diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-09-18 18:02:48 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-09-18 23:13:09 +0100 |
| commit | 8008accd32d189afed4107a54466130dc1c331e2 (patch) | |
| tree | fd2124e9302d30baecf350eb8c694e9620b5c6b9 /src | |
| parent | 5fd28bb83f80141b9f7671ed9ae3e1a4263134e3 (diff) | |
Testsuite: track newer GnuTLS behaviour
We have lost one log line, for a ciphers-negotiation failure on an early
host in a list from routing. We still get something indicative if the
last one fails, so I'm going to let this pass.
Test 2025 will fail on earlier GnuTLS library versions as a result.
NONE no longer works as documented, in priority string for GnuTLS.
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/tls-gnu.c | 6 | ||||
| -rw-r--r-- | src/src/transports/smtp.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index ff8064bab..fd18a601e 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -1598,6 +1598,7 @@ uint verify; if (state->verify_requirement == VERIFY_NONE) return TRUE; +DEBUG(D_tls) debug_printf("TLS: checking peer certificate\n"); *errstr = NULL; if ((rc = peer_status(state, errstr)) != OK) @@ -2068,7 +2069,10 @@ if (!state->tlsp->on_connect) } /* Now negotiate the TLS session. We put our own timer on it, since it seems -that the GnuTLS library doesn't. */ +that the GnuTLS library doesn't. +From 3.1.0 there is gnutls_handshake_set_timeout() - but it requires you +to set (and clear down afterwards) up a pull-timeout callback function that does +a select, so we're no better off unless avoiding signals becomes an issue. */ gnutls_transport_set_ptr2(state->session, (gnutls_transport_ptr_t)(long) fileno(smtp_in), diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index b2adeb555..d7e83966f 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -2015,6 +2015,7 @@ if ( smtp_peer_options & OPTION_TLS /* TLS negotiation failed; give an error. From outside, this function may be called again to try in clear on a new connection, if the options permit it for this host. */ + DEBUG(D_tls) debug_printf("TLS session fail: %s\n", errstr); # ifdef SUPPORT_DANE if (sx->dane) @@ -4746,6 +4747,7 @@ retry_non_continued: "hosts_max_try (message older than host's retry time)\n"); } } + if (f.running_in_test_harness) millisleep(500); /* let server debug out */ } /* End of loop for trying multiple hosts. */ /* If we failed to find a matching host in the list, for an already-open |