Age | Commit message (Collapse) | Author |
|
ok jsing@
|
|
default since it is computationally expensive and a potential DoS vector.
ok gilles@
|
|
ok sunil@, jung@
|
|
introduce 'ca' keyword to allow specifying a custom CA.
making CA part of pki was a bad idea and several people hit use-cases that
plain couldn't work.
instead of:
pki foobar.org ca "/etc/mail/CA.pem"
use now:
ca foobar.org certificate "/etc/mail/CA.pem"
ok sunil@, jung@
|
|
being shared between smtpd and another daemon
|
|
ok jung@, sunil@, millert@
|
|
and I've been running with it since June with no side-effect
ok sunil@, jung@, millert@
|
|
|
|
also remove trailing whitespaces while here
no binary change
ok sunil millert gilles
|
|
ok gilles@
|
|
version used for the connection, the latter gives "the SSL/TLS protocol version
that first defined the cipher". Fixes "TLS version=TLSv1/SSLv3" in received/log
lines.
ok millert@ "I was going to commit this today, so yes definitely" ok gilles@
|
|
|
|
As discussed with beck@ jsing@ and others
OK beck@
|
|
is no need to keep a local copy in ssl_privsep.c. This adds a little
burden on OpenSMTPD-portable because it will have to put it in
openbsd-compat for compatibility with legacy OpenSSL.
OK gilles@
|
|
using the name of relayd relay or smtpd pki, use a 32 byte arc4random
buffer that should be unique for the context. This fixes an issue in
OpenSMTPD when a long pki name could break the configuration.
OK gilles@ benno@
|
|
ok jsing@
|
|
ok gilles
|
|
concept ok deraadt@
diff looks ok tedu@
|
|
ok eric@ gilles@
|
|
|
|
ok eric@
|
|
free() the external data when releasing the RSA object. The
RSA_GET_EX_NEW_INDEX(3) manual page doesn't mention that this is the
default behaviour - it just describes the possible free_func()
callback - and the code path in libcrypto is hiding the fact behind
layers of abstraction.
Fix possible double free by allocating and copying the external data
reference that is used for RSA privsep (pkiname in smtpd's case).
ok eric@ gilles@
|
|
|
|
that requires to call RSA_free() to dereference it after use. Also
free a temporary key that was read by PEM_read_PrivateKey() and
immediately written into a bio.
ok markus@
|
|
implementation for relayd(8). The smtpd(8) pony processes (mta
client, smtp server) don't keep the private keys in memory but send
their private key operations as imsgs to the "lookup"/mta process.
It's worth mentioning that this prevents acidental private key leakage
as it could have been caused by "Heartbleed".
ok gilles@
|
|
context once. Simplify the code path by moving the loading from three
different places into ssl_ctx_create():
ok gilles@
|
|
suddenly supported a cipher with a name that's > 200 bytes long ...
... in which case harmless truncation would occur and we'd have to
readjust our buffer
|
|
|
|
- rename "struct ssl" and "cert" to "struct pki" and "cert" to "pki_name"
- inherit pki conf on fork instead of passing it through imsg at startup
- implement SNI on smtp listeners
|
|
bzero -> memset
|
|
|
|
Simplify code and do not impose an order on conditions and rule options.
Format changes that may require smtpd.conf update for some setups:
- SSL certificates are no longer automatically loaded, but must be
explicitely declared using the "pki" keyword.
- "certificate" option becomes "pki" in listener and accept rules.
- "ssl://" becomes "secure://" in relay via rules.
- "helo" becomes "hostnames" in relay rules
New features:
- accept rules do not need an explicit action, in which case alias table
or .forward must provide one.
- new "forward-only" action to force relaying and reject rcpts that expand
as local delivery.
- "!" (negation) modifier on rule matching conditions.
- new "recipient" rule matching condition.
- new "verify" option on listeners and relay rules to reject invalid
certificates.
Other changes:
- remember the helo name advertised on incoming mail and use it for sending
bounces.
- bump envelope version (existing envelopes are updated on-the-fly).
|
|
|
|
suggested by djm@ on hackers@, diff ok djm@
|
|
ok gilles@
|
|
* first bricks of ldap and sqlite support (not finished but both working)
* new table API to replace map API, all lookups are done through tables
* improved handling of temporary errors throughout the daemon
* improved scheduler and mta logic: connection reuse, optimizes batches
* improved queue: more tolerant to admin errors, new layout, less disk-IO
* improved memory usage under high load
* SSL certs/keys isolated to lookup process to avoid facing network
* VIRTUAL support improved, fully virtual setups possible now
* runtime tracing of processes through smtpctl trace
* ssl_privsep.c sync-ed with relayd
* ssl.c no longer contains smtpd specific interfaces
* smtpd-specific ssl bits moved to ssl_smtpd.c
* update mail address in copyright
FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE.
smtpd.conf(5) simplified, it will require adaptations
ok eric@
|
|
ok gilles@
|
|
* Log more events (especially client session) and use a better scheme
for that: each messages is prefixed with a token to easily identify
its class:
- info/warn/debug: general server messages
- smtp-in: smtp client connections
- relay: status update for relayed messages
- delivery: status update for local deliveries
* Implement "smtpctl monitor" to display updates of selected internal
counters.
* When reloading the on-disk queue at startup do not commit a message
if no envelope was submitted for that message.
* Remove unused stuff in the config parser.
ok gilles@
|
|
with gilles and eric, tested by me and gilles
ok gilles@
|
|
correct (uid 0, no rights for g/o).
Initial diff by Sunil Nimmagadda.
ok gilles@ chl@
|
|
Change ssl_session_init to ssl_smtp_init and make it simpler: only create
an SSL* from the SSL_CTX* passed as parameter, so it does not have to know
about the struct session itself. Kill some dead prototypes while there.
ok chl@ gilles@
|
|
ok eric@
|
|
a better separation between io and protocol logic. As a side-effect,
it fixes a couple of long-standing issues in the io path, and
hopefully add fresh ones instead. Kill client.c in the process.
ok gilles@
|
|
tested @ home
|
|
establishing a ssl session. will be investigated and reenabled soon
asked and commited on behalf of gilles@
ok gilles@
|
|
ok gilles@
|
|
bits from relayd, ok chl@, ok eric@
|
|
caching, don't try to negotiate an RFC 4507-style session ticket,
as it would be useless and some (broken and non-compliant) servers
choke on TLS extension negotiation.
ok gilles@
|
|
tested by gilles@
ok gilles@ eric@
|
|
correctly freed by SSL_free() at the end of the session.
Plug a leak in the mta.
ok! gilles@
|