diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-10-15 21:28:20 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-10-15 21:28:20 +0100 |
| commit | 2e5d9e711eef27badbff206e17238661d14cc7c2 (patch) | |
| tree | 75c5937b2b22fb197a1702c9f49106c1fb5d922c /src | |
| parent | 6b5cbf740022f7f57a425d212499f156b1641d49 (diff) | |
OpenSSL: SSLKEYLOGFILE support
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/environment.c | 17 | ||||
| -rw-r--r-- | src/src/tls-openssl.c | 6 | ||||
| -rw-r--r-- | src/src/tls.c | 11 |
3 files changed, 27 insertions, 7 deletions
diff --git a/src/src/environment.c b/src/src/environment.c index f3a90660e..cef82dfb1 100644 --- a/src/src/environment.c +++ b/src/src/environment.c @@ -24,6 +24,9 @@ Returns: TRUE if successful BOOL cleanup_environment() { +int old_pool = store_pool; +store_pool = POOL_PERM; /* Need perm memory for any created env vars */ + if (!keep_environment || *keep_environment == '\0') { /* From: https://github.com/dovecot/core/blob/master/src/lib/env-util.c#L55 @@ -59,17 +62,23 @@ else if (Ustrcmp(keep_environment, "*") != 0) } store_reset(reset_point); } -#ifndef DISABLE_TLS -tls_clean_env(); -#endif if (add_environment) { uschar * p; int sep = 0; const uschar * envlist = add_environment; + int old_pool = store_pool; - while ((p = string_nextinlist(&envlist, &sep, NULL, 0))) putenv(CS p); + while ((p = string_nextinlist(&envlist, &sep, NULL, 0))) + { + DEBUG(D_expand) debug_printf("adding %s\n", p); + putenv(CS p); + } } +#ifndef DISABLE_TLS +tls_clean_env(); +#endif +store_pool = old_pool; return TRUE; } diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 8e1f559af..67a35d489 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -841,7 +841,13 @@ DEBUG(D_tls) static void keylog_callback(const SSL *ssl, const char *line) { +char * filename; +FILE * fp; DEBUG(D_tls) debug_printf("%.200s\n", line); +if (!(filename = getenv("SSLKEYLOGFILE"))) return; +if (!(fp = fopen(filename, "a"))) return; +fprintf(fp, "%s\n", line); +fclose(fp); } #endif diff --git a/src/src/tls.c b/src/src/tls.c index 63d98c806..9c587e55d 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -371,9 +371,14 @@ return FALSE; } -/* Environment cleanup: The GnuTLS library spots SSLKEYLOGFILE in the envonment -and writes a file by that name. We might make the OpenSSL support do the same, -in some future release. Restrict that filename to be under the spool directory. +/* Environment cleanup: The GnuTLS library uses SSLKEYLOGFILE in the environment +and writes a file by that name. Our OpenSSL code does the same, using keying +info from the library API. +The GnuTLS support only works if exim is run by root, not taking advantage of +the setuid bit. +You can use either the external environment (modulo the keep_environment config) +or the add_environment config option for SSLKEYLOGFILE; the latter takes +precedence. If the path is absolute, require it starts with the spooldir; otherwise delete the env variable. If relative, prefix the spooldir. |