diff options
| author | Eric Faurot <eric@cvs.openbsd.org> | 2016-11-18 09:35:28 +0000 |
|---|---|---|
| committer | Eric Faurot <eric@cvs.openbsd.org> | 2016-11-18 09:35:28 +0000 |
| commit | 87b9fba1babff70e32a4294f9eaef8cdccaf209d (patch) | |
| tree | ce46573f708d4fff947c35818ccb5098a60429c3 | |
| parent | 0ae660dcbaff7b8a9bd7b2202bf2e9d1048a0bd5 (diff) | |
fix regression introduced in previous commit
spotted by Heiko Zimmermann
ok gilles@
| -rw-r--r-- | usr.sbin/smtpd/mta_session.c | 46 | ||||
| -rw-r--r-- | usr.sbin/smtpd/smtp_session.c | 53 |
2 files changed, 58 insertions, 41 deletions
diff --git a/usr.sbin/smtpd/mta_session.c b/usr.sbin/smtpd/mta_session.c index 73eaea09a28..c782fd85a3a 100644 --- a/usr.sbin/smtpd/mta_session.c +++ b/usr.sbin/smtpd/mta_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mta_session.c,v 1.85 2016/11/17 07:33:06 eric Exp $ */ +/* $OpenBSD: mta_session.c,v 1.86 2016/11/18 09:35:27 eric Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -149,6 +149,7 @@ static void mta_response(struct mta_session *, char *); static const char * mta_strstate(int); static void mta_start_tls(struct mta_session *); static int mta_verify_certificate(struct mta_session *); +static void mta_tls_verified(struct mta_session *); static struct mta_session *mta_tree_pop(struct tree *, uint64_t); static const char * dsn_strret(enum dsn_ret); static const char * dsn_strnotify(uint8_t); @@ -259,7 +260,6 @@ mta_session_imsg(struct mproc *p, struct imsg *imsg) const char *name; void *ssl; int dnserror, status; - X509 *x; switch (imsg->hdr.type) { @@ -364,22 +364,7 @@ mta_session_imsg(struct mproc *p, struct imsg *imsg) return; } - x = SSL_get_peer_certificate(s->io.ssl); - if (x) { - log_info("smtp-out: Server certificate verification %s " - "on session %016"PRIx64, - (s->flags & MTA_VERIFIED) ? "succeeded" : "failed", - s->id); - X509_free(x); - } - - if (s->use_smtps) { - mta_enter_state(s, MTA_BANNER); - io_set_read(&s->io); - } - else - mta_enter_state(s, MTA_EHLO); - + mta_tls_verified(s); io_resume(&s->io, IO_PAUSE_IN); io_reload(&s->io); return; @@ -1186,6 +1171,9 @@ mta_io(struct io *io, int evt, void *arg) break; } + mta_tls_verified(s); + break; + case IO_DATAIN: nextline: line = iobuf_getline(&s->iobuf, &len); @@ -1671,6 +1659,28 @@ mta_verify_certificate(struct mta_session *s) return res; } +static void +mta_tls_verified(struct mta_session *s) +{ + X509 *x; + + x = SSL_get_peer_certificate(s->io.ssl); + if (x) { + log_info("smtp-out: Server certificate verification %s " + "on session %016"PRIx64, + (s->flags & MTA_VERIFIED) ? "succeeded" : "failed", + s->id); + X509_free(x); + } + + if (s->use_smtps) { + mta_enter_state(s, MTA_BANNER); + io_set_read(&s->io); + } + else + mta_enter_state(s, MTA_EHLO); +} + static const char * dsn_strret(enum dsn_ret ret) { diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c index e41bb0d82a9..29eca83b829 100644 --- a/usr.sbin/smtpd/smtp_session.c +++ b/usr.sbin/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.291 2016/11/17 07:33:06 eric Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.292 2016/11/18 09:35:27 eric Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -167,6 +167,7 @@ static void smtp_session_init(void); static int smtp_lookup_servername(struct smtp_session *); static void smtp_connected(struct smtp_session *); static void smtp_send_banner(struct smtp_session *); +static void smtp_tls_verified(struct smtp_session *); static void smtp_io(struct io *, int, void *); static void smtp_data_io(struct io *, int, void *); static void smtp_data_io_done(struct smtp_session *); @@ -698,7 +699,6 @@ smtp_session_imsg(struct mproc *p, struct imsg *imsg) uint32_t msgid; int status, success, dnserror; void *ssl_ctx; - X509 *x; switch (imsg->hdr.type) { case IMSG_SMTP_DNS_PTR: @@ -994,26 +994,7 @@ smtp_session_imsg(struct mproc *p, struct imsg *imsg) smtp_free(s, "SSL certificate check failed"); return; } - - x = SSL_get_peer_certificate(s->io.ssl); - if (x) { - log_info("%016"PRIx64" smtp " - "event=client-cert-check address=%s host=%s result=\"%s\"", - s->id, ss_to_text(&s->ss), s->hostname, - (s->flags & SF_VERIFIED) ? "success" : "failure"); - X509_free(x); - } - - if (s->listener->flags & F_SMTPS) { - stat_increment("smtp.smtps", 1); - io_set_write(&s->io); - smtp_send_banner(s); - } - else { - stat_increment("smtp.tls", 1); - smtp_enter_state(s, STATE_HELO); - } - + smtp_tls_verified(s); io_resume(&s->io, IO_PAUSE_IN); return; } @@ -1023,6 +1004,31 @@ smtp_session_imsg(struct mproc *p, struct imsg *imsg) fatalx(NULL); } +static void +smtp_tls_verified(struct smtp_session *s) +{ + X509 *x; + + x = SSL_get_peer_certificate(s->io.ssl); + if (x) { + log_info("%016"PRIx64" smtp " + "event=client-cert-check address=%s host=%s result=\"%s\"", + s->id, ss_to_text(&s->ss), s->hostname, + (s->flags & SF_VERIFIED) ? "success" : "failure"); + X509_free(x); + } + + if (s->listener->flags & F_SMTPS) { + stat_increment("smtp.smtps", 1); + io_set_write(&s->io); + smtp_send_banner(s); + } + else { + stat_increment("smtp.tls", 1); + smtp_enter_state(s, STATE_HELO); + } +} + void smtp_filter_response(uint64_t id, int query, int status, uint32_t code, const char *line) @@ -1284,7 +1290,8 @@ smtp_io(struct io *io, int evt, void *arg) return; } - /* No verification required, cascade */ + smtp_tls_verified(s); + break; case IO_DATAIN: nextline: |