summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/smtpd/iobuf.c32
-rw-r--r--usr.sbin/smtpd/iobuf.h10
-rw-r--r--usr.sbin/smtpd/ioev.c168
-rw-r--r--usr.sbin/smtpd/ioev.h4
-rw-r--r--usr.sbin/smtpd/mta_session.c8
-rw-r--r--usr.sbin/smtpd/smtp/Makefile4
-rw-r--r--usr.sbin/smtpd/smtp_client.c4
-rw-r--r--usr.sbin/smtpd/smtp_session.c18
-rw-r--r--usr.sbin/smtpd/smtpd/Makefile4
9 files changed, 126 insertions, 126 deletions
diff --git a/usr.sbin/smtpd/iobuf.c b/usr.sbin/smtpd/iobuf.c
index 27c404a0b7a..a72243587a1 100644
--- a/usr.sbin/smtpd/iobuf.c
+++ b/usr.sbin/smtpd/iobuf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: iobuf.c,v 1.10 2017/03/17 20:56:04 eric Exp $ */
+/* $OpenBSD: iobuf.c,v 1.11 2019/06/12 17:42:53 eric Exp $ */
/*
* Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
*
@@ -26,7 +26,7 @@
#include <string.h>
#include <unistd.h>
-#ifdef IO_SSL
+#ifdef IO_TLS
#include <openssl/err.h>
#include <openssl/ssl.h>
#endif
@@ -386,31 +386,31 @@ iobuf_flush(struct iobuf *io, int fd)
return (0);
}
-#ifdef IO_SSL
+#ifdef IO_TLS
int
-iobuf_flush_ssl(struct iobuf *io, void *ssl)
+iobuf_flush_tls(struct iobuf *io, void *tls)
{
ssize_t s;
while (io->queued)
- if ((s = iobuf_write_ssl(io, ssl)) < 0)
+ if ((s = iobuf_write_tls(io, tls)) < 0)
return (s);
return (0);
}
ssize_t
-iobuf_write_ssl(struct iobuf *io, void *ssl)
+iobuf_write_tls(struct iobuf *io, void *tls)
{
struct ioqbuf *q;
int r;
ssize_t n;
q = io->outq;
- n = SSL_write(ssl, q->buf + q->rpos, q->wpos - q->rpos);
+ n = SSL_write(tls, q->buf + q->rpos, q->wpos - q->rpos);
if (n <= 0) {
- switch ((r = SSL_get_error(ssl, n))) {
+ switch ((r = SSL_get_error(tls, n))) {
case SSL_ERROR_WANT_READ:
return (IOBUF_WANT_READ);
case SSL_ERROR_WANT_WRITE:
@@ -419,12 +419,12 @@ iobuf_write_ssl(struct iobuf *io, void *ssl)
return (IOBUF_CLOSED);
case SSL_ERROR_SYSCALL:
if (ERR_peek_last_error())
- return (IOBUF_SSLERROR);
+ return (IOBUF_TLSERROR);
if (r == 0)
errno = EPIPE;
return (IOBUF_ERROR);
default:
- return (IOBUF_SSLERROR);
+ return (IOBUF_TLSERROR);
}
}
iobuf_drain(io, n);
@@ -433,26 +433,26 @@ iobuf_write_ssl(struct iobuf *io, void *ssl)
}
ssize_t
-iobuf_read_ssl(struct iobuf *io, void *ssl)
+iobuf_read_tls(struct iobuf *io, void *tls)
{
ssize_t n;
int r;
- n = SSL_read(ssl, io->buf + io->wpos, iobuf_left(io));
+ n = SSL_read(tls, io->buf + io->wpos, iobuf_left(io));
if (n < 0) {
- switch ((r = SSL_get_error(ssl, n))) {
+ switch ((r = SSL_get_error(tls, n))) {
case SSL_ERROR_WANT_READ:
return (IOBUF_WANT_READ);
case SSL_ERROR_WANT_WRITE:
return (IOBUF_WANT_WRITE);
case SSL_ERROR_SYSCALL:
if (ERR_peek_last_error())
- return (IOBUF_SSLERROR);
+ return (IOBUF_TLSERROR);
if (r == 0)
errno = EPIPE;
return (IOBUF_ERROR);
default:
- return (IOBUF_SSLERROR);
+ return (IOBUF_TLSERROR);
}
} else if (n == 0)
return (IOBUF_CLOSED);
@@ -462,4 +462,4 @@ iobuf_read_ssl(struct iobuf *io, void *ssl)
return (n);
}
-#endif /* IO_SSL */
+#endif /* IO_TLS */
diff --git a/usr.sbin/smtpd/iobuf.h b/usr.sbin/smtpd/iobuf.h
index e1f2745427a..c454d0a1407 100644
--- a/usr.sbin/smtpd/iobuf.h
+++ b/usr.sbin/smtpd/iobuf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: iobuf.h,v 1.4 2015/01/20 17:37:54 deraadt Exp $ */
+/* $OpenBSD: iobuf.h,v 1.5 2019/06/12 17:42:53 eric Exp $ */
/*
* Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
*
@@ -39,7 +39,7 @@ struct iobuf {
#define IOBUF_WANT_WRITE -2
#define IOBUF_CLOSED -3
#define IOBUF_ERROR -4
-#define IOBUF_SSLERROR -5
+#define IOBUF_TLSERROR -5
int iobuf_init(struct iobuf *, size_t, size_t);
void iobuf_clear(struct iobuf *);
@@ -53,7 +53,7 @@ size_t iobuf_left(struct iobuf *);
char *iobuf_data(struct iobuf *);
char *iobuf_getline(struct iobuf *, size_t *);
ssize_t iobuf_read(struct iobuf *, int);
-ssize_t iobuf_read_ssl(struct iobuf *, void *);
+ssize_t iobuf_read_tls(struct iobuf *, void *);
size_t iobuf_queued(struct iobuf *);
void* iobuf_reserve(struct iobuf *, size_t);
@@ -62,6 +62,6 @@ int iobuf_queuev(struct iobuf *, const struct iovec *, int);
int iobuf_fqueue(struct iobuf *, const char *, ...);
int iobuf_vfqueue(struct iobuf *, const char *, va_list);
int iobuf_flush(struct iobuf *, int);
-int iobuf_flush_ssl(struct iobuf *, void *);
+int iobuf_flush_tls(struct iobuf *, void *);
ssize_t iobuf_write(struct iobuf *, int);
-ssize_t iobuf_write_ssl(struct iobuf *, void *);
+ssize_t iobuf_write_tls(struct iobuf *, void *);
diff --git a/usr.sbin/smtpd/ioev.c b/usr.sbin/smtpd/ioev.c
index 44690766388..d36210fd7dd 100644
--- a/usr.sbin/smtpd/ioev.c
+++ b/usr.sbin/smtpd/ioev.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ioev.c,v 1.41 2017/05/17 14:00:06 deraadt Exp $ */
+/* $OpenBSD: ioev.c,v 1.42 2019/06/12 17:42:53 eric Exp $ */
/*
* Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
*
@@ -32,7 +32,7 @@
#include "ioev.h"
#include "iobuf.h"
-#ifdef IO_SSL
+#ifdef IO_TLS
#include <openssl/err.h>
#include <openssl/ssl.h>
#endif
@@ -40,8 +40,8 @@
enum {
IO_STATE_NONE,
IO_STATE_CONNECT,
- IO_STATE_CONNECT_SSL,
- IO_STATE_ACCEPT_SSL,
+ IO_STATE_CONNECT_TLS,
+ IO_STATE_ACCEPT_TLS,
IO_STATE_UP,
IO_STATE_MAX,
@@ -65,7 +65,7 @@ struct io {
int flags;
int state;
struct event ev;
- void *ssl;
+ void *tls;
const char *error; /* only valid immediately on callback */
};
@@ -84,15 +84,15 @@ void io_reset(struct io *, short, void (*)(int, short, void*));
void io_frame_enter(const char *, struct io *, int);
void io_frame_leave(struct io *);
-#ifdef IO_SSL
+#ifdef IO_TLS
void ssl_error(const char *); /* XXX external */
-static const char* io_ssl_error(void);
-void io_dispatch_accept_ssl(int, short, void *);
-void io_dispatch_connect_ssl(int, short, void *);
-void io_dispatch_read_ssl(int, short, void *);
-void io_dispatch_write_ssl(int, short, void *);
-void io_reload_ssl(struct io *io);
+static const char* io_tls_error(void);
+void io_dispatch_accept_tls(int, short, void *);
+void io_dispatch_connect_tls(int, short, void *);
+void io_dispatch_read_tls(int, short, void *);
+void io_dispatch_write_tls(int, short, void *);
+void io_reload_tls(struct io *io);
#endif
static struct io *current = NULL;
@@ -109,12 +109,12 @@ io_strio(struct io *io)
char ssl[128];
ssl[0] = '\0';
-#ifdef IO_SSL
- if (io->ssl) {
- (void)snprintf(ssl, sizeof ssl, " ssl=%s:%s:%d",
- SSL_get_version(io->ssl),
- SSL_get_cipher_name(io->ssl),
- SSL_get_cipher_bits(io->ssl, NULL));
+#ifdef IO_TLS
+ if (io->tls) {
+ (void)snprintf(ssl, sizeof ssl, " tls=%s:%s:%d",
+ SSL_get_version(io->tls),
+ SSL_get_cipher_name(io->tls),
+ SSL_get_cipher_bits(io->tls, NULL));
}
#endif
@@ -271,9 +271,9 @@ io_free(struct io *io)
if (io == current)
current = NULL;
-#ifdef IO_SSL
- SSL_free(io->ssl);
- io->ssl = NULL;
+#ifdef IO_TLS
+ SSL_free(io->tls);
+ io->tls = NULL;
#endif
if (event_initialized(&io->ev))
@@ -398,9 +398,9 @@ io_error(struct io *io)
}
void *
-io_ssl(struct io *io)
+io_tls(struct io *io)
{
- return io->ssl;
+ return io->tls;
}
int
@@ -531,9 +531,9 @@ io_reload(struct io *io)
iobuf_normalize(&io->iobuf);
-#ifdef IO_SSL
- if (io->ssl) {
- io_reload_ssl(io);
+#ifdef IO_TLS
+ if (io->tls) {
+ io_reload_tls(io);
return;
}
#endif
@@ -806,10 +806,10 @@ io_dispatch_connect(int fd, short ev, void *humppa)
io_frame_leave(io);
}
-#ifdef IO_SSL
+#ifdef IO_TLS
static const char*
-io_ssl_error(void)
+io_tls_error(void)
{
static char buf[128];
unsigned long e;
@@ -820,11 +820,11 @@ io_ssl_error(void)
return (buf);
}
- return ("No SSL error");
+ return ("No TLS error");
}
int
-io_start_tls(struct io *io, void *ssl)
+io_start_tls(struct io *io, void *tls)
{
int mode;
@@ -832,57 +832,57 @@ io_start_tls(struct io *io, void *ssl)
if (mode == 0 || mode == IO_RW)
errx(1, "io_start_tls(): full-duplex or unset");
- if (io->ssl)
- errx(1, "io_start_tls(): SSL already started");
- io->ssl = ssl;
+ if (io->tls)
+ errx(1, "io_start_tls(): TLS already started");
+ io->tls = tls;
- if (SSL_set_fd(io->ssl, io->sock) == 0) {
- ssl_error("io_start_ssl:SSL_set_fd");
+ if (SSL_set_fd(io->tls, io->sock) == 0) {
+ ssl_error("io_start_tls:SSL_set_fd");
return (-1);
}
if (mode == IO_WRITE) {
- io->state = IO_STATE_CONNECT_SSL;
- SSL_set_connect_state(io->ssl);
- io_reset(io, EV_WRITE, io_dispatch_connect_ssl);
+ io->state = IO_STATE_CONNECT_TLS;
+ SSL_set_connect_state(io->tls);
+ io_reset(io, EV_WRITE, io_dispatch_connect_tls);
} else {
- io->state = IO_STATE_ACCEPT_SSL;
- SSL_set_accept_state(io->ssl);
- io_reset(io, EV_READ, io_dispatch_accept_ssl);
+ io->state = IO_STATE_ACCEPT_TLS;
+ SSL_set_accept_state(io->tls);
+ io_reset(io, EV_READ, io_dispatch_accept_tls);
}
return (0);
}
void
-io_dispatch_accept_ssl(int fd, short event, void *humppa)
+io_dispatch_accept_tls(int fd, short event, void *humppa)
{
struct io *io = humppa;
int e, ret;
- io_frame_enter("io_dispatch_accept_ssl", io, event);
+ io_frame_enter("io_dispatch_accept_tls", io, event);
if (event == EV_TIMEOUT) {
io_callback(io, IO_TIMEOUT);
goto leave;
}
- if ((ret = SSL_accept(io->ssl)) > 0) {
+ if ((ret = SSL_accept(io->tls)) > 0) {
io->state = IO_STATE_UP;
io_callback(io, IO_TLSREADY);
goto leave;
}
- switch ((e = SSL_get_error(io->ssl, ret))) {
+ switch ((e = SSL_get_error(io->tls, ret))) {
case SSL_ERROR_WANT_READ:
- io_reset(io, EV_READ, io_dispatch_accept_ssl);
+ io_reset(io, EV_READ, io_dispatch_accept_tls);
break;
case SSL_ERROR_WANT_WRITE:
- io_reset(io, EV_WRITE, io_dispatch_accept_ssl);
+ io_reset(io, EV_WRITE, io_dispatch_accept_tls);
break;
default:
- io->error = io_ssl_error();
- ssl_error("io_dispatch_accept_ssl:SSL_accept");
+ io->error = io_tls_error();
+ ssl_error("io_dispatch_accept_tls:SSL_accept");
io_callback(io, IO_ERROR);
break;
}
@@ -892,33 +892,33 @@ io_dispatch_accept_ssl(int fd, short event, void *humppa)
}
void
-io_dispatch_connect_ssl(int fd, short event, void *humppa)
+io_dispatch_connect_tls(int fd, short event, void *humppa)
{
struct io *io = humppa;
int e, ret;
- io_frame_enter("io_dispatch_connect_ssl", io, event);
+ io_frame_enter("io_dispatch_connect_tls", io, event);
if (event == EV_TIMEOUT) {
io_callback(io, IO_TIMEOUT);
goto leave;
}
- if ((ret = SSL_connect(io->ssl)) > 0) {
+ if ((ret = SSL_connect(io->tls)) > 0) {
io->state = IO_STATE_UP;
io_callback(io, IO_TLSREADY);
goto leave;
}
- switch ((e = SSL_get_error(io->ssl, ret))) {
+ switch ((e = SSL_get_error(io->tls, ret))) {
case SSL_ERROR_WANT_READ:
- io_reset(io, EV_READ, io_dispatch_connect_ssl);
+ io_reset(io, EV_READ, io_dispatch_connect_tls);
break;
case SSL_ERROR_WANT_WRITE:
- io_reset(io, EV_WRITE, io_dispatch_connect_ssl);
+ io_reset(io, EV_WRITE, io_dispatch_connect_tls);
break;
default:
- io->error = io_ssl_error();
+ io->error = io_tls_error();
ssl_error("io_dispatch_connect_ssl:SSL_connect");
io_callback(io, IO_TLSERROR);
break;
@@ -929,12 +929,12 @@ io_dispatch_connect_ssl(int fd, short event, void *humppa)
}
void
-io_dispatch_read_ssl(int fd, short event, void *humppa)
+io_dispatch_read_tls(int fd, short event, void *humppa)
{
struct io *io = humppa;
int n, saved_errno;
- io_frame_enter("io_dispatch_read_ssl", io, event);
+ io_frame_enter("io_dispatch_read_tls", io, event);
if (event == EV_TIMEOUT) {
io_callback(io, IO_TIMEOUT);
@@ -943,12 +943,12 @@ io_dispatch_read_ssl(int fd, short event, void *humppa)
again:
iobuf_normalize(&io->iobuf);
- switch ((n = iobuf_read_ssl(&io->iobuf, (SSL*)io->ssl))) {
+ switch ((n = iobuf_read_tls(&io->iobuf, (SSL*)io->tls))) {
case IOBUF_WANT_READ:
- io_reset(io, EV_READ, io_dispatch_read_ssl);
+ io_reset(io, EV_READ, io_dispatch_read_tls);
break;
case IOBUF_WANT_WRITE:
- io_reset(io, EV_WRITE, io_dispatch_read_ssl);
+ io_reset(io, EV_WRITE, io_dispatch_read_tls);
break;
case IOBUF_CLOSED:
io_callback(io, IO_DISCONNECTED);
@@ -959,15 +959,15 @@ again:
errno = saved_errno;
io_callback(io, IO_ERROR);
break;
- case IOBUF_SSLERROR:
- io->error = io_ssl_error();
- ssl_error("io_dispatch_read_ssl:SSL_read");
+ case IOBUF_TLSERROR:
+ io->error = io_tls_error();
+ ssl_error("io_dispatch_read_tls:SSL_read");
io_callback(io, IO_ERROR);
break;
default:
- io_debug("io_dispatch_read_ssl(...) -> r=%d\n", n);
+ io_debug("io_dispatch_read_tls(...) -> r=%d\n", n);
io_callback(io, IO_DATAIN);
- if (current == io && IO_READING(io) && SSL_pending(io->ssl))
+ if (current == io && IO_READING(io) && SSL_pending(io->tls))
goto again;
}
@@ -976,13 +976,13 @@ again:
}
void
-io_dispatch_write_ssl(int fd, short event, void *humppa)
+io_dispatch_write_tls(int fd, short event, void *humppa)
{
struct io *io = humppa;
int n, saved_errno;
size_t w2, w;
- io_frame_enter("io_dispatch_write_ssl", io, event);
+ io_frame_enter("io_dispatch_write_tls", io, event);
if (event == EV_TIMEOUT) {
io_callback(io, IO_TIMEOUT);
@@ -990,12 +990,12 @@ io_dispatch_write_ssl(int fd, short event, void *humppa)
}
w = io_queued(io);
- switch ((n = iobuf_write_ssl(&io->iobuf, (SSL*)io->ssl))) {
+ switch ((n = iobuf_write_tls(&io->iobuf, (SSL*)io->tls))) {
case IOBUF_WANT_READ:
- io_reset(io, EV_READ, io_dispatch_write_ssl);
+ io_reset(io, EV_READ, io_dispatch_write_tls);
break;
case IOBUF_WANT_WRITE:
- io_reset(io, EV_WRITE, io_dispatch_write_ssl);
+ io_reset(io, EV_WRITE, io_dispatch_write_tls);
break;
case IOBUF_CLOSED:
io_callback(io, IO_DISCONNECTED);
@@ -1006,13 +1006,13 @@ io_dispatch_write_ssl(int fd, short event, void *humppa)
errno = saved_errno;
io_callback(io, IO_ERROR);
break;
- case IOBUF_SSLERROR:
- io->error = io_ssl_error();
- ssl_error("io_dispatch_write_ssl:SSL_write");
+ case IOBUF_TLSERROR:
+ io->error = io_tls_error();
+ ssl_error("io_dispatch_write_tls:SSL_write");
io_callback(io, IO_ERROR);
break;
default:
- io_debug("io_dispatch_write_ssl(...) -> w=%d\n", n);
+ io_debug("io_dispatch_write_tls(...) -> w=%d\n", n);
w2 = io_queued(io);
if (w > io->lowat && w2 <= io->lowat)
io_callback(io, IO_LOWAT);
@@ -1024,39 +1024,39 @@ io_dispatch_write_ssl(int fd, short event, void *humppa)
}
void
-io_reload_ssl(struct io *io)
+io_reload_tls(struct io *io)
{
short ev = 0;
void (*dispatch)(int, short, void*) = NULL;
switch (io->state) {
- case IO_STATE_CONNECT_SSL:
+ case IO_STATE_CONNECT_TLS:
ev = EV_WRITE;
- dispatch = io_dispatch_connect_ssl;
+ dispatch = io_dispatch_connect_tls;
break;
- case IO_STATE_ACCEPT_SSL:
+ case IO_STATE_ACCEPT_TLS:
ev = EV_READ;
- dispatch = io_dispatch_accept_ssl;
+ dispatch = io_dispatch_accept_tls;
break;
case IO_STATE_UP:
ev = 0;
if (IO_READING(io) && !(io->flags & IO_PAUSE_IN)) {
ev = EV_READ;
- dispatch = io_dispatch_read_ssl;
+ dispatch = io_dispatch_read_tls;
}
else if (IO_WRITING(io) && !(io->flags & IO_PAUSE_OUT) &&
io_queued(io)) {
ev = EV_WRITE;
- dispatch = io_dispatch_write_ssl;
+ dispatch = io_dispatch_write_tls;
}
if (!ev)
return; /* paused */
break;
default:
- errx(1, "io_reload_ssl(): bad state");
+ errx(1, "io_reload_tls(): bad state");
}
io_reset(io, ev, dispatch);
}
-#endif /* IO_SSL */
+#endif /* IO_TLS */
diff --git a/usr.sbin/smtpd/ioev.h b/usr.sbin/smtpd/ioev.h
index f1c398482cf..015340c2b16 100644
--- a/usr.sbin/smtpd/ioev.h
+++ b/usr.sbin/smtpd/ioev.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ioev.h,v 1.16 2016/11/30 17:43:32 eric Exp $ */
+/* $OpenBSD: ioev.h,v 1.17 2019/06/12 17:42:53 eric Exp $ */
/*
* Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
*
@@ -50,7 +50,7 @@ int io_start_tls(struct io *, void *);
const char* io_strio(struct io *);
const char* io_strevent(int);
const char* io_error(struct io *);
-void* io_ssl(struct io *);
+void* io_tls(struct io *);
int io_fileno(struct io *);
int io_paused(struct io *, int);
diff --git a/usr.sbin/smtpd/mta_session.c b/usr.sbin/smtpd/mta_session.c
index 959b45e8b68..266c45e5674 100644
--- a/usr.sbin/smtpd/mta_session.c
+++ b/usr.sbin/smtpd/mta_session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mta_session.c,v 1.115 2018/12/23 16:37:53 eric Exp $ */
+/* $OpenBSD: mta_session.c,v 1.116 2019/06/12 17:42:53 eric Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -1103,7 +1103,7 @@ mta_io(struct io *io, int evt, void *arg)
case IO_TLSREADY:
log_info("%016"PRIx64" mta tls ciphers=%s",
- s->id, ssl_to_text(io_ssl(s->io)));
+ s->id, ssl_to_text(io_tls(s->io)));
s->flags |= MTA_TLS;
mta_cert_verify(s);
@@ -1512,7 +1512,7 @@ mta_cert_verify(struct mta_session *s)
fallback = 1;
}
- if (cert_verify(io_ssl(s->io), name, fallback, mta_cert_verify_cb, s)) {
+ if (cert_verify(io_tls(s->io), name, fallback, mta_cert_verify_cb, s)) {
tree_xset(&wait_ssl_verify, s->id, s);
io_pause(s->io, IO_IN);
s->flags |= MTA_WAIT;
@@ -1549,7 +1549,7 @@ mta_tls_verified(struct mta_session *s)
{
X509 *x;
- x = SSL_get_peer_certificate(io_ssl(s->io));
+ x = SSL_get_peer_certificate(io_tls(s->io));
if (x) {
log_info("smtp-out: Server certificate verification %s "
"on session %016"PRIx64,
diff --git a/usr.sbin/smtpd/smtp/Makefile b/usr.sbin/smtpd/smtp/Makefile
index 24515db9ba6..6708ab6e20d 100644
--- a/usr.sbin/smtpd/smtp/Makefile
+++ b/usr.sbin/smtpd/smtp/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.1 2018/04/26 13:57:13 eric Exp $
+# $OpenBSD: Makefile,v 1.2 2019/06/12 17:42:53 eric Exp $
.PATH: ${.CURDIR}/..
@@ -15,7 +15,7 @@ SRCS+= smtpc.c
SRCS+= ssl.c
SRCS+= ssl_smtpd.c
-CPPFLAGS+= -DIO_SSL
+CPPFLAGS+= -DIO_TLS
LDADD+= -levent -lutil -lssl -lcrypto -lm -lz
DPADD+= ${LIBEVENT} ${LIBUTIL} ${LIBSSL} ${LIBCRYPTO} ${LIBM} ${LIBZ}
diff --git a/usr.sbin/smtpd/smtp_client.c b/usr.sbin/smtpd/smtp_client.c
index a6e70de5334..ac707a1210f 100644
--- a/usr.sbin/smtpd/smtp_client.c
+++ b/usr.sbin/smtpd/smtp_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: smtp_client.c,v 1.9 2019/05/14 12:08:54 eric Exp $ */
+/* $OpenBSD: smtp_client.c,v 1.10 2019/06/12 17:42:53 eric Exp $ */
/*
* Copyright (c) 2018 Eric Faurot <eric@openbsd.org>
@@ -619,7 +619,7 @@ smtp_client_io(struct io *io, int evt, void *arg)
case IO_TLSREADY:
proto->flags |= FLAG_TLS;
io_pause(proto->io, IO_IN);
- smtp_verify_server_cert(proto->tag, proto, io_ssl(proto->io));
+ smtp_verify_server_cert(proto->tag, proto, io_tls(proto->io));
break;
case IO_DATAIN:
diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c
index db86abdb0e0..96a6e00ba50 100644
--- a/usr.sbin/smtpd/smtp_session.c
+++ b/usr.sbin/smtpd/smtp_session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: smtp_session.c,v 1.390 2019/05/15 11:56:19 eric Exp $ */
+/* $OpenBSD: smtp_session.c,v 1.391 2019/06/12 17:42:53 eric Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -1031,7 +1031,7 @@ smtp_tls_verified(struct smtp_session *s)
{
X509 *x;
- x = SSL_get_peer_certificate(io_ssl(s->io));
+ x = SSL_get_peer_certificate(io_tls(s->io));
if (x) {
log_info("%016"PRIx64" smtp "
"client-cert-check result=\"%s\"",
@@ -1066,9 +1066,9 @@ smtp_io(struct io *io, int evt, void *arg)
case IO_TLSREADY:
log_info("%016"PRIx64" smtp tls ciphers=%s",
- s->id, ssl_to_text(io_ssl(s->io)));
+ s->id, ssl_to_text(io_tls(s->io)));
- report_smtp_link_tls("smtp-in", s->id, ssl_to_text(io_ssl(s->io)));
+ report_smtp_link_tls("smtp-in", s->id, ssl_to_text(io_tls(s->io)));
s->flags |= SF_SECURE;
s->helo[0] = '\0';
@@ -2240,7 +2240,7 @@ smtp_cert_verify(struct smtp_session *s)
fallback = 1;
}
- if (cert_verify(io_ssl(s->io), name, fallback, smtp_cert_verify_cb, s)) {
+ if (cert_verify(io_tls(s->io), name, fallback, smtp_cert_verify_cb, s)) {
tree_xset(&wait_ssl_verify, s->id, s);
io_pause(s->io, IO_IN);
}
@@ -2789,11 +2789,11 @@ smtp_message_begin(struct smtp_tx *tx)
tx->msgid);
if (s->flags & SF_SECURE) {
- x = SSL_get_peer_certificate(io_ssl(s->io));
+ x = SSL_get_peer_certificate(io_tls(s->io));
m_printf(tx, " (%s:%s:%d:%s)",
- SSL_get_version(io_ssl(s->io)),
- SSL_get_cipher_name(io_ssl(s->io)),
- SSL_get_cipher_bits(io_ssl(s->io), NULL),
+ SSL_get_version(io_tls(s->io)),
+ SSL_get_cipher_name(io_tls(s->io)),
+ SSL_get_cipher_bits(io_tls(s->io), NULL),
(s->flags & SF_VERIFIED) ? "YES" : (x ? "FAIL" : "NO"));
X509_free(x);
diff --git a/usr.sbin/smtpd/smtpd/Makefile b/usr.sbin/smtpd/smtpd/Makefile
index e361e3f2e4a..5c4128bb594 100644
--- a/usr.sbin/smtpd/smtpd/Makefile
+++ b/usr.sbin/smtpd/smtpd/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.100 2018/12/11 13:29:52 gilles Exp $
+# $OpenBSD: Makefile,v 1.101 2019/06/12 17:42:53 eric Exp $
.PATH: ${.CURDIR}/..
@@ -91,7 +91,7 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast-qual
CFLAGS+= -Wsign-compare
CFLAGS+= -Werror-implicit-function-declaration
#CFLAGS+= -Werror # during development phase (breaks some archs)
-CFLAGS+= -DIO_SSL
+CFLAGS+= -DIO_TLS
CFLAGS+= -DQUEUE_PROFILING
YFLAGS=