From 72c8d697cec4882639d8fcf177cbfb306ce054e5 Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Sun, 8 Jun 2025 16:40:07 -0400 Subject: [PATCH] Improving certifcate handling --- Makefile | 6 ++---- conf/mailleur.conf.dvl | 3 ++- lib/devsoc.c | 4 ++++ lib/gestcp.c | 8 ++++++++ lib/lvleml.c | 4 +++- lib/subrou.c | 11 +++++++++++ lib/unitls.c | 13 ++++++++----- 7 files changed, 38 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index eac29f6..930e199 100644 --- a/Makefile +++ b/Makefile @@ -139,7 +139,7 @@ onefeed : debug @ rm -fr $(TESTDIR)/var/spool/$(APPNAME)/queue/* @ bin/feeder \ -f \ - -d 9 \ + -d 2 \ -c ./conf/$(APPNAME).conf.dvl \ $(TESTIP) \ $(TESTPORT) \ @@ -220,9 +220,6 @@ xxx : @ openssl s_client \ -crlf \ --showcerts \ - -status \ - -msg \ - -debug \ -key certs/localhost-key.pem \ -cert certs/localhost-cert.pem \ -CAfile certs/root-safe_CA.pem \ @@ -315,6 +312,7 @@ prepare : clean debug newtest #to kill all remaining emlrcvr process killall : @ - kill -HUP emlrcvr + @ - kill -9 sender @ - kill -9 sorter #-------------------------------------------------------------------- diff --git a/conf/mailleur.conf.dvl b/conf/mailleur.conf.dvl index a58cd9f..7a9c9ff 100644 --- a/conf/mailleur.conf.dvl +++ b/conf/mailleur.conf.dvl @@ -5,12 +5,13 @@ CA_ROOT_SRV = "./certs/root-safe_CA.pem" CA_CERT_SRV = "./certs/mailleur_server-chain-cert_x509.pem" CA_KEY_SRV = "./certs/mailleur_server-key.pem" -CA_VERIFY = 1 #to check PEER certificat +CA_VERIFY_SRV = 1 #to check PEER/client remote certificate #------------------------------------------------ #Defining CLIENT mode Certificate data CA_ROOT_CLT = "./certs/root-safe_CA.pem" CA_CERT_CLT = "./certs/localhost-chain-cert.pem" CA_KEY_CLT = "./certs/localhost-key.pem" +CA_VERIFY_CLT = 0 #to check PEER/server remote certificate #------------------------------------------------ #Configured for Postgresql database DB_TYPE = POSTGRES diff --git a/lib/devsoc.c b/lib/devsoc.c index a3e0772..6fb79ec 100644 --- a/lib/devsoc.c +++ b/lib/devsoc.c @@ -1004,17 +1004,21 @@ if ((soc!=(SOCTYP *)0)&&(isconnected(soc)==true)) { } switch (status) { case -1 : //polling error + (void) rou_alert(0,"%s Polling error (error=<%s>)",OPEP,strerror(errno)); break; case 0 : //polling timeout + (void) rou_alert(0,"%s Polling timeout (error=<%s>)",OPEP,strerror(errno)); break; case 1 : //polling early return (data or event) //checking if link still available + //(void) rou_alert(0,"%s Polling early (error=<%s>)",OPEP,strerror(errno)); if (tls_write(soc->tls,(char *)0,0)<0) { (void) rou_alert(0,"%s, TLS link disconnect detected",OPEP); status=0; } break; default : + (void) rou_alert(0,"%s Polling default (error=<%s>)",OPEP,strerror(errno)); break; } } diff --git a/lib/gestcp.c b/lib/gestcp.c index 3d12d02..0c47474 100644 --- a/lib/gestcp.c +++ b/lib/gestcp.c @@ -125,19 +125,25 @@ return sent; PUBLIC int tcp_get_smtp_reply(RMTTYP *rmt,int wait) { +#define OPEP "gestcp.c:cp_get_smtp_reply," + int code; int maxlines; code=ERRPROC; maxlines=20; //maximun number of line error +if (debug>0) + wait/=10; //debug mode not waiting form long while (maxlines>0) { char *line; int sofar; line=(char *)0; + (void) rou_alert(0,"%s JMPDBG waiting for answer",OPEP); if (tcp_getline(rmt->socptr,wait,&line)<0) { char cmt[100]; + (void) rou_alert(0,"%s JMPDBG timeout",OPEP); (void) snprintf(cmt,sizeof(cmt),"%d Timeout waiting '%d' sec for MX <%s>", ERRPROC,wait,rmt->curmx->mxname); line=strdup(cmt); @@ -153,6 +159,8 @@ while (maxlines>0) { maxlines--; } return code; + +#undef OPEP } /* ^L diff --git a/lib/lvleml.c b/lib/lvleml.c index 7a9e59e..8bbcd02 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -717,10 +717,12 @@ while (proceed==true) { rspcode=tcp_smtp_command(rmt,"STARTTLS",rmt->orgdomain); switch (rspcode) { case SIGNON : //link is now encrypted - debug=9; + int bigre; (void) usleep(100000); done=soc_starttls(rmt->socptr,false); (void) rou_alert(0,"%s JMPDBG should start tls done='%d'",OPEP,done); + bigre=tcp_get_smtp_reply(rmt,WAITRMT); + (void) rou_alert(0,"%s JMPDBG tls done='%d'",OPEP,bigre); break; default : //Trouble (void) rou_alert(0,"%s Unable to establish crypted link with <%s>", diff --git a/lib/subrou.c b/lib/subrou.c index 6ffc88c..d33cde7 100644 --- a/lib/subrou.c +++ b/lib/subrou.c @@ -644,6 +644,17 @@ while (proceed==true) { *ptr='\000'; if ((ptr=strrchr(line,'\n'))!=(char *)0) *ptr='\000'; + //cleaning the end of line + if (strlen(line)>0) { + ptr=line+strlen(line)-1; + while (*ptr!='\000') { + if ((*ptr!=' ')&&(*ptr!='\t')) + break; + *ptr='\000'; + ptr--; + } + } + //check remaining clean line if (strlen(line)==0) phase=0; //next line break; diff --git a/lib/unitls.c b/lib/unitls.c index f22e89c..244e1fb 100644 --- a/lib/unitls.c +++ b/lib/unitls.c @@ -160,8 +160,7 @@ static int set_crypting(TLSTYP *tls,_Bool server) { #define OPEP "unitls.c:set_crypting" -static const char *cenv[]={"CA_KEY","CA_CERT","CA_ROOT"}; -static const char *envver="CA_VERIFY"; +static const char *cenv[]={"CA_KEY","CA_CERT","CA_ROOT","CA_VERIFY"}; int done; const char *certs[sizeof(cenv)/sizeof(char *)]; @@ -197,8 +196,10 @@ while (proceed==true) { phase=999; //missing certificate info. } } - if (getenv(envver)!=(char *)0) { //env value can be missing - if (atoi(getenv(envver))!=0) { + //Set the verify mode + if (certs[3]!=(char *)0) { //env value can be missing + if (atoi(certs[3])==1) { + (void) rou_alert(0,"%s JMPDBG verifiyng certificate",OPEP); mode=SSL_VERIFY_PEER; //to make sure peer certificate is OK } } @@ -820,13 +821,15 @@ while (proceed==true) { } break; case 2 : //lets wait for char + (void) rou_alert(0,"%s JMPDBG waiting %d millisec",OPEP,millisec); status=poll(polling,1,millisec); switch (status) { case -1 : //Polling error - (void) rou_alert(0,"%s Polling error (error=<%s>",OPEP,strerror(errno)); + (void) rou_alert(0,"%s Polling error (error=<%s>)",OPEP,strerror(errno)); break; case 0 : //polling time out //nothing to do + (void) rou_alert(0,"%s Polling timeout (error=<%s>)",OPEP,strerror(errno)); break; case 1 : //char is available. //nothing to do -- 2.47.3