From 1ff005d4ff03465db585be1cf4a5709bce40d15b Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Sun, 8 Jun 2025 10:15:05 -0400 Subject: [PATCH] Working out certificate trouble --- Makefile | 22 +++++++++++++--------- data-feed/dbgfeed.tst | 17 +++++++++++++++++ lib/gestcp.c | 2 +- lib/lvleml.c | 37 ++++++++++++++++++++++++++++--------- lib/unipar.c | 1 + lib/unitls.c | 6 +++++- 6 files changed, 65 insertions(+), 20 deletions(-) create mode 100644 data-feed/dbgfeed.tst diff --git a/Makefile b/Makefile index e0d6414..f1200f4 100644 --- a/Makefile +++ b/Makefile @@ -139,7 +139,7 @@ onefeed : debug @ rm -fr $(TESTDIR)/var/spool/$(APPNAME)/queue/* @ bin/feeder \ -f \ - -d2 \ + -d 9 \ -c ./conf/feeder.conf.dvl \ $(TESTIP) \ $(TESTPORT) \ @@ -172,11 +172,11 @@ dbgfeed : debug --args \ bin/feeder \ -f \ - -d2 \ + -d 9 \ -c ./conf/feeder.conf.dvl \ $(TESTIP) \ $(TESTPORT) \ - $./(DATATST)/xxfeed.tst + $(DATATST)/dbgfeed.tst valfeed : debug #valgring of emlrcvr @ echo "feed valgrind test" @@ -189,7 +189,7 @@ valfeed : debug #valgring of emlrcvr -c ./conf/feeder.conf.dvl \ $(TESTIP) \ $(TESTPORT) \ - ./$(DATATST)/xxfeed.tst + ./$(DATATST)/feed.tst # --track-fds=yes \ @@ -220,14 +220,18 @@ xxx : @ openssl s_client \ -crlf \ --showcerts \ - -key certs/localhost_key.pem \ - -cert certs/localhost_cert.pem \ - -CAfile certs/safe_CA.pem \ + -status \ + -msg \ + -debug \ + -key certs/localhost-key.pem \ + -cert certs/localhost-cert.pem \ + -CAfile certs/root-safe_CA.pem \ -starttls smtp \ - -connect $(TESTSRV):1025 + -connect smtp1.example.com:25 # -showcerts # -tls1_2 +# -connect smtp1.example.com:587 # -connect mailprod1.safe.ca:25 # -connect $(TESTSRV):$(TESTPORT) # -connect smtp.google.com:25 @@ -258,7 +262,7 @@ dorcvr : @ bin/emlrcvr \ $(EMLPAR)$(TESTITER) -emlrcvr : #starting email receiver +emlrcvr : clean debug newtest #starting email receiver @ echo @ echo "--------------" @ echo "starting $@" diff --git a/data-feed/dbgfeed.tst b/data-feed/dbgfeed.tst new file mode 100644 index 0000000..efe12e1 --- /dev/null +++ b/data-feed/dbgfeed.tst @@ -0,0 +1,17 @@ +#==================================================== +#starting test +T:debug test function +R:220 mailleur.example.com ESMTP (cleartext) ... +S:HELO example.com +R:250 mailleur.example.com link (cleartext) ready... +C:GOTLS +R:250 Link now encryp... +S:EHLO example.com +R:250-mailleur.example.com link (crypted) ready, your IP/FQDN... +R:250-SIZE 52428800 +R:250-8BITMIME +R:250-ENHANCEDSTATUSCODES +R:250-AUTH PLAIN LOGIN +R:250 HELP +S:QUIT +R:221 2.0.0 Bye, closing connection... diff --git a/lib/gestcp.c b/lib/gestcp.c index 3bdce19..3d12d02 100644 --- a/lib/gestcp.c +++ b/lib/gestcp.c @@ -142,7 +142,7 @@ while (maxlines>0) { ERRPROC,wait,rmt->curmx->mxname); line=strdup(cmt); } - (void) log_fprintlog(rmt->logptr,false,line); + (void) log_fprintlog(rmt->logptr,true,line); if (sscanf(line,"%d%n",&code,&sofar)==1) { if (line[sofar]==' ') maxlines=0; //found remote status diff --git a/lib/lvleml.c b/lib/lvleml.c index a9362fb..6340a99 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -166,14 +166,18 @@ if (contact!=(CONTYP *)0) { /* is a correct one */ /* */ /********************************************************/ -static void linkready(CONTYP *contact) +static void linkready(CONTYP *contact,_Bool suite) { const char *mode; +char sepa; +sepa=' '; +if (suite==true) + sepa='-'; mode=soc_getstrmode(contact->socptr); -(void) transmit(contact,"%d-%s, link (%s) ready, your IP/FQDN=[%s/%s]", - CMDOK,contact->locname,mode, +(void) transmit(contact,"%d%c%s link (%s) ready, your IP/FQDN=[%s/%s]", + CMDOK,sepa,contact->locname,mode, contact->peerip,contact->peername); } /* @@ -437,7 +441,7 @@ _Bool done; if ((done=isgoodfqdn(contact,parameter))==false) (void) transmit(contact,"%d 5.5.4 %s.",BADPAR,DETAIL); else - (void) linkready(contact); + (void) linkready(contact,false); return done; #undef DETAIL #undef OPEP @@ -485,7 +489,7 @@ while (proceed==true) { } break; case 1 : //thereis an FQDN - (void) linkready(contact); + (void) linkready(contact,true); (void) transmit(contact,"%d-SIZE %ld",CMDOK,MXMSIZE); if (soc_iscrypted(contact->socptr)==true) strstart++; @@ -700,16 +704,31 @@ while (proceed==true) { rspcode=tcp_smtp_command(rmt,"EHLO %s",rmt->orgdomain); switch (rspcode) { case CMDOK : //So fare, so good - done=true; - phase=999; break; default : //Trouble - (void) rou_alert(0,"%s, EHLO Remote <%s> unexpected answer code '%d'", + (void) rou_alert(0,"%s EHLO Remote <%s> unexpected answer code '%d'", OPEP,rmt->curmx,rspcode); + phase++; //No STARTTLS available + break; + } + break; + case 1 : //Stating starttls + phase=999; //No need to go futher + rspcode=tcp_smtp_command(rmt,"STARTTLS",rmt->orgdomain); + switch (rspcode) { + case SIGNON : //link is now encrypted + debug=9; + (void) usleep(100000); + done=soc_starttls(rmt->socptr,false); + (void) rou_alert(0,"%s JMPDBG should start tls done='%d'",OPEP,done); + break; + default : //Trouble + (void) rou_alert(0,"%s Unable to establish crypted link with <%s>", + OPEP,rmt->curmx); break; } break; - case 1 : //Sending HELO + case 2 : //Sending HELO rspcode=tcp_smtp_command(rmt,"HELO %s",rmt->orgdomain); switch (rspcode) { case CMDOK : //So fare, so good diff --git a/lib/unipar.c b/lib/unipar.c index 1a609fb..4658400 100644 --- a/lib/unipar.c +++ b/lib/unipar.c @@ -151,6 +151,7 @@ while (((c=getopt(argc,argv,optstring))!=EOF)&&(params!=(ARGTYP *)0)) { case 'c' : //config file (void) memset(config,'\000',sizeof(config)); (void) strncpy(config,optarg,sizeof(config)-1); + break; case 'd' : //debug level debug=atoi(optarg); (void) rou_alert(1,"debug level is now '%d'",debug); diff --git a/lib/unitls.c b/lib/unitls.c index a2992df..759d6b1 100644 --- a/lib/unitls.c +++ b/lib/unitls.c @@ -178,6 +178,7 @@ mode=SSL_VERIFY_NONE; phase=0; proceed=true; while (proceed==true) { + (void) rou_alert(7,"%s phase='%d'",OPEP,phase); switch (phase) { case 0 : //loading certificate names for (int i=0;i<(sizeof(cenv)/sizeof(char *));i++) { @@ -204,6 +205,7 @@ while (proceed==true) { } break; case 2 : //first load certificate key + (void) rou_alert(7,"%s key file=<%s>",OPEP,certs[0]); if (SSL_CTX_use_PrivateKey_file(tls->ctx,certs[0],SSL_FILETYPE_PEM)!=1) { char msg[200]; @@ -214,6 +216,7 @@ while (proceed==true) { } break; case 3 : //load certificate + chain file + (void) rou_alert(7,"%s chain file=<%s>",OPEP,certs[1]); if (SSL_CTX_use_certificate_chain_file(tls->ctx,certs[1])!=1) { char msg[200]; @@ -224,6 +227,7 @@ while (proceed==true) { } break; case 4 : //loading root certificate + (void) rou_alert(7,"%s root certificate=<%s>",OPEP,certs[2]); if (SSL_CTX_load_verify_locations(tls->ctx,certs[2],(const char *)0)!=1) { char msg[200]; @@ -545,7 +549,7 @@ tls=(TLSTYP *)0; phase=0; proceed=true; while (proceed==true) { - //(void) rou_alert(0,"%s JMPDBG phase='%d', serveur='%d'",OPEP,phase,server); + (void) rou_alert(6,"%s phase='%d', serveur='%d'",OPEP,phase,server); switch (phase) { case 0 : //prepare the structure first; tls=(TLSTYP *)calloc(1,sizeof(TLSTYP)); -- 2.47.3