X&R(s4T%Sm(Fx_-&6C-Q1 z=Jw*SnCxa&D%Ojkt`+^8Rt`2b>U7#IPyCjjpVC5h@2+r7c2i>{om;vWIkzwpJLc6K zS-T=n=MC-_?KSJzF3Lj|#A0V$qug;SGR@O{F*?bHb!GT?wVSg&n`U;hFv_D@alFdQ zg{R$a&fY24$8NjXZ(ZYFt9Q-MzDzZa@`-g)eP)d&r^WT$FglZC-)w8s_?m^yd*-#r z8=B?zfz;?7HS1=M_J>v9_0{>>Z;p->ZO!zRR2Q_xxg~5u*EhB^tsNBXJoK9Rdeq2W zUM>94l%$d6%<^5R=UyPh++xpVTKz<=Sz2AYoIZ<%dtY#6W7+8pH|(}H8O#r>?d2j~ zyg(gaOD|a-+PzpWXRQN6tD2SzZ2!Ec_`^-_db}q3rm?g=HqQNeryfn(PMxM@<|5^Z zv?-F(???-K$QEiVy!Uc?znwKN-P_coTs2AyCJr=*-t1Rib8GhOZl~jT{Z6)%#{RsQ z9^+QgU2aBxF%}k9+p$Bs5wDwhYrILb z?R;F&_a4JE4i|pnG`KkCdsq5U-z-NgHJ%N+UjLrvw$%;&(M@aC2K+LzW7eJZy<)#Q z&WwUzS;i&X#rI2@XyT-%jrCf=P1mdZPKlP<*Osf+il+yCU7)R6?QmvqOVtTOzNG8E zEa&FrzzxFHd0nz1S29bw-&sgE&FzUxmFmS^ZFoJUo9?h_HT41Au^aRK_2%~O4T;_Q z$5FZ6UFcn{z7DsBJUZ1Ht#z2o=5%*)yIPZqnenXFO_;%TUF+3x@XiiDysEW@)|qv6 zNxG#sgdmvbnos(Hs<5hi8I?*~rr+4c<+87zcD<|Ios908xS37wT74tb z8*a(WRdMDNlhJ-M6qz>PYZ~P~x*hIOZ7NVhjdQbfXzcHFY%Ic&X+)R2({RFWeST)+ zQ7fDzez`TIU9evIve>J2ntCld%Zt-2k-IZW6~*qzkg{x`1rxeA;3jp4>#BR%9Ayim z*5!{|wdftrPA1QW;r1-0H^h`E3Yob@2i*>}K9%=-QkJ*0p1w+0AKm%dTDIFV=iaa5 zeK;$w^k69P`F8HD?_yr>Z;o|g%U_NSw?}d7L&>zxbvn$rmMce5*Nk}1a;MHI#2&Pq z81#u{<;ktcRB2I@g}q>uGP5}B{o(O?qt53@JS1t_;!o2uE~oU)cc=6Ifr<3Jy-I@B zvNP>YZztEiFUE2<71!z^qE>n*PjT<1X9b2!<3G26^<(t4}kFY!_92aV~NZOCdb zyKhzkyD=_f=GIlcaBx^3y;2$<@-Vp{d3bVaRdi@N8?im3v&vWFBG|6$estt_{mF@M z9~`&Gm&L9_!W)oWaXkxmf5&zAvn9=Un~OcQ+>9@LnDqG5t--8!-uz|+UT4K+p6>1D z7rw>~obFM`SHaxo`AfgGx~!e}GOYXDr0E{|RBO#8Ct*DFr!#dX=$+k8SZ;Q)BYQft znQ3&Aa^18Rq?TdAZG;1+=A1=OjgzZ8R=eVkqLYD?-b;bkv`HhLd4W9MvxE7HRn3DH z`4Fq>)MwGinYiMP5tqltV6K+Yt>5T7N3U;DJuj)x)n1V<1^UpPbeY;+==3)9W^3`Q zv$;5&wx>u?16I72vtDPC^si@mbSnl8T4S7Pi*jp4Be{(m_1k=4x%+904dm`l=2v;0 zZh8aL6xI;tTyw@=xe}+nDBj%KInzupp1<*cP!^r7o&X2?hIccz=iSH*82+d(?qhGl z8rGWClXTTD%yYvX^#Q)R15Y!AQ#R~dQ$OeCRL{)!`^?$uvzEFa>5V~~TRYd4XdYEj zKW~<-R-be=Z*UVgx2fD7Z@a$iPx^K?^$z!yZ3Ad#{7&yndv?@4rp|rT+uogCOE`qL zelhKCXY$rOiKmOs^;&f|Vx6maT{df0ysvp`Sq!LIjgcHSHH;|p884k*t@fpE%!EWg zZ=1E*aT}f&>L@>VX=cxi1K9~X>#5GW=HSw}2~wXLUQ#t5@O_-<=IZV;(F!U>;7iO{T zIIH!&{QY;T%1cbg_%&DgPsqjoCwNHT^Z)<83bg#~5byr=RFJ%1j3&SabtkB{M))HQT&wqJ9T_TBpdG>%n|M0-*5^Ulye`j$t z{@uOAK^*?}()-=c_W3FH(_cBa{dJngm(xqU!>gAlE|38naGv9R{*uS%yyE}kxPPl& zMHz1XF59=AUj~;TU578-_y)-?vme#_aPdKHr!(ppzbK0ci~PJk^EWK0y!@4?W$`6g z=iiO#^`@5>JBu#q<^1D*?-yY~fv*Tlg%gyBRcKy`U|;yZuPkwiQDj*Wm&%e;c=q`U zc%P1mni`QJ1&SCdEU(CtB1Yszv{d4Tvhy%+=kaO#0YuPN+gkg zp|3!ZHdC6+@B{QP6W;;7)-k0u~6f5kw^h0U%5y&qC3VB#}?7 zg#7ar$i5Y|aN80LLsU5M&Q;PA6sD5TvZ1gdQP5KwLQY{A#RtKWBEoth1X&3olSm18 zg^`F=kYfdveIm&Swgi&{r(g&7gB@r;RAQVsup=rWj08Hxar=Y@s9wamz(MATMtJxE zk%*3`iB6$GP!iIF&d=-tW)FkGz9IB3DFM`nn_-qbIg((FTPk5lTtx7RO^T3zphOV~ zeZ)V2S{w@O3p>OMXap3(|161Wo=OsCKvsZ5gT7e8K5X?`iBnc<)!z5&~H3v)tcL6ToZD5>G)+f4v zreMaf0r+`DJ-8-pN&*?4Mc{xI;P;k9CNS5hG{A4b_TX3qgh-GL^NEl9Cqjh3Pscg3ve}vo;bYlW1q!M+y*noc2I#2 zb-)ZDIuH-9h4%%HO5y1GvGwLN@5p@0v22VSm;PDqV4CC`zdHLa1a%upm zUorX_KzcH?lvSP|lzKhrCimp@|g z@V3=2&%STOeq*_B3{PVN=7*c!=+^u*ptuf&=O`=h^92KgC71O|j)K>U?AAJQb-&PaKhv;6jA4PMkJIuRpeSm_)24?=t<0+XDXD2^&Ke>)vN+($Gy?u}k%aX=E= z0(lxSdK?6j7{l6s`?##9Ym!j?eA)b4m30kHS&r20F<&KX|HOBdS4Cv?<(j0jztF-O zie@OHpqOy4row89WGH5pM{}lPu*4CIreYdOgCXviS4ptf@reGzT5tP)Kfr%?XIWP? zQ=v6QM{oxQ6P2c*=uJh_m8L;3fUFWf4|o8d*)$ccNkSU~q8ioCA3o(DP3gZsfK2=H zV0s7&$f1B$1fZ9Ygi$0oz%U3pBwir+B4#1B!WAQX0z3oidq70MX}}K%{c!1kA2R$l z;1kdSL!t&^4PXNh6z~b)JvbsUG5GGZ5$h2t0LB`?kVpxuv=IOX_yHjpVU%D(00V>` zUhzQ;vYrQo57Z5qgi8oI2rKaUNHg)8;9LBkComW|82|~uh6j;LLjQ;Ez%0qp5O5Ka zkP`tD0x1DN0>B`80t4WEhy_s<$O?$40`MP?lb{Twil~Gb4e$nWA*TQa0CYj5t|BQ7 zU;}Md$%_O;`mj5s!D4qHH}H-Sk0cRt!~GBxqz&4TaKQ$^9dZPy1_0whafqkD*w`28 zB-Dot2o?&^0vQ4d0@uY6!9rLHSOR(kjDZqAh!+8|5X$jjh4ct|j7i`o*#wwHIuMYw zf(Bs$0aU;<>_e`N#la(R7aj-MfIUzjl7blE2fV{>ktP7mA}awR1&FFt{INTr8uBKH z7xW`{AS$bH1<(bMGvYh25EucVLc|9Y1bl_KJ{}K{3s)!zMhhE&xdN&|m_XDJ8t@wc z5-=@Rz`jTl$(s*m(*VBZiN>*x4C{ixt94-cSP;k`FCbD_GN2UUsLJ9$b_ee`p#a{n z7HAw*2qHR2yTbnfU{F0VB&1hd1$}YF%gVo_6quhb>i*g5mZdKd>_J*iIuw^OGp(VBAjuU zB~*hv3uq9EuKX2AfvbEL=N)#)KiE8I#+zUh&H*VuxFC57?6%6(U~KR$kUT-`kOLqq zj^P9GkU4-Tpa8oj1M#pEh?f{GBwQtEkO0HIwz*!1@^o`J zwwjo&8=D_PdF=(Jf3(RhQA@OR6RX!v+R0&gQ4>MXAih)K<3c(wO$ysIHbcQ#6Nded=h#?Ian^giUW_Zf)Iak$d&B42G?A@6U&; zK-UavG4Ig+Y;o||CcPMGV}BN1{F$(~$7b0pJ!9&+hM}*-5lC#qq>jM%F-Ioj3xCxWO@CQGnUl*kmWxzW0~=mcE9Vo8lFod!Pywn14?z< zbuzxDCbPtb)6tUTq$Orkb3?p6r0up<_7l(QmY$}$leVpPTfNsaG z>PJ`h?#ZZES0=W#wp>?Lv+R&qFr-sWSIhQ;`qa{F>H4_^_tw-(TYr}g1$`S}FsgQQ zd9#_glU~52{DeO(V_hBOon3HYwH19B-DhRle%)ZBX-V14)Cslk@x4;-uyR;y)G;!; z-G@p2RGYQ) z5IPIYy3W?T?{5$iPm`m2(E0q@Rp;t(ZBkc<3Ae&BVlf+K%D#;U$*c!O0q4 z2a|a0g_y6R4^mv4Z#aWX!Q>ZSyMtk@ zR@9bO8*A3KM++_zPxbxLI`O<%+XTk;)YmBt@p$UiI_Is^=yL4$Yh33@dq;X8_2Z79 zdY7hZUNnBfTv}ee#_;p0z@A&8!}m`cwJEi!My<%hFi^Roy}p$8q%k66Yr?s&p1Ole zeKmI0TdvIUkp^#J05M+rz8Yk9>NS z9a(>T2}N}zHj-JNTblQyy)8#EAk}`^b>>&OMJ2m_po2gV`;Z zVSxY0EiTEy&7*ljv-RbCNOxL(khO%-VK7g7IYS9c2$pHYvg2&_$<|PNvtv}U%ie9O z?Uv36$V8T%*~z(QcB?K0i|wp;=2x}$;^ytTOOC>4E?V)x>x;+Ju4B-3d%RNz#}%Ee z1bq^PIp^hX7WbB9kVTy;;eaW2A``AzCvVVDz z9v={xA0GH=?B`E0^3O~*y;tEM=6U|F8umfK09iYV3Mj_FfKYuzEfB>6q}NFLQHnsa zjwBoPl@ALcGJpR;Z3*QT6pfId4c#36%o{XQ1yf)Q3QIdOTBB7{6^IT#(;7=DoL;b)G|>?CAFxk zJcE@XMpT_qszIIdDHo_CqL_z54rxTA6bCt=Vh3W-kgtleDAVE{)ML<~e!2plBBd`B zK2f8BVL%#{g@AVyhN7sEwhVjJhT% zmOoSnALRg1<4$w{P@qNi2)ZLf7Opzq^ALW2@8b)$p%-|Fo;RHb=IMMJDP!Nivr0s+MqhR^T z>Bc3PB}j!Gl9D9E2*ZG5fdDZaQB47m{t}pas24ucfC?_ih8e(^aXjIvU_9iYRShMu z02RPoAuiDQR1VNGYzfT@=nNS~dgk+!#Oq#$wqDA(qZn)4-P8R$L5q?#Ghb0r8R_!DBOt1#egQn1{&w-Sla)Is; zI%A}Lfx0yc(yyH*j6303)L$#t1eZ%R^@%+|l~@6~!+aLZ7#e}M$7*;M4gs1)`5g44 z4~9;~QyNIa0k`2n_|mF{g~ve>hzHqZG_30Fz@?*3{B#8fii`n5p(ysl&!GQ?r~&C! zZ3JS^aNT$Z<>XIJH|zv%ikxB$fkNOI>Vf}9?HQH^y;Ok%K9EF&Pb>4F!E7Np#Q93?Xg=wQWch-U)_Xd1lf9fLlPjpmJh3EKlWt zmI7#o#1K7Uy6EkY7z!JMc)=YG3yusT$mfzoWPv4<9s)M1`bgjckrW;nQG?9;z=PqQ zsxSAH2G9x20QJE|;7q;FD4{_IEr1gEDAFsaeE4H0=g~iq$ct9O`-lL+fdBu_`24D@e_+PvVfN(*p%Q&R8S`PEPpLc^^!apzOIMZg zaAN-Ua`5w28t)bQhmGInKK|by{UH-wZ=X*2m>K(V@<+z}6eE9Q1^%1x{Zku6^8fts z3&OEsC{3+urDCQY=-MPx7|n*FNlKGdjHY5@;03cV2#9co@aMoAs$zWqOv}U0?+Mob z%+SsAJo!ZnEfH7&vym?V@dCpm#vu#9n;%Atu=TMuVkMv{>AJ)DV!lhvj8KJ%Ha}n8H6Xq5wY?2 zx~$E3gOcE|_Dh!)Uv`2YtJFzN8(r4>hBnpGE)&na>UXt6%GZ>pdSi9#X!g)7jn}4V z+fY|dfMORa?5n^q2c+Luby(H1HJMLSZ#Ui8L#s5=G(>L;-)EwxZ(US;&h*A#JBGS` z?Q5Rx7Ck&H*px>5GI81IEo!AZf99;B)+Cv*>7EL9>1A;@=e9Pfc2Uc+KcSng;Yb?= ztV~;`qu~>|Xd#D=y>Ux>j8?@sy!OWvX0}QO6#5p7jV`NggjeTo3eI@y+wJUw$L}n@ zlKeBp)IUq|8^u>!e{0i%r$#usM=B}$4^%YJ)g;3wcF_QEnxmaux>J_*jU)|P;z^3KYkIEtx>Pjw z2c><{SzQi{^~9dnOD{EB?fHCu+Fr`z>N-Bp8+Udi)r0ZTZXYiyvP47ai>^9qCTVw#t^ow~AU3WfAN3J*~G)dKa47 zZnNbewQ_lJ+FaJbc->kbO)nW-dP0qtV+&uJ(PWnv*sf_VN5OZ>9awD$^!XEoDxlX4Bz2lgWiM9KIYL*+I1E^3!}U zx7D@0qK>Op|9n9*fZw?f4m&_w;l0XZA9$+di!HwSp|u~_^%`5!%Rxh4L}5=d%Z0<39L#`Trn9DLS$Df#uctF77>=*a ztudC`O{t(3-TwaAOz=$=(UD7!gYL9>YO1ZP)J*ANDJ^L2z;o9CUxaY!rITdPS!ER^Y!7k1vCG(33`uOO**`5^NJ08_;X@tecQA!6G57Vu0~xFUQ@^LN{0Q= zL9{g3c^0*YWq;i$D(XIb;q>0yJFCTRa`9NRpx}ASfO8H}OTNXUMyab_Yr&f~+O(Rj zRr4+_r^8AbtkfqR*0kc8bXYfPn5>3Xhxud3=Aorc zd0uFiPEo@!%<@%Gw%Ib&S)z^F-12-IjTW(4UvrJTUhD@xzVam!+41+LDn+`gf7B@b zDXbYI!hd3|)Innv59)J#S3(>uBW~C5_CnvwCcGJR&qW8{hm@9?&h{3^W~#1Dl{we? zQ#B}Qy4=VIcFzRiCJ6Qx)zYS$Oz3(8r%YRIGmKiv!$1S1QPoGai={Lk_b+5n2 z>4}=#__iJ0_gG8Yx8p@;MYoyGp|~K}{lr{JJqGRX0qq};+09V} zw?SIvWQYsjinSOFjHzl=tl237?lrL6 zV{Kt;c1ycq8p`Hne8U_L{M+l&Y^$`TYWhV?cD&K-Z!XmCO80o)$fT>B)q|;nZ>ovn z#BF23%Ltvz@isJ!!Mw4{tYmFXO`$$D-OVn%?$g_?*y$5Wolk3Jt#&`PZkr^a%OuD? z22{S!r^#;bo(w+Jv7W-PbhFY+B2xcJFjLDL=0DmN%|e3uPb~hdY6- z3fx3i>3X*2tMB(xPj7C91iM9+I&^K5FWm%#ePjwoZHY#LNf2WK;Q2bpg7Jw-8-kj3 z*iQ#p9w%dNi@AoumXr>-j?lZS7NsQ%eB)V(-t;dA#TZp{CRQ>rZO4i4=LyRrwH#Z3YM140|(tflj7duD%NnQ!YHv{bHa_=TfNO`>peN%rS?#bv1imEjC4nyqd`aL-0$&pNlE9Y) J{!=9IzX1J5DY*au diff --git a/lib/devsoc.c b/lib/devsoc.c index ab16cdb..2766eaa 100644 --- a/lib/devsoc.c +++ b/lib/devsoc.c @@ -1385,14 +1385,14 @@ if ((soc!=(SOCTYP *)0)&&(soc->modtls==false)) { char buffer[100]; peerip=soc_getaddrinfo(socptr,false,false); - (void) socpurge(soc,peerip); + (void) usleep(100000); //lets wait for 100 millisec tosend=snprintf(buffer,sizeof(buffer),"%d 2.0.0 Ready to start TLS%s", SIGNON,CRLF); (void) soc_writebuffer(soc,buffer,tosend); if ((soc->tls=tls_opentls(soc->handle,true))!=(TLSTYP *)0) { soc->proto=pro_smtps; soc->modtls=true; - (void) socpurge(soc,peerip); + //(void) socpurge(soc,peerip); ok=true; } peerip=rou_freestr(peerip); diff --git a/lib/lvleml.c b/lib/lvleml.c index a8f3f53..aad5583 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -202,7 +202,8 @@ while (proceed==true) { if (contact->tlsok==true) strstart++; for (int i=strstart;ehlostr[i]!=(char *)0;i++) { - (void) transmit(contact,"%d%s",CMDOK,ehlostr[i]); + (void) rou_alert(0,"%s, JMPDNG i='%d'",OPEP,i); + (void) transmit(contact,"%d%s JMPDBG",CMDOK,ehlostr[i]); } done=true; break; @@ -378,7 +379,8 @@ while (proceed==true) { switch (soc_starttls(contact->socptr)) { case true : //link now in TLS crypted mode contact->tlsok=true; - (void) signon(contact); + (void) transmit(contact,"%d Link now encrypted",CMDOK); + (void) rou_alert(0,"%s, CMDOK sent",OPEP); break; case false : //unable to establish link (void) transmit(contact,"%d 5.3.3 command starttls not successful", diff --git a/lib/modrec.c b/lib/modrec.c index 52cb467..19c765b 100644 --- a/lib/modrec.c +++ b/lib/modrec.c @@ -211,7 +211,7 @@ while (proceed==true) { switch (childs[i]) { case -1 : //trouble trouble to fork? childs[i]=(pid_t)0; - (void) sleep(1); //Weathering the storm + (void) sleep(1); //Weathering the storme break; case 0 : //Child process itself (void) free(childs); diff --git a/lib/subrou.c b/lib/subrou.c index 47e3e6c..e86e18c 100644 --- a/lib/subrou.c +++ b/lib/subrou.c @@ -21,7 +21,7 @@ //version definition #define VERSION "0.6" -#define RELEASE "45" +#define RELEASE "46" #define BRANCH "dvl" //Public variables diff --git a/lib/unitls.c b/lib/unitls.c index b45853f..cd97c3e 100644 --- a/lib/unitls.c +++ b/lib/unitls.c @@ -144,10 +144,14 @@ proceed=true; while (proceed==true) { switch (phase) { case 0 : //get remote certificate - if ((peer=SSL_get0_peer_certificate(tls->ssl))==(X509 *)0) { - (void) rou_alert(0,"%s, Unable to get certificate from remote [%s]", - OPEP,tls->peerip); - phase=999; + if ((peer=SSL_get_peer_certificate(tls->ssl))==(X509 *)0) { + char msg[200]; + + (void) snprintf(msg,sizeof(msg),"%s, Unable to get certificate " + "from remote [%s]", + OPEP,tls->peerip); + (void) showtlserror(tls,0,msg); + phase=999; //no need to go furter } break; case 1 : //displaying certificate @@ -220,11 +224,13 @@ static int set_server_certificate(TLSTYP *tls) { #define OPEP "unitls.c:set_link_certificate" int done; +int mode; const char *certpub[3]; int phase; _Bool proceed; done=false; +mode=SSL_VERIFY_NONE; certpub[0]="./certs/safe_CA.pem"; //default and debugging certificats //Default debugging server certificate certpub[1]="./certs/mailleur_server_cert_x509.pem"; @@ -271,7 +277,7 @@ while (proceed==true) { break; case 4 : //verify management (void) SSL_CTX_set_purpose(tls->ctx,X509_PURPOSE_ANY); - (void) SSL_CTX_set_verify(tls->ctx,SSL_VERIFY_PEER,(int(*)())0); + (void) SSL_CTX_set_verify(tls->ctx,mode,(int(*)())0); (void) SSL_CTX_set_verify_depth(tls->ctx,5); (void) SSL_CTX_set_options(tls->ctx,SSL_OP_ALL); if (SSL_CTX_set_cipher_list(tls->ctx,SSL_CIPHER_LIST)==0) { @@ -398,6 +404,7 @@ if (server==true) phase=0; proceed=true; while (proceed==true) { + (void) rou_alert(0,"%s JMPDBG phase='%d', serveur='%d'",OPEP,phase,server); switch (phase) { case 0 : //prepare the structure first; tls=(TLSTYP *)calloc(1,sizeof(TLSTYP)); @@ -580,12 +587,16 @@ if (tls!=(TLSTYP *)0) { status=0; got=SSL_read(tls->ssl,buffer,maxread); + (void) rou_alert(0,"%S JMPDBG got='%d'",OPEP,got); switch (got) { case -1 : //trouble to write - switch (status=SSL_get_error(tls->ssl,-1)) { + status=SSL_get_error(tls->ssl,-1); + (void) rou_alert(0,"%S JMPDBG status='%d'",OPEP,status); + switch (status) { case SSL_ERROR_WANT_READ : //"wanted" error case SSL_ERROR_WANT_WRITE : // (void) usleep(1000); + (void) rou_alert(0,"%S JMPDBG usleep",OPEP); break; default : (void) showtlserror(tls,-1,"%s Premature EOF with crypted link",OPEP); -- 2.47.3