summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2019-05-02 17:16:05 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2019-05-02 17:23:05 +0100
commitb10c87b38c2345d15d30da5c18c823355ac506a9 (patch)
treedd521dbada2ce29bfdea4ecdc0995b833d152f2d /src
parent0565fc5a1155f97f29fb6e081343cfc4e477c611 (diff)
TLS: Session resumption, under the EXPERIMENTAL_TLS_RESUME build option.
Diffstat (limited to 'src')
-rw-r--r--src/OS/Makefile-Base4
-rw-r--r--src/src/acl.c2
-rw-r--r--src/src/config.h.defaults1
-rw-r--r--src/src/daemon.c5
-rw-r--r--src/src/dbfn.c7
-rw-r--r--src/src/dbfunctions.h2
-rw-r--r--src/src/dbstuff.h6
-rw-r--r--src/src/deliver.c23
-rw-r--r--src/src/enq.c4
-rw-r--r--src/src/exim.c3
-rw-r--r--src/src/exim_dbutil.c33
-rw-r--r--src/src/expand.c8
-rw-r--r--src/src/functions.h1
-rw-r--r--src/src/globals.c39
-rw-r--r--src/src/globals.h8
-rw-r--r--src/src/macro_predef.c5
-rw-r--r--src/src/macro_predef.h2
-rw-r--r--src/src/macros.h22
-rw-r--r--src/src/readconf.c3
-rw-r--r--src/src/receive.c6
-rw-r--r--src/src/retry.c4
-rw-r--r--src/src/smtp_in.c6
-rw-r--r--src/src/spool_in.c5
-rw-r--r--src/src/spool_out.c3
-rw-r--r--src/src/structs.h3
-rw-r--r--src/src/tls-gnu.c339
-rw-r--r--src/src/tls-openssl.c399
-rw-r--r--src/src/tls.c6
-rw-r--r--src/src/transport.c4
-rw-r--r--src/src/transports/smtp.c18
-rw-r--r--src/src/transports/smtp.h3
-rw-r--r--src/src/verify.c8
32 files changed, 820 insertions, 162 deletions
diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base
index 0fbee9d03..8ca9a485c 100644
--- a/src/OS/Makefile-Base
+++ b/src/OS/Makefile-Base
@@ -123,7 +123,7 @@ config.h: Makefile buildconfig ../src/config.h.defaults $(EDITME)
# Build the builtin-macros data struct
-MACRO_HSRC = macro_predef.h os.h globals.h config.h \
+MACRO_HSRC = macro_predef.h os.h globals.h config.h macros.h \
routers/accept.h routers/dnslookup.h routers/ipliteral.h \
routers/iplookup.h routers/manualroute.h routers/queryprogram.h \
routers/redirect.h
@@ -158,7 +158,7 @@ macro-transport.o: transport.c
macro-drtables.o : drtables.c
@echo "$(CC) -DMACRO_PREDEF drtables.c"
$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ drtables.c
-macro-tls.o: tls.c
+macro-tls.o: tls.c tls-gnu.c tls-openssl.c
@echo "$(CC) -DMACRO_PREDEF tls.c"
$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ tls.c
macro-appendfile.o : transports/appendfile.c
diff --git a/src/src/acl.c b/src/src/acl.c
index fdd32b8e7..19938affa 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -2406,7 +2406,7 @@ if ((t = tree_search(*anchor, key)))
/* We aren't using a pre-computed rate, so get a previously recorded rate
from the database, which will be updated and written back if required. */
-if (!(dbm = dbfn_open(US"ratelimit", O_RDWR, &dbblock, TRUE)))
+if (!(dbm = dbfn_open(US"ratelimit", O_RDWR, &dbblock, TRUE, TRUE)))
{
store_pool = old_pool;
sender_rate = NULL;
diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults
index a27ad3fd2..c5d5389ba 100644
--- a/src/src/config.h.defaults
+++ b/src/src/config.h.defaults
@@ -203,6 +203,7 @@ Do not put spaces between # and the 'define'.
#define EXPERIMENTAL_PIPE_CONNECT
#define EXPERIMENTAL_QUEUEFILE
#define EXPERIMENTAL_SRS
+#define EXPERIMENTAL_TLS_RESUME
/* For developers */
diff --git a/src/src/daemon.c b/src/src/daemon.c
index 4addf0ac7..cf5e09201 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -1985,6 +1985,11 @@ for (;;)
handle_ending_processes();
errno = select_errno;
+#ifdef SUPPORT_TLS
+ /* Create or rotate any required keys */
+ tls_daemon_init();
+#endif
+
/* Loop for all the sockets that are currently ready to go. If select
actually failed, we have set the count to 1 and select_failed=TRUE, so as
to use the common error code for select/accept below. */
diff --git a/src/src/dbfn.c b/src/src/dbfn.c
index 5555c710b..a60775681 100644
--- a/src/src/dbfn.c
+++ b/src/src/dbfn.c
@@ -72,6 +72,7 @@ Arguments:
dbblock Points to an open_db block to be filled in.
lof If TRUE, write to the log for actual open failures (locking failures
are always logged).
+ panic If TRUE, panic on failure to create the db directory
Returns: NULL if the open failed, or the locking failed. After locking
failures, errno is zero.
@@ -85,7 +86,7 @@ moment I haven't changed them.
*/
open_db *
-dbfn_open(uschar *name, int flags, open_db *dbblock, BOOL lof)
+dbfn_open(uschar *name, int flags, open_db *dbblock, BOOL lof, BOOL panic)
{
int rc, save_errno;
BOOL read_only = flags == O_RDONLY;
@@ -114,7 +115,7 @@ snprintf(CS filename, sizeof(filename), "%s/%s.lockfile", dirname, name);
if ((dbblock->lockfd = Uopen(filename, O_RDWR, EXIMDB_LOCKFILE_MODE)) < 0)
{
created = TRUE;
- (void)directory_make(spool_directory, US"db", EXIMDB_DIRECTORY_MODE, TRUE);
+ (void)directory_make(spool_directory, US"db", EXIMDB_DIRECTORY_MODE, panic);
dbblock->lockfd = Uopen(filename, O_RDWR|O_CREAT, EXIMDB_LOCKFILE_MODE);
}
@@ -536,7 +537,7 @@ while (Ufgets(buffer, 256, stdin) != NULL)
}
start = clock();
- odb = dbfn_open(s, O_RDWR, dbblock + i, TRUE);
+ odb = dbfn_open(s, O_RDWR, dbblock + i, TRUE, TRUE);
stop = clock();
if (odb)
diff --git a/src/src/dbfunctions.h b/src/src/dbfunctions.h
index 93d12efc3..2e18e0eff 100644
--- a/src/src/dbfunctions.h
+++ b/src/src/dbfunctions.h
@@ -10,7 +10,7 @@
void dbfn_close(open_db *);
int dbfn_delete(open_db *, const uschar *);
-open_db *dbfn_open(uschar *, int, open_db *, BOOL);
+open_db *dbfn_open(uschar *, int, open_db *, BOOL, BOOL);
void *dbfn_read_with_length(open_db *, const uschar *, int *);
uschar *dbfn_scan(open_db *, BOOL, EXIM_CURSOR **);
int dbfn_write(open_db *, const uschar *, void *, int);
diff --git a/src/src/dbstuff.h b/src/src/dbstuff.h
index 02cfa1446..6b1ae0ebb 100644
--- a/src/src/dbstuff.h
+++ b/src/src/dbstuff.h
@@ -804,5 +804,11 @@ typedef struct {
} dbdata_ehlo_resp;
#endif
+typedef struct {
+ time_t time_stamp;
+ /*************/
+ uschar session[1];
+} dbdata_tls_session;
+
/* End of dbstuff.h */
diff --git a/src/src/deliver.c b/src/src/deliver.c
index 696effdee..f79522d8e 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -803,12 +803,18 @@ return g;
#ifdef SUPPORT_TLS
static gstring *
-d_tlslog(gstring * s, address_item * addr)
+d_tlslog(gstring * g, address_item * addr)
{
if (LOGGING(tls_cipher) && addr->cipher)
- s = string_append(s, 2, US" X=", addr->cipher);
+ {
+ g = string_append(g, 2, US" X=", addr->cipher);
+#ifdef EXPERIMENTAL_TLS_RESUME
+ if (LOGGING(tls_resumption) && testflag(addr, af_tls_resume))
+ g = string_catn(g, US"*", 1);
+#endif
+ }
if (LOGGING(tls_certificate_verified) && addr->cipher)
- s = string_append(s, 2, US" CV=",
+ g = string_append(g, 2, US" CV=",
testflag(addr, af_cert_verified)
?
#ifdef SUPPORT_DANE
@@ -819,8 +825,8 @@ if (LOGGING(tls_certificate_verified) && addr->cipher)
"yes"
: "no");
if (LOGGING(tls_peerdn) && addr->peerdn)
- s = string_append(s, 3, US" DN=\"", string_printing(addr->peerdn), US"\"");
-return s;
+ g = string_append(g, 3, US" DN=\"", string_printing(addr->peerdn), US"\"");
+return g;
}
#endif
@@ -2900,7 +2906,7 @@ while (addr_local)
of these checks, rather than for all local deliveries, because some local
deliveries (e.g. to pipes) can take a substantial time. */
- if (!(dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE)))
+ if (!(dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE, TRUE)))
{
DEBUG(D_deliver|D_retry|D_hints_lookup)
debug_printf("no retry data available\n");
@@ -4794,6 +4800,9 @@ all pipes, so I do not see a reason to use non-blocking IO here
#ifdef SUPPORT_DANE
if (tls_out.dane_verified) setflag(addr, af_dane_verified);
#endif
+# ifdef EXPERIMENTAL_TLS_RESUME
+ if (tls_out.resumption & RESUME_USED) setflag(addr, af_tls_resume);
+# endif
/* Use an X item only if there's something to send */
#ifdef SUPPORT_TLS
@@ -6321,7 +6330,7 @@ while (addr_new) /* Loop until all addresses dealt with */
/* Failure to open the retry database is treated the same as if it does
not exist. In both cases, dbm_file is NULL. */
- if (!(dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE)))
+ if (!(dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE, TRUE)))
DEBUG(D_deliver|D_retry|D_route|D_hints_lookup)
debug_printf("no retry data available\n");
diff --git a/src/src/enq.c b/src/src/enq.c
index 573fc00ca..7feba5531 100644
--- a/src/src/enq.c
+++ b/src/src/enq.c
@@ -47,7 +47,7 @@ deliberate; the dbfn_open() function - which is an Exim function - always tries
to create if it can't open a read/write file. It expects only O_RDWR or
O_RDONLY as its argument. */
-if (!(dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE)))
+if (!(dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
return FALSE;
/* See if there is a record for this host or queue run; if there is, we cannot
@@ -101,7 +101,7 @@ dbdata_serialize *serial_record;
DEBUG(D_transport) debug_printf("end serialized: %s\n", key);
-if ( !(dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE))
+if ( !(dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE))
|| !(serial_record = dbfn_read(dbm_file, key))
)
return;
diff --git a/src/src/exim.c b/src/src/exim.c
index df76de15e..1952d91a4 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -934,6 +934,9 @@ fprintf(fp, "Support for:");
#ifdef EXPERIMENTAL_PIPE_CONNECT
fprintf(fp, " Experimental_PIPE_CONNECT");
#endif
+#ifdef EXPERIMENTAL_TLS_RESUME
+ fprintf(fp, " Experimental_TLS_resume");
+#endif
fprintf(fp, "\n");
fprintf(fp, "Lookups (built-in):");
diff --git a/src/src/exim_dbutil.c b/src/src/exim_dbutil.c
index a0514f009..2c7aad63b 100644
--- a/src/src/exim_dbutil.c
+++ b/src/src/exim_dbutil.c
@@ -20,6 +20,7 @@ argument is the name of the database file. The available names are:
misc: miscellaneous hints data
wait-<t>: message waiting information; <t> is a transport name
callout: callout verification cache
+ tls: TLS session resumption cache
There are a number of common subroutines, followed by three main programs,
whose inclusion is controlled by -D on the compilation command. */
@@ -35,6 +36,7 @@ whose inclusion is controlled by -D on the compilation command. */
#define type_misc 3
#define type_callout 4
#define type_ratelimit 5
+#define type_tls 6
/* This is used by our cut-down dbfn_open(). */
@@ -91,7 +93,7 @@ static void
usage(uschar *name, uschar *options)
{
printf("Usage: exim_%s%s <spool-directory> <database-name>\n", name, options);
-printf(" <database-name> = retry | misc | wait-<transport-name> | callout | ratelimit\n");
+printf(" <database-name> = retry | misc | wait-<transport-name> | callout | ratelimit | tls\n");
exit(1);
}
@@ -114,6 +116,7 @@ if (argc == 3)
if (Ustrncmp(argv[2], "wait-", 5) == 0) return type_wait;
if (Ustrcmp(argv[2], "callout") == 0) return type_callout;
if (Ustrcmp(argv[2], "ratelimit") == 0) return type_ratelimit;
+ if (Ustrcmp(argv[2], "tls") == 0) return type_tls;
}
usage(name, options);
return -1; /* Never obeyed */
@@ -240,6 +243,7 @@ Arguments:
flags O_RDONLY or O_RDWR
dbblock Points to an open_db block to be filled in.
lof Unused.
+ panic Unused
Returns: NULL if the open failed, or the locking failed.
On success, dbblock is returned. This contains the dbm pointer and
@@ -247,7 +251,7 @@ Returns: NULL if the open failed, or the locking failed.
*/
open_db *
-dbfn_open(uschar *name, int flags, open_db *dbblock, BOOL lof)
+dbfn_open(uschar *name, int flags, open_db *dbblock, BOOL lof, BOOL panic)
{
int rc;
struct flock lock_data;
@@ -525,7 +529,7 @@ uschar keybuffer[1024];
dbdata_type = check_args(argc, argv, US"dumpdb", US"");
spool_directory = argv[1];
-if (!(dbm = dbfn_open(argv[2], O_RDONLY, &dbblock, FALSE)))
+if (!(dbm = dbfn_open(argv[2], O_RDONLY, &dbblock, FALSE, TRUE)))
exit(1);
/* Scan the file, formatting the information for each entry. Note
@@ -541,6 +545,7 @@ for (uschar * key = dbfn_scan(dbm, TRUE, &cursor);
dbdata_callout_cache *callout;
dbdata_ratelimit *ratelimit;
dbdata_ratelimit_unique *rate_unique;
+ dbdata_tls_session *session;
int count_bad = 0;
int length;
uschar *t;
@@ -673,6 +678,11 @@ for (uschar * key = dbfn_scan(dbm, TRUE, &cursor);
keybuffer);
}
break;
+
+ case type_tls:
+ session = (dbdata_tls_session *)value;
+ printf(" %s %.*s\n", keybuffer, length, session->session);
+ break;
}
store_reset(value);
}
@@ -745,6 +755,7 @@ for(;;)
dbdata_callout_cache *callout;
dbdata_ratelimit *ratelimit;
dbdata_ratelimit_unique *rate_unique;
+ dbdata_tls_session *session;
int oldlength;
uschar *t;
uschar field[256], value[256];
@@ -783,7 +794,7 @@ for(;;)
int verify = 1;
spool_directory = argv[1];
- if (!(dbm = dbfn_open(argv[2], O_RDWR, &dbblock, FALSE)))
+ if (!(dbm = dbfn_open(argv[2], O_RDWR, &dbblock, FALSE, TRUE)))
continue;
if (Ustrcmp(field, "d") == 0)
@@ -925,6 +936,10 @@ for(;;)
break;
}
break;
+
+ case type_tls:
+ printf("Can't change contents of tls database record\n");
+ break;
}
dbfn_write(dbm, name, record, oldlength);
@@ -949,7 +964,7 @@ for(;;)
/* Handle a read request, or verify after an update. */
spool_directory = argv[1];
- if (!(dbm = dbfn_open(argv[2], O_RDONLY, &dbblock, FALSE)))
+ if (!(dbm = dbfn_open(argv[2], O_RDONLY, &dbblock, FALSE, TRUE)))
continue;
if (!(record = dbfn_read_with_length(dbm, name, &oldlength)))
@@ -1036,6 +1051,12 @@ for(;;)
printf("5 add element to filter\n");
}
break;
+
+ case type_tls:
+ session = (dbdata_tls_session *)value;
+ printf("0 time stamp: %s\n", print_time(session->time_stamp));
+ printf("1 session: .%s\n", session->session);
+ break;
}
}
@@ -1134,7 +1155,7 @@ oldest = time(NULL) - maxkeep;
printf("Tidying Exim hints database %s/db/%s\n", argv[1], argv[2]);
spool_directory = argv[1];
-if (!(dbm = dbfn_open(argv[2], O_RDWR, &dbblock, FALSE)))
+if (!(dbm = dbfn_open(argv[2], O_RDWR, &dbblock, FALSE, TRUE)))
exit(1);
/* Prepare for building file names */
diff --git a/src/src/expand.c b/src/src/expand.c
index ff1b72615..d8ea87dee 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -751,6 +751,9 @@ static var_entry var_table[] = {
{ "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
{ "tls_in_peercert", vtype_cert, &tls_in.peercert },
{ "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
+#ifdef EXPERIMENTAL_TLS_RESUME
+ { "tls_in_resumption", vtype_int, &tls_in.resumption },
+#endif
#if defined(SUPPORT_TLS)
{ "tls_in_sni", vtype_stringptr, &tls_in.sni },
#endif
@@ -765,6 +768,9 @@ static var_entry var_table[] = {
{ "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
{ "tls_out_peercert", vtype_cert, &tls_out.peercert },
{ "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
+#ifdef EXPERIMENTAL_TLS_RESUME
+ { "tls_out_resumption", vtype_int, &tls_out.resumption },
+#endif
#if defined(SUPPORT_TLS)
{ "tls_out_sni", vtype_stringptr, &tls_out.sni },
#endif
@@ -5039,7 +5045,7 @@ while (*s != 0)
port = ntohs(service_info->s_port);
}
- /*XXX we trust that the request is idempotent. Hmm. */
+ /*XXX we trust that the request is idempotent for TFO. Hmm. */
cctx.sock = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
timeout, &host, &expand_string_message,
do_tls ? NULL : &reqstr);
diff --git a/src/src/functions.h b/src/src/functions.h
index 2eb74579f..87953c413 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -51,6 +51,7 @@ extern BOOL tls_client_start(client_conn_ctx *, smtp_connect_args *,
extern void tls_close(void *, int);
extern BOOL tls_could_read(void);
+extern void tls_daemon_init(void);
extern int tls_export_cert(uschar *, size_t, void *);
extern int tls_feof(void);
extern int tls_ferror(void);
diff --git a/src/src/globals.c b/src/src/globals.c
index acabeb8c3..a2fa032bc 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -102,38 +102,12 @@ them. Also, the tls_ variables are now always visible. Note that these are
only used for smtp connections, not for service-daemon access. */
tls_support tls_in = {
- .active = {.sock = -1},
- .bits = 0,
- .certificate_verified = FALSE,
-#ifdef SUPPORT_DANE
- .dane_verified = FALSE,
- .tlsa_usage = 0,
-#endif
- .cipher = NULL,
- .on_connect = FALSE,
- .on_connect_ports = NULL,
- .ourcert = NULL,
- .peercert = NULL,
- .peerdn = NULL,
- .sni = NULL,
- .ocsp = OCSP_NOT_REQ
+ .active = {.sock = -1}
+ /* all other elements zero */
};
tls_support tls_out = {
.active = {.sock = -1},
- .bits = 0,
- .certificate_verified = FALSE,
-#ifdef SUPPORT_DANE
- .dane_verified = FALSE,
- .tlsa_usage = 0,
-#endif
- .cipher = NULL,
- .on_connect = FALSE,
- .on_connect_ports = NULL,
- .ourcert = NULL,
- .peercert = NULL,
- .peerdn = NULL,
- .sni = NULL,
- .ocsp = OCSP_NOT_REQ
+ /* all other elements zero */
};
uschar *dsn_envid = NULL;
@@ -161,6 +135,9 @@ uschar *tls_ocsp_file = NULL;
uschar *tls_privatekey = NULL;
BOOL tls_remember_esmtp = FALSE;
uschar *tls_require_ciphers = NULL;
+# ifdef EXPERIMENTAL_TLS_RESUME
+uschar *tls_resumption_hosts = NULL;
+# endif
uschar *tls_try_verify_hosts = NULL;
uschar *tls_verify_certificates= US"system";
uschar *tls_verify_hosts = NULL;
@@ -1047,7 +1024,8 @@ uschar *log_file_path = US LOG_FILE_PATH
int log_notall[] = {
-1
};
-bit_table log_options[] = { /* must be in alphabetical order */
+bit_table log_options[] = { /* must be in alphabetical order,
+ with definitions from enum logbit. */
BIT_TABLE(L, 8bitmime),
BIT_TABLE(L, acl_warn_skipped),
BIT_TABLE(L, address_rewrite),
@@ -1105,6 +1083,7 @@ bit_table log_options[] = { /* must be in alphabetical order */
BIT_TABLE(L, tls_certificate_verified),
BIT_TABLE(L, tls_cipher),
BIT_TABLE(L, tls_peerdn),
+ BIT_TABLE(L, tls_resumption),
BIT_TABLE(L, tls_sni),
BIT_TABLE(L, unknown_in_list),
};
diff --git a/src/src/globals.h b/src/src/globals.h
index a0c1977a2..1aacaf7e6 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -103,6 +103,11 @@ typedef struct {
OCSP_FAILED, /* verify failed */
OCSP_VFIED /* verified */
} ocsp; /* Stapled OCSP status */
+#ifdef EXPERIMENTAL_TLS_RESUME
+ unsigned resumption; /* Session resumption */
+ BOOL host_resumable:1;
+ BOOL ticket_received:1;
+#endif
} tls_support;
extern tls_support tls_in;
extern tls_support tls_out;
@@ -124,6 +129,9 @@ extern uschar *tls_ocsp_file; /* OCSP stapling proof file */
extern uschar *tls_privatekey; /* Private key file */
extern BOOL tls_remember_esmtp; /* For YAEB */
extern uschar *tls_require_ciphers; /* So some can be avoided */
+# ifdef EXPERIMENTAL_TLS_RESUME
+extern uschar *tls_resumption_hosts; /* TLS session resumption */
+# endif
extern uschar *tls_try_verify_hosts; /* Optional client verification */
extern uschar *tls_verify_certificates;/* Path for certificates to check */
extern uschar *tls_verify_hosts; /* Mandatory client verification */
diff --git a/src/src/macro_predef.c b/src/src/macro_predef.c
index 86be52f54..33249133a 100644
--- a/src/src/macro_predef.c
+++ b/src/src/macro_predef.c
@@ -200,6 +200,9 @@ due to conflicts with other common macros. */
#ifdef EXPERIMENTAL_PIPE_CONNECT
builtin_macro_create(US"_HAVE_PIPE_CONNECT");
#endif
+#ifdef EXPERIMENTAL_TLS_RESUME
+ builtin_macro_create(US"_HAVE_TLS_RESUME");
+#endif
#ifdef LOOKUP_LSEARCH
builtin_macro_create(US"_HAVE_LOOKUP_LSEARCH");
@@ -287,7 +290,7 @@ options_routers();
options_transports();
options_auths();
options_logging();
-#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+#if defined(SUPPORT_TLS)
options_tls();
#endif
}
diff --git a/src/src/macro_predef.h b/src/src/macro_predef.h
index f265750ca..79a8d6f15 100644
--- a/src/src/macro_predef.h
+++ b/src/src/macro_predef.h
@@ -20,7 +20,7 @@ extern void options_transports(void);
extern void options_auths(void);
extern void options_logging(void);
extern void params_dkim(void);
-#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+#if defined(SUPPORT_TLS)
extern void options_tls(void);
#endif
diff --git a/src/src/macros.h b/src/src/macros.h
index f98d5e6bd..e3f1f4c28 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -435,11 +435,12 @@ enum {
/* Options bits for logging. Those that have values < BITWORDSIZE can be used
in calls to log_write(). The others are put into later words in log_selector
and are only ever tested independently, so they do not need bit mask
-declarations. The Li_all value is recognized specially by decode_bits(). */
+declarations. The Li_all value is recognized specially by decode_bits().
+Add also to log_options[] when creating new ones. */
#define LOG_BIT(name) Li_##name = IOTA(Li_iota), L_##name = BIT(Li_##name)
-enum {
+enum logbit {
Li_all = -1,
Li_iota = IOTA_INIT(0),
@@ -495,6 +496,7 @@ enum {
Li_tls_certificate_verified,
Li_tls_cipher,
Li_tls_peerdn,
+ Li_tls_resumption,
Li_tls_sni,
Li_unknown_in_list,
@@ -1077,5 +1079,21 @@ should not be one active. */
#define AUTH_ITEM_IGN64 BIT(2)
+/* Flags for tls_{in,out}_resumption */
+#define RESUME_SUPPORTED BIT(0)
+#define RESUME_CLIENT_REQUESTED BIT(1)
+#define RESUME_CLIENT_SUGGESTED BIT(2)
+#define RESUME_SERVER_TICKET BIT(3)
+#define RESUME_USED BIT(4)
+
+#define RESUME_DECODE_STRING \
+ US"not requested or offered : 0x02 :client requested, no server ticket" \
+ ": 0x04 : 0x05 : 0x06 :client offered session, no server action" \
+ ": 0x08 :no client request: 0x0A :client requested new ticket, server provided" \
+ ": 0x0C :client offered session, not used: 0x0E :client offered session, server only provided new ticket" \
+ ": 0x10 :session resumed unasked: 0x12 :session resumed unasked" \
+ ": 0x14 : 0x15 : 0x16 :session resumed" \
+ ": 0x18 :session resumed unasked: 0x1A :session resumed unasked" \
+ ": 0x1C :session resumed: 0x1E :session resumed, also new ticket"
/* End of macros.h */
diff --git a/src/src/readconf.c b/src/src/readconf.c
index 150d7973d..cac8fe5c2 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -367,6 +367,9 @@ static optionlist optionlist_config[] = {
{ "tls_privatekey", opt_stringptr, &tls_privatekey },
{ "tls_remember_esmtp", opt_bool, &tls_remember_esmtp },
{ "tls_require_ciphers", opt_stringptr, &tls_require_ciphers },
+# ifdef EXPERIMENTAL_TLS_RESUME
+ { "tls_resumption_hosts", opt_stringptr, &tls_resumption_hosts },
+# endif
{ "tls_try_verify_hosts", opt_stringptr, &tls_try_verify_hosts },
{ "tls_verify_certificates", opt_stringptr, &tls_verify_certificates },
{ "tls_verify_hosts", opt_stringptr, &tls_verify_hosts },
diff --git a/src/src/receive.c b/src/src/receive.c
index 701d540b0..fbd32c8fa 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -3980,7 +3980,13 @@ g = add_host_info_for_log(g);
#ifdef SUPPORT_TLS
if (LOGGING(tls_cipher) && tls_in.cipher)
+ {
g = string_append(g, 2, US" X=", tls_in.cipher);
+# ifdef EXPERIMENTAL_TLS_RESUME
+ if (LOGGING(tls_resumption) && tls_in.resumption & RESUME_USED)
+ g = string_catn(g, US"*", 1);
+# endif
+ }
if (LOGGING(tls_certificate_verified) && tls_in.cipher)
g = string_append(g, 2, US" CV=", tls_in.certificate_verified ? "yes":"no");
if (LOGGING(tls_peerdn) && tls_in.peerdn)
diff --git a/src/src/retry.c b/src/src/retry.c
index dc39813fb..509de123c 100644
--- a/src/src/retry.c
+++ b/src/src/retry.c
@@ -170,7 +170,7 @@ if ((node = tree_search(tree_unusable, host_key)))
/* Open the retry database, giving up if there isn't one. Otherwise, search for
the retry records, and then close the database again. */
-if (!(dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE)))
+if (!(dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE, TRUE)))
{
DEBUG(D_deliver|D_retry|D_hints_lookup)
debug_printf("no retry data available\n");
@@ -580,7 +580,7 @@ for (int i = 0; i < 3; i++)
reached their retry next try time. */
if (!dbm_file)
- dbm_file = dbfn_open(US"retry", O_RDWR, &dbblock, TRUE);
+ dbm_file = dbfn_open(US"retry", O_RDWR, &dbblock, TRUE, TRUE);
if (!dbm_file)
{
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index b46f3e876..40fd3083b 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -1786,7 +1786,13 @@ static gstring *
s_tlslog(gstring * g)
{
if (LOGGING(tls_cipher) && tls_in.cipher)
+ {
g = string_append(g, 2, US" X=", tls_in.cipher);
+#ifdef EXPERIMENTAL_TLS_RESUME
+ if (LOGGING(tls_resumption) && tls_in.resumption & RESUME_USED)
+ g = string_catn(g, US"*", 1);
+#endif
+ }
if (LOGGING(tls_certificate_verified) && tls_in.cipher)
g = string_append(g, 2, US" CV=", tls_in.certificate_verified? "yes":"no");
if (LOGGING(tls_peerdn) && tls_in.peerdn)
diff --git a/src/src/spool_in.c b/src/src/spool_in.c
index 786eb514e..95004c103 100644
--- a/src/src/spool_in.c
+++ b/src/src/spool_in.c
@@ -667,6 +667,11 @@ for (;;)
tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
else if (Ustrncmp(q, "ocsp", 4) == 0)
tls_in.ocsp = big_buffer[10] - '0';
+# ifdef EXPERIMENTAL_TLS_RESUME
+ else if (Ustrncmp(q, "resumption", 10) == 0)
+ tls_in.resumption = big_buffer[16] - 'A';
+# endif
+
}
break;
#endif
diff --git a/src/src/spool_out.c b/src/src/spool_out.c
index 46a490a93..d14914f94 100644
--- a/src/src/spool_out.c
+++ b/src/src/spool_out.c
@@ -249,6 +249,9 @@ if (tls_in.ourcert)
fprintf(fp, "-tls_ourcert %s\n", CS big_buffer);
}
if (tls_in.ocsp) fprintf(fp, "-tls_ocsp %d\n", tls_in.ocsp);
+# ifdef EXPERIMENTAL_TLS_RESUME
+fprintf(fp, "-tls_resumption %c\n", 'A' + tls_in.resumption);
+# endif
#endif
#ifdef SUPPORT_I18N
diff --git a/src/src/structs.h b/src/src/structs.h
index 7fb32777c..349aa38e8 100644
--- a/src/src/structs.h
+++ b/src/src/structs.h
@@ -637,6 +637,9 @@ typedef struct address_item {
#ifdef SUPPORT_I18N
BOOL af_utf8_downcvt:1; /* downconvert was done for delivery */
#endif
+#ifdef EXPERIMENTAL_TLS_RESUME
+ BOOL af_tls_resume:1; /* TLS used a resumed session */
+#endif
} flags;
unsigned int domain_cache[(MAX_NAMED_LIST * 2)/32];
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 91ddc579b..32625d6d8 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -99,6 +99,17 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
#include "tls-cipher-stdname.c"
+#ifdef MACRO_PREDEF
+void
+options_tls(void)
+{
+# ifdef EXPERIMENTAL_TLS_RESUME
+builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );
+# endif
+}
+#else
+
+
/* GnuTLS 2 vs 3
GnuTLS 3 only:
@@ -174,45 +185,9 @@ typedef struct exim_gnutls_state {
} exim_gnutls_state_st;
static const exim_gnutls_state_st exim_gnutls_state_init = {
- .session = NULL,
- .x509_cred = NULL,
- .priority_cache = NULL,
- .verify_requirement = VERIFY_NONE,
+ /* all elements not explicitly intialised here get 0/NULL/FALSE */
.fd_in = -1,
.fd_out = -1,
- .peer_cert_verified = FALSE,
- .peer_dane_verified = FALSE,
- .trigger_sni_changes =FALSE,
- .have_set_peerdn = FALSE,
- .host = NULL,
- .peercert = NULL,
- .peerdn = NULL,
- .ciphersuite = NULL,
- .received_sni = NULL,
-
- .tls_certificate = NULL,
- .tls_privatekey = NULL,
- .tls_sni = NULL,
- .tls_verify_certificates = NULL,
- .tls_crl = NULL,
- .tls_require_ciphers =NULL,
-
- .exp_tls_certificate = NULL,
- .exp_tls_privatekey = NULL,
- .exp_tls_verify_certificates = NULL,
- .exp_tls_crl = NULL,
- .exp_tls_require_ciphers = NULL,
- .exp_tls_verify_cert_hostnames = NULL,
-#ifndef DISABLE_EVENT
- .event_action = NULL,
-#endif
- .tlsp = NULL,
-
- .xfer_buffer = NULL,
- .xfer_buffer_lwm = 0,
- .xfer_buffer_hwm = 0,
- .xfer_eof = FALSE,
- .xfer_error = FALSE,
};
/* Not only do we have our own APIs which don't pass around state, assuming
@@ -234,9 +209,7 @@ don't want to repeat this. */
static gnutls_dh_params_t dh_server_params = NULL;
-/* No idea how this value was chosen; preserving it. Default is 3600. */
-
-static const int ssl_session_timeout = 200;
+static int ssl_session_timeout = 3600; /* One hour */
static const uschar * const exim_default_gnutls_priority = US"NORMAL";
@@ -248,6 +221,9 @@ static BOOL exim_gnutls_base_init_done = FALSE;
static BOOL gnutls_buggy_ocsp = FALSE;
#endif
+#ifdef EXPERIMENTAL_TLS_RESUME
+static gnutls_datum_t server_sessticket_key;
+#endif
/* ------------------------------------------------------------------------ */
/* macros */
@@ -261,7 +237,7 @@ setuid binaries, making it useless - "GNUTLS_DEBUG_LEVEL".
Allegedly the testscript line "GNUTLS_DEBUG_LEVEL=9 sudo exim ..." would work,
but the env var must be added to /etc/sudoers too. */
#ifndef EXIM_GNUTLS_LIBRARY_LOG_LEVEL
-# define EXIM_GNUTLS_LIBRARY_LOG_LEVEL -1
+# define EXIM_GNUTLS_LIBRARY_LOG_LEVEL 9
#endif
#ifndef EXIM_CLIENT_DH_MIN_BITS
@@ -312,6 +288,24 @@ static int server_ocsp_stapling_cb(gnutls_session_t session, void * ptr,
+/* Daemon one-time initialisation */
+void
+tls_daemon_init(void)
+{
+#ifdef EXPERIMENTAL_TLS_RESUME
+/* We are dependent on the GnuTLS implementation of the Session Ticket
+encryption; both the strength and the key rotation period. We hope that
+the strength at least matches that of the ciphersuite (but GnuTLS does not
+document this). */
+
+static BOOL once = FALSE;
+if (once) return;
+once = TRUE;
+gnutls_session_ticket_key_generate(&server_sessticket_key); /* >= 2.10.0 */
+if (f.running_in_test_harness) ssl_session_timeout = 6;
+#endif
+}
+
/* ------------------------------------------------------------------------ */
/* Static functions */
@@ -463,7 +457,6 @@ Argument:
static void
extract_exim_vars_from_tls_state(exim_gnutls_state_st * state)
{
-gnutls_cipher_algorithm_t cipher;
#ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING
int old_pool;
int rc;
@@ -474,12 +467,6 @@ tls_support * tlsp = state->tlsp;
tlsp->active.sock = state->fd_out;
tlsp->active.tls_ctx = state;
-cipher = gnutls_cipher_get(state->session);
-/* returns size in "bytes" */
-tlsp->bits = gnutls_cipher_get_key_size(cipher) * 8;
-
-tlsp->cipher = state->ciphersuite;
-
DEBUG(D_tls) debug_printf("cipher: %s\n", state->ciphersuite);
tlsp->certificate_verified = state->peer_cert_verified;
@@ -1423,6 +1410,9 @@ if ((rc = gnutls_priority_init(&state->priority_cache, CCS p, &errpos)))
if ((rc = gnutls_priority_set(state->session, state->priority_cache)))
return tls_error_gnu(US"gnutls_priority_set", rc, host, errstr);
+/* This also sets the server ticket expiration time to the same, and
+the STEK rotation time to 3x. */
+
gnutls_db_set_cache_expiration(state->session, ssl_session_timeout);
/* Reduce security in favour of increased compatibility, if the admin
@@ -1492,9 +1482,10 @@ Returns: OK/DEFER/FAIL
*/
static int
-peer_status(exim_gnutls_state_st *state, uschar ** errstr)
+peer_status(exim_gnutls_state_st * state, uschar ** errstr)
{
-const gnutls_datum_t *cert_list;
+gnutls_session_t session = state->session;
+const gnutls_datum_t * cert_list;
int old_pool, rc;
unsigned int cert_list_size = 0;
gnutls_protocol_t protocol;
@@ -1503,7 +1494,7 @@ gnutls_kx_algorithm_t kx;
gnutls_mac_algorithm_t mac;
gnutls_certificate_type_t ct;
gnutls_x509_crt_t crt;
-uschar *dn_buf;
+uschar * dn_buf;
size_t sz;
if (state->have_set_peerdn)
@@ -1513,23 +1504,24 @@ state->have_set_peerdn = TRUE;
state->peerdn = NULL;
/* tls_cipher */
-cipher = gnutls_cipher_get(state->session);
-protocol = gnutls_protocol_get_version(state->session);
-mac = gnutls_mac_get(state->session);
+cipher = gnutls_cipher_get(session);
+protocol = gnutls_protocol_get_version(session);
+mac = gnutls_mac_get(session);
kx =
#ifdef GNUTLS_TLS1_3
protocol >= GNUTLS_TLS1_3 ? 0 :
#endif
- gnutls_kx_get(state->session);
+ gnutls_kx_get(session);
old_pool = store_pool;
{
+ tls_support * tlsp = state->tlsp;
store_pool = POOL_PERM;
#ifdef SUPPORT_GNUTLS_SESS_DESC
{
gstring * g = NULL;
- uschar * s = US gnutls_session_get_desc(state->session), c;
+ uschar * s = US gnutls_session_get_desc(session), c;
/* Nikos M suggests we use this by preference. It returns like:
(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
@@ -1568,15 +1560,15 @@ old_pool = store_pool;
/* debug_printf("peer_status: ciphersuite %s\n", state->ciphersuite); */
- state->tlsp->cipher = state->ciphersuite;
- state->tlsp->bits = gnutls_cipher_get_key_size(cipher) * 8;
+ tlsp->cipher = state->ciphersuite;
+ tlsp->bits = gnutls_cipher_get_key_size(cipher) * 8;
- state->tlsp->cipher_stdname = cipher_stdname_kcm(kx, cipher, mac);
+ tlsp->cipher_stdname = cipher_stdname_kcm(kx, cipher, mac);
}
store_pool = old_pool;
/* tls_peerdn */
-cert_list = gnutls_certificate_get_peers(state->session, &cert_list_size);
+cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
if (!cert_list || cert_list_size == 0)
{
@@ -1588,7 +1580,7 @@ if (!cert_list || cert_list_size == 0)
return OK;
}
-if ((ct = gnutls_certificate_type_get(state->session)) != GNUTLS_CRT_X509)
+if ((ct = gnutls_certificate_type_get(session)) != GNUTLS_CRT_X509)
{
const uschar * ctn = US gnutls_certificate_type_get_name(ct);
DEBUG(D_tls)
@@ -1660,13 +1652,14 @@ verify_certificate(exim_gnutls_state_st * state, uschar ** errstr)
int rc;
uint verify;
-if (state->verify_requirement == VERIFY_NONE)
- return TRUE;
-
DEBUG(D_tls) debug_printf("TLS: checking peer certificate\n");
*errstr = NULL;
+rc = peer_status(state, errstr);
-if ((rc = peer_status(state, errstr)) != OK || !state->peerdn)
+if (state->verify_requirement == VERIFY_NONE)
+ return TRUE;
+
+if (rc != OK || !state->peerdn)
{
verify = GNUTLS_CERT_INVALID;
*errstr = US"certificate not supplied";
@@ -2065,7 +2058,6 @@ return g;
static void
post_handshake_debug(exim_gnutls_state_st * state)
{
-debug_printf("gnutls_handshake was successful\n");
#ifdef SUPPORT_GNUTLS_SESS_DESC
debug_printf("%s\n", gnutls_session_get_desc(state->session));
#endif
@@ -2094,6 +2086,63 @@ else
#endif
}
+
+#ifdef EXPERIMENTAL_TLS_RESUME
+static int
+tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
+ unsigned incoming, const gnutls_datum_t * msg)
+{
+DEBUG(D_tls) debug_printf("newticket cb\n");
+tls_in.resumption |= RESUME_CLIENT_REQUESTED;
+return 0;
+}
+
+static void
+tls_server_resume_prehandshake(exim_gnutls_state_st * state)
+{
+/* Should the server offer session resumption? */
+tls_in.resumption = RESUME_SUPPORTED;
+if (verify_check_host(&tls_resumption_hosts) == OK)
+ {
+ int rc;
+ /* GnuTLS appears to not do ticket overlap, but does emit a fresh ticket when
+ an offered resumption is unacceptable. We lose one resumption per ticket
+ lifetime, and sessions cannot be indefinitely re-used. There seems to be no
+ way (3.6.7) of changing the default number of 2 TLS1.3 tickets issued, but at
+ least they go out in a single packet. */
+
+ if (!(rc = gnutls_session_ticket_enable_server(state->session,
+ &server_sessticket_key)))
+ tls_in.resumption |= RESUME_SERVER_TICKET;
+ else
+ DEBUG(D_tls)
+ debug_printf("enabling session tickets: %s\n", US gnutls_strerror(rc));
+
+ /* Try to tell if we see a ticket request */
+ gnutls_handshake_set_hook_function(state->session,
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, GNUTLS_HOOK_POST, tls_server_ticket_cb);
+ }
+}
+
+static void
+tls_server_resume_posthandshake(exim_gnutls_state_st * state)
+{
+if (gnutls_session_resumption_requested(state->session))
+ {
+ /* This tells us the client sent a full ticket. We use a
+ callback on session-ticket request, elsewhere, to tell
+ if a client asked for a ticket. */
+
+ tls_in.resumption |= RESUME_CLIENT_SUGGESTED;
+ DEBUG(D_tls) debug_printf("client requested resumption\n");
+ }
+if (gnutls_session_is_resumed(state->session))
+ {
+ tls_in.resumption |= RESUME_USED;
+ DEBUG(D_tls) debug_printf("Session resumed\n");
+ }
+}
+#endif
/* ------------------------------------------------------------------------ */
/* Exported functions */
@@ -2141,6 +2190,10 @@ if ((rc = tls_init(NULL, tls_certificate, tls_privatekey,
NULL, tls_verify_certificates, tls_crl,
require_ciphers, &state, &tls_in, errstr)) != OK) return rc;
+#ifdef EXPERIMENTAL_TLS_RESUME
+tls_server_resume_prehandshake(state);
+#endif
+
/* If this is a host for which certificate verification is mandatory or
optional, set up appropriately. */
@@ -2240,6 +2293,10 @@ if (rc != GNUTLS_E_SUCCESS)
return FAIL;
}
+#ifdef EXPERIMENTAL_TLS_RESUME
+tls_server_resume_posthandshake(state);
+#endif
+
DEBUG(D_tls) post_handshake_debug(state);
/* Verify after the fact */
@@ -2256,10 +2313,6 @@ if (!verify_certificate(state, errstr))
*errstr);
}
-/* Figure out peer DN, and if authenticated, etc. */
-
-if ((rc = peer_status(state, NULL)) != OK) return rc;
-
/* Sets various Exim expansion variables; always safe within server */
extract_exim_vars_from_tls_state(state);
@@ -2372,6 +2425,140 @@ return TRUE;
+#ifdef EXPERIMENTAL_TLS_RESUME
+/* On the client, get any stashed session for the given IP from hints db
+and apply it to the ssl-connection for attempted resumption. Although
+there is a gnutls_session_ticket_enable_client() interface it is
+documented as unnecessary (as of 3.6.7) as "session tickets are emabled
+by deafult". There seems to be no way to disable them, so even hosts not
+enabled by the transport option will be sent a ticket request. We will
+however avoid storing and retrieving session information. */
+
+static void
+tls_retrieve_session(tls_support * tlsp, gnutls_session_t session,
+ host_item * host, smtp_transport_options_block * ob)
+{
+tlsp->resumption = RESUME_SUPPORTED;
+if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, host) == OK)
+ {
+ dbdata_tls_session * dt;
+ int len, rc;
+ open_db dbblock, * dbm_file;
+
+ DEBUG(D_tls)
+ debug_printf("check for resumable session for %s\n", host->address);
+ tlsp->host_resumable = TRUE;
+ tlsp->resumption |= RESUME_CLIENT_REQUESTED;
+ if ((dbm_file = dbfn_open(US"tls", O_RDONLY, &dbblock, FALSE, FALSE)))
+ {
+ /* key for the db is the IP */
+ if ((dt = dbfn_read_with_length(dbm_file, host->address, &len)))
+ if (!(rc = gnutls_session_set_data(session,
+ CUS dt->session, (size_t)len - sizeof(dbdata_tls_session))))
+ {
+ DEBUG(D_tls) debug_printf("good session\n");
+ tlsp->resumption |= RESUME_CLIENT_SUGGESTED;
+ }
+ else DEBUG(D_tls) debug_printf("setting session resumption data: %s\n",
+ US gnutls_strerror(rc));
+ dbfn_close(dbm_file);
+ }
+ }
+}
+
+
+static void
+tls_save_session(tls_support * tlsp, gnutls_session_t session, const host_item * host)
+{
+/* TLS 1.2 - we get both the callback and the direct posthandshake call,
+but this flag is not set until the second. TLS 1.3 it's the other way about.
+Keep both calls as the session data cannot be extracted before handshake
+completes. */
+
+if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)
+ {
+ gnutls_datum_t tkt;
+ int rc;
+
+ DEBUG(D_tls) debug_printf("server offered session ticket\n");
+ tlsp->ticket_received = TRUE;
+ tlsp->resumption |= RESUME_SERVER_TICKET;
+
+ if (tlsp->host_resumable)
+ if (!(rc = gnutls_session_get_data2(session, &tkt)))
+ {
+ open_db dbblock, * dbm_file;
+ int dlen = sizeof(dbdata_tls_session) + tkt.size;
+ dbdata_tls_session * dt = store_get(dlen);
+
+ DEBUG(D_tls) debug_printf("session data size %u\n", (unsigned)tkt.size);
+ memcpy(dt->session, tkt.data, tkt.size);
+ gnutls_free(tkt.data);
+
+ if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))
+ {
+ /* key for the db is the IP */
+ dbfn_delete(dbm_file, host->address);
+ dbfn_write(dbm_file, host->address, dt, dlen);
+ dbfn_close(dbm_file);
+
+ DEBUG(D_tls)
+ debug_printf("wrote session db (len %u)\n", (unsigned)dlen);
+ }
+ }
+ else DEBUG(D_tls)
+ debug_printf("extract session data: %s\n", US gnutls_strerror(rc));
+ }
+}
+
+
+/* With a TLS1.3 session, the ticket(s) are not seen until
+the first data read is attempted. And there's often two of them.
+Pick them up with this callback. We are also called for 1.2
+but we do nothing.
+*/
+static int
+tls_client_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
+ unsigned incoming, const gnutls_datum_t * msg)
+{
+exim_gnutls_state_st * state = gnutls_session_get_ptr(sess);
+tls_support * tlsp = state->tlsp;
+
+DEBUG(D_tls) debug_printf("newticket cb\n");
+
+if (!tlsp->ticket_received)
+ tls_save_session(tlsp, sess, state->host);
+return 0;
+}
+
+
+static void
+tls_client_resume_prehandshake(exim_gnutls_state_st * state,
+ tls_support * tlsp, host_item * host,
+ smtp_transport_options_block * ob)
+{
+gnutls_session_set_ptr(state->session, state);
+gnutls_handshake_set_hook_function(state->session,
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, GNUTLS_HOOK_POST, tls_client_ticket_cb);
+
+tls_retrieve_session(tlsp, state->session, host, ob);
+}
+
+static void
+tls_client_resume_posthandshake(exim_gnutls_state_st * state,
+ tls_support * tlsp, host_item * host)
+{
+if (gnutls_session_is_resumed(state->session))
+ {
+ DEBUG(D_tls) debug_printf("Session resumed\n");
+ tlsp->resumption |= RESUME_USED;
+ }
+
+tls_save_session(tlsp, state->session, host);
+}
+#endif /* EXPERIMENTAL_TLS_RESUME */
+
+
/*************************************************
* Start a TLS session in a client *
*************************************************/
@@ -2512,6 +2699,10 @@ if (request_ocsp)
}
#endif
+#ifdef EXPERIMENTAL_TLS_RESUME
+tls_client_resume_prehandshake(state, tlsp, host, ob);
+#endif
+
#ifndef DISABLE_EVENT
if (tb && tb->event_action)
{
@@ -2589,10 +2780,9 @@ if (require_ocsp)
}
#endif
-/* Figure out peer DN, and if authenticated, etc. */
-
-if (peer_status(state, errstr) != OK)
- return FALSE;
+#ifdef EXPERIMENTAL_TLS_RESUME
+tls_client_resume_posthandshake(state, tlsp, host);
+#endif
/* Sets various Exim expansion variables; may need to adjust for ACL callouts */
@@ -3090,6 +3280,7 @@ fprintf(f, "Library version: GnuTLS: Compile: %s\n"
gnutls_check_version(NULL));
}
+#endif /*!MACRO_PREDEF*/
/* vi: aw ai sw=2
*/
/* End of tls-gnu.c */
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index c7b22a0db..06008decc 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2,7 +2,7 @@
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) University of Cambridge 1995 - 2019 */
/* See the file NOTICE for conditions of use and distribution. */
/* Portions Copyright (c) The OpenSSL Project 1999 */
@@ -72,6 +72,7 @@ change this guard and punt the issue for a while longer. */
# define EXIM_HAVE_OPENSSL_TLS_METHOD
# define EXIM_HAVE_OPENSSL_KEYLOG
# define EXIM_HAVE_OPENSSL_CIPHER_GET_ID
+# define EXIM_HAVE_SESSION_TICKET
# else
# define EXIM_NEED_OPENSSL_INIT
# endif
@@ -249,6 +250,10 @@ for (struct exim_openssl_option * o = exim_openssl_options;
spf(buf, sizeof(buf), US"_OPT_OPENSSL_%T_X", o->name);
builtin_macro_create(buf);
}
+
+# ifdef EXPERIMENTAL_TLS_RESUME
+builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );
+# endif
}
#else
@@ -303,7 +308,7 @@ static SSL_CTX *server_sni = NULL;
static char ssl_errstring[256];
-static int ssl_session_timeout = 200;
+static int ssl_session_timeout = 3600;
static BOOL client_verify_optional = FALSE;
static BOOL server_verify_optional = FALSE;
@@ -311,6 +316,7 @@ static BOOL reexpand_tls_files_for_sni = FALSE;
typedef struct tls_ext_ctx_cb {
+ tls_support * tlsp;
uschar *certificate;
uschar *privatekey;
BOOL is_server;
@@ -342,7 +348,7 @@ typedef struct tls_ext_ctx_cb {
/* should figure out a cleanup of API to handle state preserved per
implementation, for various reasons, which can be void * in the APIs.
For now, we hack around it. */
-tls_ext_ctx_cb *client_static_cbinfo = NULL;
+tls_ext_ctx_cb *client_static_cbinfo = NULL; /*XXX should not use static; multiple concurrent clients! */
tls_ext_ctx_cb *server_static_cbinfo = NULL;
static int
@@ -358,6 +364,23 @@ static int tls_server_stapling_cb(SSL *s, void *arg);
#endif
+
+/* Daemon-called key create/rotate */
+#ifdef EXPERIMENTAL_TLS_RESUME
+static void tk_init(void);
+static int tls_exdata_idx = -1;
+#endif
+
+void
+tls_daemon_init(void)
+{
+#ifdef EXPERIMENTAL_TLS_RESUME
+tk_init();
+#endif
+return;
+}
+
+
/*************************************************
* Handle TLS error *
*************************************************/
@@ -803,6 +826,121 @@ DEBUG(D_tls) debug_printf("%.200s\n", line);
#endif
+#ifdef EXPERIMENTAL_TLS_RESUME
+/* Manage the keysets used for encrypting the session tickets, on the server. */
+
+typedef struct { /* Session ticket encryption key */
+ uschar name[16];
+
+ const EVP_CIPHER * aes_cipher;
+ uschar aes_key[16]; /* size needed depends on cipher. aes_128 implies 128/8 = 16? */
+ const EVP_MD * hmac_hash;
+ uschar hmac_key[16];
+ time_t renew;
+ time_t expire;
+} exim_stek;
+
+/*XXX for now just always create/find the one key.
+Worry about rotation and overlap later. */
+
+static exim_stek exim_tk;
+static exim_stek exim_tk_old;
+
+static void
+tk_init(void)
+{
+if (exim_tk.name[0])
+ {
+ if (exim_tk.renew >= time(NULL)) return;
+ exim_tk_old = exim_tk;
+ }
+
+if (f.running_in_test_harness) ssl_session_timeout = 6;
+
+DEBUG(D_tls) debug_printf("OpenSSL: %s STEK\n", exim_tk.name[0] ? "rotating" : "creating");
+if (RAND_bytes(exim_tk.aes_key, sizeof(exim_tk.aes_key)) <= 0) return;
+if (RAND_bytes(exim_tk.hmac_key, sizeof(exim_tk.hmac_key)) <= 0) return;
+if (RAND_bytes(exim_tk.name+1, sizeof(exim_tk.name)-1) <= 0) return;
+
+exim_tk.name[0] = 'E';
+exim_tk.aes_cipher = EVP_aes_128_cbc();
+exim_tk.hmac_hash = EVP_sha256();
+exim_tk.expire = time(NULL) + ssl_session_timeout;
+exim_tk.renew = exim_tk.expire - ssl_session_timeout/2;
+}
+
+static exim_stek *
+tk_current(void)
+{
+if (!exim_tk.name[0]) return NULL;
+return &exim_tk;
+}
+
+static exim_stek *
+tk_find(const uschar * name)
+{
+return memcmp(name, exim_tk.name, sizeof(exim_tk.name)) == 0 ? &exim_tk
+ : memcmp(name, exim_tk_old.name, sizeof(exim_tk_old.name)) == 0 ? &exim_tk_old
+ : NULL;
+}
+
+/* Callback for session tickets, on server */
+static int
+ticket_key_callback(SSL * ssl, uschar key_name[16],
+ uschar * iv, EVP_CIPHER_CTX * ctx, HMAC_CTX * hctx, int enc)
+{
+tls_support * tlsp = server_static_cbinfo->tlsp;
+exim_stek * key;
+
+if (enc)
+ {
+ DEBUG(D_tls) debug_printf("ticket_key_callback: create new session\n");
+ tlsp->resumption |= RESUME_CLIENT_REQUESTED;
+
+ if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
+ return -1; /* insufficient random */
+
+ if (!(key = tk_current())) /* current key doesn't exist or isn't valid */
+ return 0; /* key couldn't be created */
+ memcpy(key_name, key->name, 16);
+ DEBUG(D_tls) debug_printf("STEK expire %ld\n", key->expire - time(NULL));
+
+ /*XXX will want these dependent on the ssl session strength */
+ HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
+ key->hmac_hash, NULL);
+ EVP_EncryptInit_ex(ctx, key->aes_cipher, NULL, key->aes_key, iv);
+
+ DEBUG(D_tls) debug_printf("ticket created\n");
+ return 1;
+ }
+else
+ {
+ time_t now = time(NULL);
+
+ DEBUG(D_tls) debug_printf("ticket_key_callback: retrieve session\n");
+ tlsp->resumption |= RESUME_CLIENT_SUGGESTED;
+
+ if (!(key = tk_find(key_name)) || key->expire < now)
+ {
+ DEBUG(D_tls)
+ {
+ debug_printf("ticket not usable (%s)\n", key ? "expired" : "not found");
+ if (key) debug_printf("STEK expire %ld\n", key->expire - now);
+ }
+ return 0;
+ }
+
+ HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
+ key->hmac_hash, NULL);
+ EVP_DecryptInit_ex(ctx, key->aes_cipher, NULL, key->aes_key, iv);
+
+ DEBUG(D_tls) debug_printf("ticket usable, STEK expire %ld\n", key->expire - now);
+ return key->renew < now ? 2 : 1;
+ }
+}
+#endif
+
+
/*************************************************
* Initialize for DH *
@@ -1394,6 +1532,9 @@ Arguments:
arg Callback of "our" registered data
Returns: SSL_TLSEXT_ERR_{OK,ALERT_WARNING,ALERT_FATAL,NOACK}
+
+XXX might need to change to using ClientHello callback,
+per https://www.openssl.org/docs/manmaster/man3/SSL_client_hello_cb_fn.html
*/
#ifdef EXIM_HAVE_OPENSSL_TLSEXT
@@ -1714,7 +1855,9 @@ tls_init(SSL_CTX **ctxp, host_item *host, uschar *dhparam, uschar *certificate,
#ifndef DISABLE_OCSP
uschar *ocsp_file, /*XXX stack, in server*/
#endif
- address_item *addr, tls_ext_ctx_cb ** cbp, uschar ** errstr)
+ address_item *addr, tls_ext_ctx_cb ** cbp,
+ tls_support * tlsp,
+ uschar ** errstr)
{
SSL_CTX * ctx;
long init_options;
@@ -1722,6 +1865,7 @@ int rc;
tls_ext_ctx_cb * cbinfo;
cbinfo = store_malloc(sizeof(tls_ext_ctx_cb));
+cbinfo->tlsp = tlsp;
cbinfo->certificate = certificate;
cbinfo->privatekey = privatekey;
cbinfo->is_server = host==NULL;
@@ -1795,10 +1939,16 @@ if (!RAND_status())
/* Set up the information callback, which outputs if debugging is at a suitable
level. */
-DEBUG(D_tls) SSL_CTX_set_info_callback(ctx, (void (*)())info_callback);
+DEBUG(D_tls)
+ {
+ SSL_CTX_set_info_callback(ctx, (void (*)())info_callback);
+#ifndef OPENSSL_NO_SSL_TRACE /* this needs a debug build of OpenSSL */
+ SSL_CTX_set_msg_callback(ctx, (void (*)())SSL_trace);
+#endif
#ifdef OPENSSL_HAVE_KEYLOG_CB
-DEBUG(D_tls) SSL_CTX_set_keylog_callback(ctx, (void (*)())keylog_callback);
+ SSL_CTX_set_keylog_callback(ctx, (void (*)())keylog_callback);
#endif
+ }
/* Automatically re-try reads/writes after renegotiation. */
(void) SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
@@ -1815,8 +1965,22 @@ availability of the option value macros from OpenSSL. */
if (!tls_openssl_options_parse(openssl_options, &init_options))
return tls_error(US"openssl_options parsing failed", host, NULL, errstr);
+#ifdef EXPERIMENTAL_TLS_RESUME
+tlsp->resumption = RESUME_SUPPORTED;
+#endif
if (init_options)
{
+#ifdef EXPERIMENTAL_TLS_RESUME
+ /* Should the server offer session resumption? */
+ if (!host && verify_check_host(&tls_resumption_hosts) == OK)
+ {
+ DEBUG(D_tls) debug_printf("tls_resumption_hosts overrides openssl_options\n");
+ init_options &= ~SSL_OP_NO_TICKET;
+ tlsp->resumption |= RESUME_SERVER_TICKET; /* server will give ticket on request */
+ tlsp->host_resumable = TRUE;
+ }
+#endif
+
DEBUG(D_tls) debug_printf("setting SSL CTX options: %#lx\n", init_options);
if (!(SSL_CTX_set_options(ctx, init_options)))
return tls_error(string_sprintf(
@@ -1825,10 +1989,6 @@ if (init_options)
else
DEBUG(D_tls) debug_printf("no SSL CTX options to set\n");
-#ifdef OPENSSL_HAVE_NUM_TICKETS
-SSL_CTX_set_num_tickets(ctx, 0); /* send no TLS1.3 stateful-tickets */
-#endif
-
/* We'd like to disable session cache unconditionally, but foolish Outlook
Express clients then give up the first TLS connection and make a second one
(which works). Only when there is an IMAP service on the same machine.
@@ -1903,7 +2063,8 @@ cbinfo->verify_cert_hostnames = NULL;
SSL_CTX_set_tmp_rsa_callback(ctx, rsa_callback);
#endif
-/* Finally, set the timeout, and we are done */
+/* Finally, set the session cache timeout, and we are done.
+The period appears to be also used for (server-generated) session tickets */
SSL_CTX_set_timeout(ctx, ssl_session_timeout);
DEBUG(D_tls) debug_printf("Initialized TLS\n");
@@ -2226,7 +2387,7 @@ rc = tls_init(&server_ctx, NULL, tls_dhparam, tls_certificate, tls_privatekey,
#ifndef DISABLE_OCSP
tls_ocsp_file, /*XXX stack*/
#endif
- NULL, &server_static_cbinfo, errstr);
+ NULL, &server_static_cbinfo, &tls_in, errstr);
if (rc != OK) return rc;
cbinfo = server_static_cbinfo;
@@ -2244,8 +2405,7 @@ TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
if (expciphers)
{
- uschar * s = expciphers;
- while (*s != 0) { if (*s == '_') *s = '-'; s++; }
+ for (uschar * s = expciphers; *s; s++ ) if (*s == '_') *s = '-';
DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);
if (!SSL_CTX_set_cipher_list(server_ctx, CS expciphers))
return tls_error(US"SSL_CTX_set_cipher_list", NULL, NULL, errstr);
@@ -2276,6 +2436,19 @@ else if (verify_check_host(&tls_try_verify_hosts) == OK)
server_verify_optional = TRUE;
}
+#ifdef EXPERIMENTAL_TLS_RESUME
+SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, ticket_key_callback);
+/* despite working, appears to always return failure, so ignoring */
+#endif
+#ifdef OPENSSL_HAVE_NUM_TICKETS
+# ifdef EXPERIMENTAL_TLS_RESUME
+SSL_CTX_set_num_tickets(server_ctx, tls_in.host_resumable ? 1 : 0);
+# else
+SSL_CTX_set_num_tickets(server_ctx, 0); /* send no TLS1.3 stateful-tickets */
+# endif
+#endif
+
+
/* Prepare for new connection */
if (!(server_ssl = SSL_new(server_ctx)))
@@ -2329,7 +2502,15 @@ if (rc <= 0)
DEBUG(D_tls) debug_printf("SSL_accept was successful\n");
ERR_clear_error(); /* Even success can leave errors in the stack. Seen with
- anon-authentication ciphersuite negociated. */
+ anon-authentication ciphersuite negotiated. */
+
+#ifdef EXPERIMENTAL_TLS_RESUME
+if (SSL_session_reused(server_ssl))
+ {
+ tls_in.resumption |= RESUME_USED;
+ DEBUG(D_tls) debug_printf("Session reused\n");
+ }
+#endif
/* TLS has been set up. Adjust the input functions to read via TLS,
and initialize things. */
@@ -2352,6 +2533,15 @@ DEBUG(D_tls)
BIO_free(bp);
}
#endif
+
+#ifdef EXIM_HAVE_SESSION_TICKET
+ {
+ SSL_SESSION * ss = SSL_get_session(server_ssl);
+ if (SSL_SESSION_has_ticket(ss))
+ debug_printf("The session has a ticket, life %lu seconds\n",
+ SSL_SESSION_get_ticket_lifetime_hint(ss));
+ }
+#endif
}
/* Record the certificate we presented */
@@ -2483,6 +2673,160 @@ return DEFER;
+#ifdef EXPERIMENTAL_TLS_RESUME
+/* On the client, get any stashed session for the given IP from hints db
+and apply it to the ssl-connection for attempted resumption. */
+
+static void
+tls_retrieve_session(tls_support * tlsp, SSL * ssl, const uschar * key)
+{
+tlsp->resumption |= RESUME_SUPPORTED;
+if (tlsp->host_resumable)
+ {
+ dbdata_tls_session * dt;
+ int len;
+ open_db dbblock, * dbm_file;
+
+ tlsp->resumption |= RESUME_CLIENT_REQUESTED;
+ DEBUG(D_tls) debug_printf("checking for resumable session for %s\n", key);
+ if ((dbm_file = dbfn_open(US"tls", O_RDONLY, &dbblock, FALSE, FALSE)))
+ {
+ /* key for the db is the IP */
+ if ((dt = dbfn_read_with_length(dbm_file, key, &len)))
+ {
+ SSL_SESSION * ss = NULL;
+ const uschar * sess_asn1 = dt->session;
+
+ len -= sizeof(dbdata_tls_session);
+ if (!(d2i_SSL_SESSION(&ss, &sess_asn1, (long)len)))
+ {
+ DEBUG(D_tls)
+ {
+ ERR_error_string_n(ERR_get_error(),
+ ssl_errstring, sizeof(ssl_errstring));
+ debug_printf("decoding session: %s\n", ssl_errstring);
+ }
+ }
+ else if (!SSL_set_session(ssl, ss))
+ {
+ DEBUG(D_tls)
+ {
+ ERR_error_string_n(ERR_get_error(),
+ ssl_errstring, sizeof(ssl_errstring));
+ debug_printf("applying session to ssl: %s\n", ssl_errstring);
+ }
+ }
+ else
+ {
+ DEBUG(D_tls) debug_printf("good session\n");
+ tlsp->resumption |= RESUME_CLIENT_SUGGESTED;
+ }
+ }
+ else
+ DEBUG(D_tls) debug_printf("no session record\n");
+ dbfn_close(dbm_file);
+ }
+ }
+}
+
+
+/* On the client, save the session for later resumption */
+
+static int
+tls_save_session_cb(SSL * ssl, SSL_SESSION * ss)
+{
+tls_ext_ctx_cb * cbinfo = SSL_get_ex_data(ssl, tls_exdata_idx);
+tls_support * tlsp;
+
+DEBUG(D_tls) debug_printf("tls_save_session_cb\n");
+
+if (!cbinfo || !(tlsp = cbinfo->tlsp)->host_resumable) return 0;
+
+# ifdef EXIM_HAVE_SESSION_TICKET
+
+if (SSL_SESSION_is_resumable(ss))
+ {
+ int len = i2d_SSL_SESSION(ss, NULL);
+ int dlen = sizeof(dbdata_tls_session) + len;
+ dbdata_tls_session * dt = store_get(dlen);
+ uschar * s = dt->session;
+ open_db dbblock, * dbm_file;
+
+ DEBUG(D_tls) debug_printf("session is resumable\n");
+ tlsp->resumption |= RESUME_SERVER_TICKET; /* server gave us a ticket */
+
+ len = i2d_SSL_SESSION(ss, &s); /* s gets bumped to end */
+
+ if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))
+ {
+ const uschar * key = cbinfo->host->address;
+ dbfn_delete(dbm_file, key);
+ dbfn_write(dbm_file, key, dt, dlen);
+ dbfn_close(dbm_file);
+ DEBUG(D_tls) debug_printf("wrote session (len %u) to db\n",
+ (unsigned)dlen);
+ }
+ }
+# endif
+return 1;
+}
+
+
+static void
+tls_client_ctx_resume_prehandshake(
+ exim_openssl_client_tls_ctx * exim_client_ctx, tls_support * tlsp,
+ smtp_transport_options_block * ob, host_item * host)
+{
+/* Should the client request a session resumption ticket? */
+if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, host) == OK)
+ {
+ tlsp->host_resumable = TRUE;
+
+ SSL_CTX_set_session_cache_mode(exim_client_ctx->ctx,
+ SSL_SESS_CACHE_CLIENT
+ | SSL_SESS_CACHE_NO_INTERNAL | SSL_SESS_CACHE_NO_AUTO_CLEAR);
+ SSL_CTX_sess_set_new_cb(exim_client_ctx->ctx, tls_save_session_cb);
+ }
+}
+
+static BOOL
+tls_client_ssl_resume_prehandshake(SSL * ssl, tls_support * tlsp,
+ host_item * host, uschar ** errstr)
+{
+if (tlsp->host_resumable)
+ {
+ DEBUG(D_tls)
+ debug_printf("tls_resumption_hosts overrides openssl_options, enabling tickets\n");
+ SSL_clear_options(ssl, SSL_OP_NO_TICKET);
+
+ tls_exdata_idx = SSL_get_ex_new_index(0, 0, 0, 0, 0);
+ if (!SSL_set_ex_data(ssl, tls_exdata_idx, client_static_cbinfo))
+ {
+ tls_error(US"set ex_data", host, NULL, errstr);
+ return FALSE;
+ }
+ debug_printf("tls_exdata_idx %d cbinfo %p\n", tls_exdata_idx, client_static_cbinfo);
+ }
+
+tlsp->resumption = RESUME_SUPPORTED;
+/* Pick up a previous session, saved on an old ticket */
+tls_retrieve_session(tlsp, ssl, host->address);
+return TRUE;
+}
+
+static void
+tls_client_resume_posthandshake(exim_openssl_client_tls_ctx * exim_client_ctx,
+ tls_support * tlsp)
+{
+if (SSL_session_reused(exim_client_ctx->ssl))
+ {
+ DEBUG(D_tls) debug_printf("The session was reused\n");
+ tlsp->resumption |= RESUME_USED;
+ }
+}
+#endif /* EXPERIMENTAL_TLS_RESUME */
+
+
/*************************************************
* Start a TLS session in a client *
*************************************************/
@@ -2562,7 +2906,7 @@ rc = tls_init(&exim_client_ctx->ctx, host, NULL,
#ifndef DISABLE_OCSP
(void *)(long)request_ocsp,
#endif
- cookie, &client_static_cbinfo, errstr);
+ cookie, &client_static_cbinfo, tlsp, errstr);
if (rc != OK) return FALSE;
tlsp->certificate_verified = FALSE;
@@ -2629,12 +2973,24 @@ else
client_static_cbinfo, errstr) != OK)
return FALSE;
+#ifdef EXPERIMENTAL_TLS_RESUME
+tls_client_ctx_resume_prehandshake(exim_client_ctx, tlsp, ob, host);
+#endif
+
+
if (!(exim_client_ctx->ssl = SSL_new(exim_client_ctx->ctx)))
{
tls_error(US"SSL_new", host, NULL, errstr);
return FALSE;
}
SSL_set_session_id_context(exim_client_ctx->ssl, sid_ctx, Ustrlen(sid_ctx));
+
+#ifdef EXPERIMENTAL_TLS_RESUME
+if (!tls_client_ssl_resume_prehandshake(exim_client_ctx->ssl, tlsp, host,
+ errstr))
+ return FALSE;
+#endif
+
SSL_set_fd(exim_client_ctx->ssl, cctx->sock);
SSL_set_connect_state(exim_client_ctx->ssl);
@@ -2729,6 +3085,10 @@ DEBUG(D_tls)
#endif
}
+#ifdef EXPERIMENTAL_TLS_RESUME
+tls_client_resume_posthandshake(exim_client_ctx, tlsp);
+#endif
+
peer_cert(exim_client_ctx->ssl, tlsp, peerdn, sizeof(peerdn));
tlsp->cipher = construct_cipher_name(exim_client_ctx->ssl, &tlsp->bits);
@@ -3377,12 +3737,17 @@ uschar *end;
uschar keep_c;
BOOL adding, item_parsed;
+/* Server: send no (<= TLS1.2) session tickets */
result = SSL_OP_NO_TICKET;
+
/* Prior to 4.80 we or'd in SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; removed
* from default because it increases BEAST susceptibility. */
#ifdef SSL_OP_NO_SSLv2
result |= SSL_OP_NO_SSLv2;
#endif
+#ifdef SSL_OP_NO_SSLv3
+result |= SSL_OP_NO_SSLv3;
+#endif
#ifdef SSL_OP_SINGLE_DH_USE
result |= SSL_OP_SINGLE_DH_USE;
#endif
@@ -3393,7 +3758,7 @@ if (!option_spec)
return TRUE;
}
-for (uschar * s = option_spec; *s != '\0'; /**/)
+for (uschar * s = option_spec; *s; /**/)
{
while (isspace(*s)) ++s;
if (*s == '\0')
diff --git a/src/src/tls.c b/src/src/tls.c
index 23e9d4111..7b8d7a2a3 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -20,8 +20,10 @@ functions from the OpenSSL or GNU TLS libraries. */
#include "transports/smtp.h"
#if defined(MACRO_PREDEF) && defined(SUPPORT_TLS)
-# ifndef USE_GNUTLS
-# include "macro_predef.h"
+# include "macro_predef.h"
+# ifdef USE_GNUTLS
+# include "tls-gnu.c"
+# else
# include "tls-openssl.c"
# endif
#endif
diff --git a/src/src/transport.c b/src/src/transport.c
index f34db0914..fb74dfdcd 100644
--- a/src/src/transport.c
+++ b/src/src/transport.c
@@ -1475,7 +1475,7 @@ DEBUG(D_transport) debug_printf("updating wait-%s database\n", tpname);
/* Open the database for this transport */
if (!(dbm_file = dbfn_open(string_sprintf("wait-%.200s", tpname),
- O_RDWR, &dbblock, TRUE)))
+ O_RDWR, &dbblock, TRUE, TRUE)))
return;
/* Scan the list of hosts for which this message is waiting, and ensure
@@ -1648,7 +1648,7 @@ if (local_message_max > 0 && continue_sequence >= local_message_max)
/* Open the waiting information database. */
if (!(dbm_file = dbfn_open(string_sprintf("wait-%.200s", transport_name),
- O_RDWR, &dbblock, TRUE)))
+ O_RDWR, &dbblock, TRUE, TRUE)))
return FALSE;
/* See if there is a record for this host; if not, there's nothing to do. */
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 806c41fed..f76b4f730 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -183,6 +183,10 @@ optionlist smtp_transport_options[] = {
(void *)offsetof(smtp_transport_options_block, tls_privatekey) },
{ "tls_require_ciphers", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
+# ifdef EXPERIMENTAL_TLS_RESUME
+ { "tls_resumption_hosts", opt_stringptr,
+ (void *)offsetof(smtp_transport_options_block, tls_resumption_hosts) },
+# endif
{ "tls_sni", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, tls_sni) },
{ "tls_tempfail_tryclear", opt_bool,
@@ -293,6 +297,9 @@ smtp_transport_options_block smtp_transport_option_defaults = {
.tls_verify_certificates = US"system",
.tls_dh_min_bits = EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
.tls_tempfail_tryclear = TRUE,
+# ifdef EXPERIMENTAL_TLS_RESUME
+ .tls_resumption_hosts = NULL,
+# endif
.tls_verify_hosts = NULL,
.tls_try_verify_hosts = US"*",
.tls_verify_cert_hostnames = US"*",
@@ -825,7 +832,7 @@ write_ehlo_cache_entry(const smtp_context * sx)
{
open_db dbblock, * dbm_file;
-if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE)))
+if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
{
uschar * ehlo_resp_key = ehlo_cache_key(sx);
dbdata_ehlo_resp er = { .data = sx->ehlo_resp };
@@ -845,7 +852,7 @@ invalidate_ehlo_cache_entry(smtp_context * sx)
open_db dbblock, * dbm_file;
if ( sx->early_pipe_active
- && (dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE)))
+ && (dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
{
uschar * ehlo_resp_key = ehlo_cache_key(sx);
dbfn_delete(dbm_file, ehlo_resp_key);
@@ -859,7 +866,7 @@ read_ehlo_cache_entry(smtp_context * sx)
open_db dbblock;
open_db * dbm_file;
-if (!(dbm_file = dbfn_open(US"misc", O_RDONLY, &dbblock, FALSE)))
+if (!(dbm_file = dbfn_open(US"misc", O_RDONLY, &dbblock, FALSE, TRUE)))
{ DEBUG(D_transport) debug_printf("ehlo-cache: no misc DB\n"); }
else
{
@@ -872,7 +879,7 @@ else
{
DEBUG(D_transport) debug_printf("ehlo-resp record too old\n");
dbfn_close(dbm_file);
- if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE)))
+ if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
dbfn_delete(dbm_file, ehlo_resp_key);
}
else
@@ -2016,6 +2023,9 @@ tls_out.peerdn = NULL;
tls_out.sni = NULL;
#endif
tls_out.ocsp = OCSP_NOT_REQ;
+#ifdef EXPERIMENTAL_TLS_RESUME
+tls_out.resumption = 0;
+#endif
/* Flip the legacy TLS-related variables over to the outbound set in case
they're used in the context of the transport. Don't bother resetting
diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h
index 056efbcf7..ab0e93ff8 100644
--- a/src/src/transports/smtp.h
+++ b/src/src/transports/smtp.h
@@ -83,6 +83,9 @@ typedef struct {
uschar *tls_crl;
uschar *tls_privatekey;
uschar *tls_require_ciphers;
+# ifdef EXPERIMENTAL_TLS_RESUME
+ uschar *tls_resumption_hosts;
+# endif
uschar *tls_sni;
uschar *tls_verify_certificates;
int tls_dh_min_bits;
diff --git a/src/src/verify.c b/src/src/verify.c
index 528a668b8..720f85d8c 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -140,7 +140,7 @@ if (options & vopt_callout_no_cache)
{
HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n");
}
-else if (!(dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)))
+else if (!(dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE, TRUE)))
{
HDEBUG(D_verify) debug_printf("callout cache: not available\n");
}
@@ -313,7 +313,7 @@ implying some kind of I/O error. We don't want to write the cache in that case.
Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */
if (dom_rec->result != ccache_unknown)
- if (!(dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE)))
+ if (!(dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE, TRUE)))
{
HDEBUG(D_verify) debug_printf("callout cache: not available\n");
}
@@ -335,7 +335,7 @@ is disabled. */
if (done && addr_rec->result != ccache_unknown)
{
if (!dbm_file)
- dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE);
+ dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE, TRUE);
if (!dbm_file)
{
HDEBUG(D_verify) debug_printf("no callout cache available\n");
@@ -3245,7 +3245,7 @@ int
verify_check_host(uschar **listptr)
{
return verify_check_this_host(CUSS listptr, sender_host_cache, NULL,
- (sender_host_address == NULL)? US"" : sender_host_address, NULL);
+ sender_host_address ? sender_host_address : US"", NULL);
}