diff options
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/smtpd/iobuf.c | 32 | ||||
-rw-r--r-- | usr.sbin/smtpd/iobuf.h | 10 | ||||
-rw-r--r-- | usr.sbin/smtpd/ioev.c | 168 | ||||
-rw-r--r-- | usr.sbin/smtpd/ioev.h | 4 | ||||
-rw-r--r-- | usr.sbin/smtpd/mta_session.c | 8 | ||||
-rw-r--r-- | usr.sbin/smtpd/smtp/Makefile | 4 | ||||
-rw-r--r-- | usr.sbin/smtpd/smtp_client.c | 4 | ||||
-rw-r--r-- | usr.sbin/smtpd/smtp_session.c | 18 | ||||
-rw-r--r-- | usr.sbin/smtpd/smtpd/Makefile | 4 |
9 files changed, 126 insertions, 126 deletions
diff --git a/usr.sbin/smtpd/iobuf.c b/usr.sbin/smtpd/iobuf.c index 27c404a0b7a..a72243587a1 100644 --- a/usr.sbin/smtpd/iobuf.c +++ b/usr.sbin/smtpd/iobuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: iobuf.c,v 1.10 2017/03/17 20:56:04 eric Exp $ */ +/* $OpenBSD: iobuf.c,v 1.11 2019/06/12 17:42:53 eric Exp $ */ /* * Copyright (c) 2012 Eric Faurot <eric@openbsd.org> * @@ -26,7 +26,7 @@ #include <string.h> #include <unistd.h> -#ifdef IO_SSL +#ifdef IO_TLS #include <openssl/err.h> #include <openssl/ssl.h> #endif @@ -386,31 +386,31 @@ iobuf_flush(struct iobuf *io, int fd) return (0); } -#ifdef IO_SSL +#ifdef IO_TLS int -iobuf_flush_ssl(struct iobuf *io, void *ssl) +iobuf_flush_tls(struct iobuf *io, void *tls) { ssize_t s; while (io->queued) - if ((s = iobuf_write_ssl(io, ssl)) < 0) + if ((s = iobuf_write_tls(io, tls)) < 0) return (s); return (0); } ssize_t -iobuf_write_ssl(struct iobuf *io, void *ssl) +iobuf_write_tls(struct iobuf *io, void *tls) { struct ioqbuf *q; int r; ssize_t n; q = io->outq; - n = SSL_write(ssl, q->buf + q->rpos, q->wpos - q->rpos); + n = SSL_write(tls, q->buf + q->rpos, q->wpos - q->rpos); if (n <= 0) { - switch ((r = SSL_get_error(ssl, n))) { + switch ((r = SSL_get_error(tls, n))) { case SSL_ERROR_WANT_READ: return (IOBUF_WANT_READ); case SSL_ERROR_WANT_WRITE: @@ -419,12 +419,12 @@ iobuf_write_ssl(struct iobuf *io, void *ssl) return (IOBUF_CLOSED); case SSL_ERROR_SYSCALL: if (ERR_peek_last_error()) - return (IOBUF_SSLERROR); + return (IOBUF_TLSERROR); if (r == 0) errno = EPIPE; return (IOBUF_ERROR); default: - return (IOBUF_SSLERROR); + return (IOBUF_TLSERROR); } } iobuf_drain(io, n); @@ -433,26 +433,26 @@ iobuf_write_ssl(struct iobuf *io, void *ssl) } ssize_t -iobuf_read_ssl(struct iobuf *io, void *ssl) +iobuf_read_tls(struct iobuf *io, void *tls) { ssize_t n; int r; - n = SSL_read(ssl, io->buf + io->wpos, iobuf_left(io)); + n = SSL_read(tls, io->buf + io->wpos, iobuf_left(io)); if (n < 0) { - switch ((r = SSL_get_error(ssl, n))) { + switch ((r = SSL_get_error(tls, n))) { case SSL_ERROR_WANT_READ: return (IOBUF_WANT_READ); case SSL_ERROR_WANT_WRITE: return (IOBUF_WANT_WRITE); case SSL_ERROR_SYSCALL: if (ERR_peek_last_error()) - return (IOBUF_SSLERROR); + return (IOBUF_TLSERROR); if (r == 0) errno = EPIPE; return (IOBUF_ERROR); default: - return (IOBUF_SSLERROR); + return (IOBUF_TLSERROR); } } else if (n == 0) return (IOBUF_CLOSED); @@ -462,4 +462,4 @@ iobuf_read_ssl(struct iobuf *io, void *ssl) return (n); } -#endif /* IO_SSL */ +#endif /* IO_TLS */ diff --git a/usr.sbin/smtpd/iobuf.h b/usr.sbin/smtpd/iobuf.h index e1f2745427a..c454d0a1407 100644 --- a/usr.sbin/smtpd/iobuf.h +++ b/usr.sbin/smtpd/iobuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iobuf.h,v 1.4 2015/01/20 17:37:54 deraadt Exp $ */ +/* $OpenBSD: iobuf.h,v 1.5 2019/06/12 17:42:53 eric Exp $ */ /* * Copyright (c) 2012 Eric Faurot <eric@openbsd.org> * @@ -39,7 +39,7 @@ struct iobuf { #define IOBUF_WANT_WRITE -2 #define IOBUF_CLOSED -3 #define IOBUF_ERROR -4 -#define IOBUF_SSLERROR -5 +#define IOBUF_TLSERROR -5 int iobuf_init(struct iobuf *, size_t, size_t); void iobuf_clear(struct iobuf *); @@ -53,7 +53,7 @@ size_t iobuf_left(struct iobuf *); char *iobuf_data(struct iobuf *); char *iobuf_getline(struct iobuf *, size_t *); ssize_t iobuf_read(struct iobuf *, int); -ssize_t iobuf_read_ssl(struct iobuf *, void *); +ssize_t iobuf_read_tls(struct iobuf *, void *); size_t iobuf_queued(struct iobuf *); void* iobuf_reserve(struct iobuf *, size_t); @@ -62,6 +62,6 @@ int iobuf_queuev(struct iobuf *, const struct iovec *, int); int iobuf_fqueue(struct iobuf *, const char *, ...); int iobuf_vfqueue(struct iobuf *, const char *, va_list); int iobuf_flush(struct iobuf *, int); -int iobuf_flush_ssl(struct iobuf *, void *); +int iobuf_flush_tls(struct iobuf *, void *); ssize_t iobuf_write(struct iobuf *, int); -ssize_t iobuf_write_ssl(struct iobuf *, void *); +ssize_t iobuf_write_tls(struct iobuf *, void *); diff --git a/usr.sbin/smtpd/ioev.c b/usr.sbin/smtpd/ioev.c index 44690766388..d36210fd7dd 100644 --- a/usr.sbin/smtpd/ioev.c +++ b/usr.sbin/smtpd/ioev.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ioev.c,v 1.41 2017/05/17 14:00:06 deraadt Exp $ */ +/* $OpenBSD: ioev.c,v 1.42 2019/06/12 17:42:53 eric Exp $ */ /* * Copyright (c) 2012 Eric Faurot <eric@openbsd.org> * @@ -32,7 +32,7 @@ #include "ioev.h" #include "iobuf.h" -#ifdef IO_SSL +#ifdef IO_TLS #include <openssl/err.h> #include <openssl/ssl.h> #endif @@ -40,8 +40,8 @@ enum { IO_STATE_NONE, IO_STATE_CONNECT, - IO_STATE_CONNECT_SSL, - IO_STATE_ACCEPT_SSL, + IO_STATE_CONNECT_TLS, + IO_STATE_ACCEPT_TLS, IO_STATE_UP, IO_STATE_MAX, @@ -65,7 +65,7 @@ struct io { int flags; int state; struct event ev; - void *ssl; + void *tls; const char *error; /* only valid immediately on callback */ }; @@ -84,15 +84,15 @@ void io_reset(struct io *, short, void (*)(int, short, void*)); void io_frame_enter(const char *, struct io *, int); void io_frame_leave(struct io *); -#ifdef IO_SSL +#ifdef IO_TLS void ssl_error(const char *); /* XXX external */ -static const char* io_ssl_error(void); -void io_dispatch_accept_ssl(int, short, void *); -void io_dispatch_connect_ssl(int, short, void *); -void io_dispatch_read_ssl(int, short, void *); -void io_dispatch_write_ssl(int, short, void *); -void io_reload_ssl(struct io *io); +static const char* io_tls_error(void); +void io_dispatch_accept_tls(int, short, void *); +void io_dispatch_connect_tls(int, short, void *); +void io_dispatch_read_tls(int, short, void *); +void io_dispatch_write_tls(int, short, void *); +void io_reload_tls(struct io *io); #endif static struct io *current = NULL; @@ -109,12 +109,12 @@ io_strio(struct io *io) char ssl[128]; ssl[0] = '\0'; -#ifdef IO_SSL - if (io->ssl) { - (void)snprintf(ssl, sizeof ssl, " ssl=%s:%s:%d", - SSL_get_version(io->ssl), - SSL_get_cipher_name(io->ssl), - SSL_get_cipher_bits(io->ssl, NULL)); +#ifdef IO_TLS + if (io->tls) { + (void)snprintf(ssl, sizeof ssl, " tls=%s:%s:%d", + SSL_get_version(io->tls), + SSL_get_cipher_name(io->tls), + SSL_get_cipher_bits(io->tls, NULL)); } #endif @@ -271,9 +271,9 @@ io_free(struct io *io) if (io == current) current = NULL; -#ifdef IO_SSL - SSL_free(io->ssl); - io->ssl = NULL; +#ifdef IO_TLS + SSL_free(io->tls); + io->tls = NULL; #endif if (event_initialized(&io->ev)) @@ -398,9 +398,9 @@ io_error(struct io *io) } void * -io_ssl(struct io *io) +io_tls(struct io *io) { - return io->ssl; + return io->tls; } int @@ -531,9 +531,9 @@ io_reload(struct io *io) iobuf_normalize(&io->iobuf); -#ifdef IO_SSL - if (io->ssl) { - io_reload_ssl(io); +#ifdef IO_TLS + if (io->tls) { + io_reload_tls(io); return; } #endif @@ -806,10 +806,10 @@ io_dispatch_connect(int fd, short ev, void *humppa) io_frame_leave(io); } -#ifdef IO_SSL +#ifdef IO_TLS static const char* -io_ssl_error(void) +io_tls_error(void) { static char buf[128]; unsigned long e; @@ -820,11 +820,11 @@ io_ssl_error(void) return (buf); } - return ("No SSL error"); + return ("No TLS error"); } int -io_start_tls(struct io *io, void *ssl) +io_start_tls(struct io *io, void *tls) { int mode; @@ -832,57 +832,57 @@ io_start_tls(struct io *io, void *ssl) if (mode == 0 || mode == IO_RW) errx(1, "io_start_tls(): full-duplex or unset"); - if (io->ssl) - errx(1, "io_start_tls(): SSL already started"); - io->ssl = ssl; + if (io->tls) + errx(1, "io_start_tls(): TLS already started"); + io->tls = tls; - if (SSL_set_fd(io->ssl, io->sock) == 0) { - ssl_error("io_start_ssl:SSL_set_fd"); + if (SSL_set_fd(io->tls, io->sock) == 0) { + ssl_error("io_start_tls:SSL_set_fd"); return (-1); } if (mode == IO_WRITE) { - io->state = IO_STATE_CONNECT_SSL; - SSL_set_connect_state(io->ssl); - io_reset(io, EV_WRITE, io_dispatch_connect_ssl); + io->state = IO_STATE_CONNECT_TLS; + SSL_set_connect_state(io->tls); + io_reset(io, EV_WRITE, io_dispatch_connect_tls); } else { - io->state = IO_STATE_ACCEPT_SSL; - SSL_set_accept_state(io->ssl); - io_reset(io, EV_READ, io_dispatch_accept_ssl); + io->state = IO_STATE_ACCEPT_TLS; + SSL_set_accept_state(io->tls); + io_reset(io, EV_READ, io_dispatch_accept_tls); } return (0); } void -io_dispatch_accept_ssl(int fd, short event, void *humppa) +io_dispatch_accept_tls(int fd, short event, void *humppa) { struct io *io = humppa; int e, ret; - io_frame_enter("io_dispatch_accept_ssl", io, event); + io_frame_enter("io_dispatch_accept_tls", io, event); if (event == EV_TIMEOUT) { io_callback(io, IO_TIMEOUT); goto leave; } - if ((ret = SSL_accept(io->ssl)) > 0) { + if ((ret = SSL_accept(io->tls)) > 0) { io->state = IO_STATE_UP; io_callback(io, IO_TLSREADY); goto leave; } - switch ((e = SSL_get_error(io->ssl, ret))) { + switch ((e = SSL_get_error(io->tls, ret))) { case SSL_ERROR_WANT_READ: - io_reset(io, EV_READ, io_dispatch_accept_ssl); + io_reset(io, EV_READ, io_dispatch_accept_tls); break; case SSL_ERROR_WANT_WRITE: - io_reset(io, EV_WRITE, io_dispatch_accept_ssl); + io_reset(io, EV_WRITE, io_dispatch_accept_tls); break; default: - io->error = io_ssl_error(); - ssl_error("io_dispatch_accept_ssl:SSL_accept"); + io->error = io_tls_error(); + ssl_error("io_dispatch_accept_tls:SSL_accept"); io_callback(io, IO_ERROR); break; } @@ -892,33 +892,33 @@ io_dispatch_accept_ssl(int fd, short event, void *humppa) } void -io_dispatch_connect_ssl(int fd, short event, void *humppa) +io_dispatch_connect_tls(int fd, short event, void *humppa) { struct io *io = humppa; int e, ret; - io_frame_enter("io_dispatch_connect_ssl", io, event); + io_frame_enter("io_dispatch_connect_tls", io, event); if (event == EV_TIMEOUT) { io_callback(io, IO_TIMEOUT); goto leave; } - if ((ret = SSL_connect(io->ssl)) > 0) { + if ((ret = SSL_connect(io->tls)) > 0) { io->state = IO_STATE_UP; io_callback(io, IO_TLSREADY); goto leave; } - switch ((e = SSL_get_error(io->ssl, ret))) { + switch ((e = SSL_get_error(io->tls, ret))) { case SSL_ERROR_WANT_READ: - io_reset(io, EV_READ, io_dispatch_connect_ssl); + io_reset(io, EV_READ, io_dispatch_connect_tls); break; case SSL_ERROR_WANT_WRITE: - io_reset(io, EV_WRITE, io_dispatch_connect_ssl); + io_reset(io, EV_WRITE, io_dispatch_connect_tls); break; default: - io->error = io_ssl_error(); + io->error = io_tls_error(); ssl_error("io_dispatch_connect_ssl:SSL_connect"); io_callback(io, IO_TLSERROR); break; @@ -929,12 +929,12 @@ io_dispatch_connect_ssl(int fd, short event, void *humppa) } void -io_dispatch_read_ssl(int fd, short event, void *humppa) +io_dispatch_read_tls(int fd, short event, void *humppa) { struct io *io = humppa; int n, saved_errno; - io_frame_enter("io_dispatch_read_ssl", io, event); + io_frame_enter("io_dispatch_read_tls", io, event); if (event == EV_TIMEOUT) { io_callback(io, IO_TIMEOUT); @@ -943,12 +943,12 @@ io_dispatch_read_ssl(int fd, short event, void *humppa) again: iobuf_normalize(&io->iobuf); - switch ((n = iobuf_read_ssl(&io->iobuf, (SSL*)io->ssl))) { + switch ((n = iobuf_read_tls(&io->iobuf, (SSL*)io->tls))) { case IOBUF_WANT_READ: - io_reset(io, EV_READ, io_dispatch_read_ssl); + io_reset(io, EV_READ, io_dispatch_read_tls); break; case IOBUF_WANT_WRITE: - io_reset(io, EV_WRITE, io_dispatch_read_ssl); + io_reset(io, EV_WRITE, io_dispatch_read_tls); break; case IOBUF_CLOSED: io_callback(io, IO_DISCONNECTED); @@ -959,15 +959,15 @@ again: errno = saved_errno; io_callback(io, IO_ERROR); break; - case IOBUF_SSLERROR: - io->error = io_ssl_error(); - ssl_error("io_dispatch_read_ssl:SSL_read"); + case IOBUF_TLSERROR: + io->error = io_tls_error(); + ssl_error("io_dispatch_read_tls:SSL_read"); io_callback(io, IO_ERROR); break; default: - io_debug("io_dispatch_read_ssl(...) -> r=%d\n", n); + io_debug("io_dispatch_read_tls(...) -> r=%d\n", n); io_callback(io, IO_DATAIN); - if (current == io && IO_READING(io) && SSL_pending(io->ssl)) + if (current == io && IO_READING(io) && SSL_pending(io->tls)) goto again; } @@ -976,13 +976,13 @@ again: } void -io_dispatch_write_ssl(int fd, short event, void *humppa) +io_dispatch_write_tls(int fd, short event, void *humppa) { struct io *io = humppa; int n, saved_errno; size_t w2, w; - io_frame_enter("io_dispatch_write_ssl", io, event); + io_frame_enter("io_dispatch_write_tls", io, event); if (event == EV_TIMEOUT) { io_callback(io, IO_TIMEOUT); @@ -990,12 +990,12 @@ io_dispatch_write_ssl(int fd, short event, void *humppa) } w = io_queued(io); - switch ((n = iobuf_write_ssl(&io->iobuf, (SSL*)io->ssl))) { + switch ((n = iobuf_write_tls(&io->iobuf, (SSL*)io->tls))) { case IOBUF_WANT_READ: - io_reset(io, EV_READ, io_dispatch_write_ssl); + io_reset(io, EV_READ, io_dispatch_write_tls); break; case IOBUF_WANT_WRITE: - io_reset(io, EV_WRITE, io_dispatch_write_ssl); + io_reset(io, EV_WRITE, io_dispatch_write_tls); break; case IOBUF_CLOSED: io_callback(io, IO_DISCONNECTED); @@ -1006,13 +1006,13 @@ io_dispatch_write_ssl(int fd, short event, void *humppa) errno = saved_errno; io_callback(io, IO_ERROR); break; - case IOBUF_SSLERROR: - io->error = io_ssl_error(); - ssl_error("io_dispatch_write_ssl:SSL_write"); + case IOBUF_TLSERROR: + io->error = io_tls_error(); + ssl_error("io_dispatch_write_tls:SSL_write"); io_callback(io, IO_ERROR); break; default: - io_debug("io_dispatch_write_ssl(...) -> w=%d\n", n); + io_debug("io_dispatch_write_tls(...) -> w=%d\n", n); w2 = io_queued(io); if (w > io->lowat && w2 <= io->lowat) io_callback(io, IO_LOWAT); @@ -1024,39 +1024,39 @@ io_dispatch_write_ssl(int fd, short event, void *humppa) } void -io_reload_ssl(struct io *io) +io_reload_tls(struct io *io) { short ev = 0; void (*dispatch)(int, short, void*) = NULL; switch (io->state) { - case IO_STATE_CONNECT_SSL: + case IO_STATE_CONNECT_TLS: ev = EV_WRITE; - dispatch = io_dispatch_connect_ssl; + dispatch = io_dispatch_connect_tls; break; - case IO_STATE_ACCEPT_SSL: + case IO_STATE_ACCEPT_TLS: ev = EV_READ; - dispatch = io_dispatch_accept_ssl; + dispatch = io_dispatch_accept_tls; break; case IO_STATE_UP: ev = 0; if (IO_READING(io) && !(io->flags & IO_PAUSE_IN)) { ev = EV_READ; - dispatch = io_dispatch_read_ssl; + dispatch = io_dispatch_read_tls; } else if (IO_WRITING(io) && !(io->flags & IO_PAUSE_OUT) && io_queued(io)) { ev = EV_WRITE; - dispatch = io_dispatch_write_ssl; + dispatch = io_dispatch_write_tls; } if (!ev) return; /* paused */ break; default: - errx(1, "io_reload_ssl(): bad state"); + errx(1, "io_reload_tls(): bad state"); } io_reset(io, ev, dispatch); } -#endif /* IO_SSL */ +#endif /* IO_TLS */ diff --git a/usr.sbin/smtpd/ioev.h b/usr.sbin/smtpd/ioev.h index f1c398482cf..015340c2b16 100644 --- a/usr.sbin/smtpd/ioev.h +++ b/usr.sbin/smtpd/ioev.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ioev.h,v 1.16 2016/11/30 17:43:32 eric Exp $ */ +/* $OpenBSD: ioev.h,v 1.17 2019/06/12 17:42:53 eric Exp $ */ /* * Copyright (c) 2012 Eric Faurot <eric@openbsd.org> * @@ -50,7 +50,7 @@ int io_start_tls(struct io *, void *); const char* io_strio(struct io *); const char* io_strevent(int); const char* io_error(struct io *); -void* io_ssl(struct io *); +void* io_tls(struct io *); int io_fileno(struct io *); int io_paused(struct io *, int); diff --git a/usr.sbin/smtpd/mta_session.c b/usr.sbin/smtpd/mta_session.c index 959b45e8b68..266c45e5674 100644 --- a/usr.sbin/smtpd/mta_session.c +++ b/usr.sbin/smtpd/mta_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mta_session.c,v 1.115 2018/12/23 16:37:53 eric Exp $ */ +/* $OpenBSD: mta_session.c,v 1.116 2019/06/12 17:42:53 eric Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -1103,7 +1103,7 @@ mta_io(struct io *io, int evt, void *arg) case IO_TLSREADY: log_info("%016"PRIx64" mta tls ciphers=%s", - s->id, ssl_to_text(io_ssl(s->io))); + s->id, ssl_to_text(io_tls(s->io))); s->flags |= MTA_TLS; mta_cert_verify(s); @@ -1512,7 +1512,7 @@ mta_cert_verify(struct mta_session *s) fallback = 1; } - if (cert_verify(io_ssl(s->io), name, fallback, mta_cert_verify_cb, s)) { + if (cert_verify(io_tls(s->io), name, fallback, mta_cert_verify_cb, s)) { tree_xset(&wait_ssl_verify, s->id, s); io_pause(s->io, IO_IN); s->flags |= MTA_WAIT; @@ -1549,7 +1549,7 @@ mta_tls_verified(struct mta_session *s) { X509 *x; - x = SSL_get_peer_certificate(io_ssl(s->io)); + x = SSL_get_peer_certificate(io_tls(s->io)); if (x) { log_info("smtp-out: Server certificate verification %s " "on session %016"PRIx64, diff --git a/usr.sbin/smtpd/smtp/Makefile b/usr.sbin/smtpd/smtp/Makefile index 24515db9ba6..6708ab6e20d 100644 --- a/usr.sbin/smtpd/smtp/Makefile +++ b/usr.sbin/smtpd/smtp/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2018/04/26 13:57:13 eric Exp $ +# $OpenBSD: Makefile,v 1.2 2019/06/12 17:42:53 eric Exp $ .PATH: ${.CURDIR}/.. @@ -15,7 +15,7 @@ SRCS+= smtpc.c SRCS+= ssl.c SRCS+= ssl_smtpd.c -CPPFLAGS+= -DIO_SSL +CPPFLAGS+= -DIO_TLS LDADD+= -levent -lutil -lssl -lcrypto -lm -lz DPADD+= ${LIBEVENT} ${LIBUTIL} ${LIBSSL} ${LIBCRYPTO} ${LIBM} ${LIBZ} diff --git a/usr.sbin/smtpd/smtp_client.c b/usr.sbin/smtpd/smtp_client.c index a6e70de5334..ac707a1210f 100644 --- a/usr.sbin/smtpd/smtp_client.c +++ b/usr.sbin/smtpd/smtp_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_client.c,v 1.9 2019/05/14 12:08:54 eric Exp $ */ +/* $OpenBSD: smtp_client.c,v 1.10 2019/06/12 17:42:53 eric Exp $ */ /* * Copyright (c) 2018 Eric Faurot <eric@openbsd.org> @@ -619,7 +619,7 @@ smtp_client_io(struct io *io, int evt, void *arg) case IO_TLSREADY: proto->flags |= FLAG_TLS; io_pause(proto->io, IO_IN); - smtp_verify_server_cert(proto->tag, proto, io_ssl(proto->io)); + smtp_verify_server_cert(proto->tag, proto, io_tls(proto->io)); break; case IO_DATAIN: diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c index db86abdb0e0..96a6e00ba50 100644 --- a/usr.sbin/smtpd/smtp_session.c +++ b/usr.sbin/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.390 2019/05/15 11:56:19 eric Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.391 2019/06/12 17:42:53 eric Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1031,7 +1031,7 @@ smtp_tls_verified(struct smtp_session *s) { X509 *x; - x = SSL_get_peer_certificate(io_ssl(s->io)); + x = SSL_get_peer_certificate(io_tls(s->io)); if (x) { log_info("%016"PRIx64" smtp " "client-cert-check result=\"%s\"", @@ -1066,9 +1066,9 @@ smtp_io(struct io *io, int evt, void *arg) case IO_TLSREADY: log_info("%016"PRIx64" smtp tls ciphers=%s", - s->id, ssl_to_text(io_ssl(s->io))); + s->id, ssl_to_text(io_tls(s->io))); - report_smtp_link_tls("smtp-in", s->id, ssl_to_text(io_ssl(s->io))); + report_smtp_link_tls("smtp-in", s->id, ssl_to_text(io_tls(s->io))); s->flags |= SF_SECURE; s->helo[0] = '\0'; @@ -2240,7 +2240,7 @@ smtp_cert_verify(struct smtp_session *s) fallback = 1; } - if (cert_verify(io_ssl(s->io), name, fallback, smtp_cert_verify_cb, s)) { + if (cert_verify(io_tls(s->io), name, fallback, smtp_cert_verify_cb, s)) { tree_xset(&wait_ssl_verify, s->id, s); io_pause(s->io, IO_IN); } @@ -2789,11 +2789,11 @@ smtp_message_begin(struct smtp_tx *tx) tx->msgid); if (s->flags & SF_SECURE) { - x = SSL_get_peer_certificate(io_ssl(s->io)); + x = SSL_get_peer_certificate(io_tls(s->io)); m_printf(tx, " (%s:%s:%d:%s)", - SSL_get_version(io_ssl(s->io)), - SSL_get_cipher_name(io_ssl(s->io)), - SSL_get_cipher_bits(io_ssl(s->io), NULL), + SSL_get_version(io_tls(s->io)), + SSL_get_cipher_name(io_tls(s->io)), + SSL_get_cipher_bits(io_tls(s->io), NULL), (s->flags & SF_VERIFIED) ? "YES" : (x ? "FAIL" : "NO")); X509_free(x); diff --git a/usr.sbin/smtpd/smtpd/Makefile b/usr.sbin/smtpd/smtpd/Makefile index e361e3f2e4a..5c4128bb594 100644 --- a/usr.sbin/smtpd/smtpd/Makefile +++ b/usr.sbin/smtpd/smtpd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.100 2018/12/11 13:29:52 gilles Exp $ +# $OpenBSD: Makefile,v 1.101 2019/06/12 17:42:53 eric Exp $ .PATH: ${.CURDIR}/.. @@ -91,7 +91,7 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast-qual CFLAGS+= -Wsign-compare CFLAGS+= -Werror-implicit-function-declaration #CFLAGS+= -Werror # during development phase (breaks some archs) -CFLAGS+= -DIO_SSL +CFLAGS+= -DIO_TLS CFLAGS+= -DQUEUE_PROFILING YFLAGS= |