------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1459 Git Commit <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from Git Commit <[email protected]> 2014-04-25 00:17:10 --- Git commit: http://git.exim.org/exim.git/commitdiff/2b4a568dfa3d79a9a968984cf5b23829c084a951 commit 2b4a568dfa3d79a9a968984cf5b23829c084a951 Author: Jeremy Harris <[email protected]> AuthorDate: Thu Apr 24 23:28:24 2014 +0100 Commit: Jeremy Harris <[email protected]> CommitDate: Thu Apr 24 23:28:24 2014 +0100 support ocsp stapling under gnutls. bug 1459 requires gnutls version 3.1.3 or later. under experimental_ocsp ---- doc/doc-txt/ChangeLog | 2 + doc/doc-txt/NewStuff | 3 + doc/doc-txt/experimental-spec.txt | 12 +- src/src/EDITME | 2 +- src/src/globals.c | 2 +- src/src/globals.h | 2 +- src/src/readconf.c | 2 +- src/src/tls-gnu.c | 105 ++++++++-- test/aux-fixed/exim-ca/README | 6 +- test/aux-fixed/exim-ca/example.com/BLANK/CA.pem | 20 +- .../aux-fixed/exim-ca/example.com/BLANK/Signer.pem | 18 +- test/aux-fixed/exim-ca/example.com/BLANK/cert8.db | Bin 65536 -> 65536 bytes test/aux-fixed/exim-ca/example.com/BLANK/key3.db | Bin 16384 -> 16384 bytes test/aux-fixed/exim-ca/example.com/CA/CA.pem | 20 +- test/aux-fixed/exim-ca/example.com/CA/OCSP.key | 30 ++-- test/aux-fixed/exim-ca/example.com/CA/OCSP.p12 | Bin 2898 -> 2906 bytes test/aux-fixed/exim-ca/example.com/CA/OCSP.pem | 14 +- test/aux-fixed/exim-ca/example.com/CA/Signer.pem | 18 +- test/aux-fixed/exim-ca/example.com/CA/ca.conf | 2 +- test/aux-fixed/exim-ca/example.com/CA/cert8.db | Bin 65536 -> 65536 bytes test/aux-fixed/exim-ca/example.com/CA/crl.empty | Bin 240 -> 240 bytes .../exim-ca/example.com/CA/crl.empty.in.txt | 2 +- .../aux-fixed/exim-ca/example.com/CA/crl.empty.pem | 8 +- test/aux-fixed/exim-ca/example.com/CA/crl.v2 | Bin 289 -> 289 bytes .../aux-fixed/exim-ca/example.com/CA/crl.v2.in.txt | 6 +- test/aux-fixed/exim-ca/example.com/CA/crl.v2.pem | 12 +- test/aux-fixed/exim-ca/example.com/CA/key3.db | Bin 24576 -> 24576 bytes test/aux-fixed/exim-ca/example.com/CA/noise.file | 221 ++++++++++---------- .../example.com/expired1.example.com/ca_chain.pem | 58 +++--- .../example.com/expired1.example.com/cert8.db | Bin 65536 -> 65536 bytes .../expired1.example.com.chain.pem | 38 ++-- .../expired1.example.com/expired1.example.com.key | 32 ++-- .../expired1.example.com.ocsp.dated.resp | Bin 923 -> 923 bytes .../expired1.example.com.ocsp.good.resp | Bin 904 -> 923 bytes .../expired1.example.com.ocsp.req | Bin 105 -> 105 bytes .../expired1.example.com.ocsp.revoked.resp | Bin 926 -> 945 bytes .../expired1.example.com/expired1.example.com.p12 | Bin 3076 -> 3076 bytes .../expired1.example.com/expired1.example.com.pem | 20 +- .../expired1.example.com.unlocked.key | 26 ++-- .../example.com/expired1.example.com/key3.db | Bin 16384 -> 16384 bytes .../example.com/expired2.example.com/ca_chain.pem | 58 +++--- .../example.com/expired2.example.com/cert8.db | Bin 65536 -> 65536 bytes .../expired2.example.com.chain.pem | 38 ++-- .../expired2.example.com/expired2.example.com.key | 32 ++-- .../expired2.example.com.ocsp.dated.resp | Bin 924 -> 924 bytes .../expired2.example.com.ocsp.good.resp | Bin 905 -> 924 bytes .../expired2.example.com.ocsp.req | Bin 106 -> 106 bytes .../expired2.example.com.ocsp.revoked.resp | Bin 905 -> 924 bytes .../expired2.example.com/expired2.example.com.p12 | Bin 3076 -> 3076 bytes .../expired2.example.com/expired2.example.com.pem | 20 +- .../expired2.example.com.unlocked.key | 26 ++-- .../example.com/expired2.example.com/key3.db | Bin 16384 -> 16384 bytes .../example.com/revoked1.example.com/ca_chain.pem | 58 +++--- .../example.com/revoked1.example.com/cert8.db | Bin 65536 -> 65536 bytes .../example.com/revoked1.example.com/key3.db | Bin 16384 -> 16384 bytes .../revoked1.example.com.chain.pem | 38 ++-- .../revoked1.example.com/revoked1.example.com.key | 32 ++-- .../revoked1.example.com.ocsp.dated.resp | Bin 923 -> 923 bytes .../revoked1.example.com.ocsp.good.resp | Bin 904 -> 923 bytes .../revoked1.example.com.ocsp.req | Bin 105 -> 105 bytes .../revoked1.example.com.ocsp.revoked.resp | Bin 926 -> 945 bytes .../revoked1.example.com/revoked1.example.com.p12 | Bin 3076 -> 3076 bytes .../revoked1.example.com/revoked1.example.com.pem | 20 +- .../revoked1.example.com.unlocked.key | 26 ++-- .../example.com/revoked2.example.com/ca_chain.pem | 58 +++--- .../example.com/revoked2.example.com/cert8.db | Bin 65536 -> 65536 bytes .../example.com/revoked2.example.com/key3.db | Bin 16384 -> 16384 bytes .../revoked2.example.com.chain.pem | 38 ++-- .../revoked2.example.com/revoked2.example.com.key | 32 ++-- .../revoked2.example.com.ocsp.dated.resp | Bin 924 -> 924 bytes .../revoked2.example.com.ocsp.good.resp | Bin 905 -> 924 bytes .../revoked2.example.com.ocsp.req | Bin 106 -> 106 bytes .../revoked2.example.com.ocsp.revoked.resp | Bin 905 -> 924 bytes .../revoked2.example.com/revoked2.example.com.p12 | Bin 3076 -> 3076 bytes .../revoked2.example.com/revoked2.example.com.pem | 20 +- .../revoked2.example.com.unlocked.key | 26 ++-- .../example.com/server1.example.com/ca_chain.pem | 68 +++--- .../example.com/server1.example.com/cert8.db | Bin 65536 -> 65536 bytes .../example.com/server1.example.com/key3.db | Bin 16384 -> 16384 bytes .../server1.example.com.chain.pem | 48 +++-- .../server1.example.com/server1.example.com.key | 32 ++-- .../server1.example.com.ocsp.dated.resp | Bin 923 -> 923 bytes .../server1.example.com.ocsp.good.resp | Bin 904 -> 923 bytes .../server1.example.com.ocsp.req | Bin 105 -> 105 bytes .../server1.example.com.ocsp.revoked.resp | Bin 926 -> 945 bytes .../server1.example.com/server1.example.com.p12 | Bin 3066 -> 3138 bytes .../server1.example.com/server1.example.com.pem | 30 ++-- .../server1.example.com.unlocked.key | 26 ++-- .../example.com/server2.example.com/ca_chain.pem | 58 +++--- .../example.com/server2.example.com/cert8.db | Bin 65536 -> 65536 bytes .../example.com/server2.example.com/key3.db | Bin 16384 -> 16384 bytes .../server2.example.com.chain.pem | 38 ++-- .../server2.example.com/server2.example.com.key | 32 ++-- .../server2.example.com.ocsp.dated.resp | Bin 924 -> 924 bytes .../server2.example.com.ocsp.good.resp | Bin 905 -> 924 bytes .../server2.example.com.ocsp.req | Bin 106 -> 106 bytes .../server2.example.com.ocsp.revoked.resp | Bin 905 -> 924 bytes .../server2.example.com/server2.example.com.p12 | Bin 3066 -> 3066 bytes .../server2.example.com/server2.example.com.pem | 20 +- .../server2.example.com.unlocked.key | 26 ++-- test/aux-fixed/exim-ca/example.net/BLANK/CA.pem | 20 +- .../aux-fixed/exim-ca/example.net/BLANK/Signer.pem | 18 +- test/aux-fixed/exim-ca/example.net/BLANK/cert8.db | Bin 65536 -> 65536 bytes test/aux-fixed/exim-ca/example.net/BLANK/key3.db | Bin 16384 -> 16384 bytes test/aux-fixed/exim-ca/example.net/CA/CA.pem | 20 +- test/aux-fixed/exim-ca/example.net/CA/OCSP.key | 30 ++-- test/aux-fixed/exim-ca/example.net/CA/OCSP.p12 | Bin 2906 -> 2906 bytes test/aux-fixed/exim-ca/example.net/CA/OCSP.pem | 14 +- test/aux-fixed/exim-ca/example.net/CA/Signer.pem | 18 +- test/aux-fixed/exim-ca/example.net/CA/ca.conf | 2 +- test/aux-fixed/exim-ca/example.net/CA/cert8.db | Bin 65536 -> 65536 bytes test/aux-fixed/exim-ca/example.net/CA/crl.empty | Bin 240 -> 240 bytes .../exim-ca/example.net/CA/crl.empty.in.txt | 2 +- .../aux-fixed/exim-ca/example.net/CA/crl.empty.pem | 8 +- test/aux-fixed/exim-ca/example.net/CA/crl.v2 | Bin 289 -> 289 bytes .../aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt | 6 +- test/aux-fixed/exim-ca/example.net/CA/crl.v2.pem | 12 +- test/aux-fixed/exim-ca/example.net/CA/key3.db | Bin 24576 -> 24576 bytes test/aux-fixed/exim-ca/example.net/CA/noise.file | 217 ++++++++++---------- .../example.net/expired1.example.net/ca_chain.pem | 58 +++--- .../example.net/expired1.example.net/cert8.db | Bin 65536 -> 65536 bytes .../expired1.example.net.chain.pem | 38 ++-- .../expired1.example.net/expired1.example.net.key | 32 ++-- .../expired1.example.net.ocsp.dated.resp | Bin 923 -> 923 bytes .../expired1.example.net.ocsp.good.resp | Bin 904 -> 923 bytes .../expired1.example.net.ocsp.req | Bin 105 -> 105 bytes .../expired1.example.net.ocsp.revoked.resp | Bin 926 -> 945 bytes .../expired1.example.net/expired1.example.net.p12 | Bin 3076 -> 3076 bytes .../expired1.example.net/expired1.example.net.pem | 20 +- .../expired1.example.net.unlocked.key | 26 ++-- .../example.net/expired1.example.net/key3.db | Bin 16384 -> 16384 bytes .../example.net/expired2.example.net/ca_chain.pem | 58 +++--- .../example.net/expired2.example.net/cert8.db | Bin 65536 -> 65536 bytes .../expired2.example.net.chain.pem | 38 ++-- .../expired2.example.net/expired2.example.net.key | 32 ++-- .../expired2.example.net.ocsp.dated.resp | Bin 924 -> 924 bytes .../expired2.example.net.ocsp.good.resp | Bin 905 -> 924 bytes .../expired2.example.net.ocsp.req | Bin 106 -> 106 bytes .../expired2.example.net.ocsp.revoked.resp | Bin 905 -> 924 bytes .../expired2.example.net/expired2.example.net.p12 | Bin 3076 -> 3076 bytes .../expired2.example.net/expired2.example.net.pem | 20 +- .../expired2.example.net.unlocked.key | 26 ++-- .../example.net/expired2.example.net/key3.db | Bin 16384 -> 16384 bytes .../example.net/revoked1.example.net/ca_chain.pem | 58 +++--- .../example.net/revoked1.example.net/cert8.db | Bin 65536 -> 65536 bytes .../example.net/revoked1.example.net/key3.db | Bin 16384 -> 16384 bytes .../revoked1.example.net.chain.pem | 38 ++-- .../revoked1.example.net/revoked1.example.net.key | 32 ++-- .../revoked1.example.net.ocsp.dated.resp | Bin 923 -> 923 bytes .../revoked1.example.net.ocsp.good.resp | Bin 904 -> 923 bytes .../revoked1.example.net.ocsp.req | Bin 105 -> 105 bytes .../revoked1.example.net.ocsp.revoked.resp | Bin 926 -> 945 bytes .../revoked1.example.net/revoked1.example.net.p12 | Bin 3076 -> 3076 bytes .../revoked1.example.net/revoked1.example.net.pem | 20 +- .../revoked1.example.net.unlocked.key | 26 ++-- .../example.net/revoked2.example.net/ca_chain.pem | 58 +++--- .../example.net/revoked2.example.net/cert8.db | Bin 65536 -> 65536 bytes .../example.net/revoked2.example.net/key3.db | Bin 16384 -> 16384 bytes .../revoked2.example.net.chain.pem | 38 ++-- .../revoked2.example.net/revoked2.example.net.key | 32 ++-- .../revoked2.example.net.ocsp.dated.resp | Bin 924 -> 924 bytes .../revoked2.example.net.ocsp.good.resp | Bin 905 -> 924 bytes .../revoked2.example.net.ocsp.req | Bin 106 -> 106 bytes .../revoked2.example.net.ocsp.revoked.resp | Bin 905 -> 924 bytes .../revoked2.example.net/revoked2.example.net.p12 | Bin 3076 -> 3076 bytes .../revoked2.example.net/revoked2.example.net.pem | 20 +- .../revoked2.example.net.unlocked.key | 26 ++-- .../example.net/server1.example.net/ca_chain.pem | 68 +++--- .../example.net/server1.example.net/cert8.db | Bin 65536 -> 65536 bytes .../example.net/server1.example.net/key3.db | Bin 16384 -> 16384 bytes .../server1.example.net.chain.pem | 48 +++-- .../server1.example.net/server1.example.net.key | 32 ++-- .../server1.example.net.ocsp.dated.resp | Bin 923 -> 923 bytes .../server1.example.net.ocsp.good.resp | Bin 904 -> 923 bytes .../server1.example.net.ocsp.req | Bin 105 -> 105 bytes .../server1.example.net.ocsp.revoked.resp | Bin 926 -> 945 bytes .../server1.example.net/server1.example.net.p12 | Bin 3066 -> 3138 bytes .../server1.example.net/server1.example.net.pem | 30 ++-- .../server1.example.net.unlocked.key | 26 ++-- .../example.net/server2.example.net/ca_chain.pem | 58 +++--- .../example.net/server2.example.net/cert8.db | Bin 65536 -> 65536 bytes .../example.net/server2.example.net/key3.db | Bin 16384 -> 16384 bytes .../server2.example.net.chain.pem | 38 ++-- .../server2.example.net/server2.example.net.key | 32 ++-- .../server2.example.net.ocsp.dated.resp | Bin 924 -> 924 bytes .../server2.example.net.ocsp.good.resp | Bin 905 -> 924 bytes .../server2.example.net.ocsp.req | Bin 106 -> 106 bytes .../server2.example.net.ocsp.revoked.resp | Bin 905 -> 924 bytes .../server2.example.net/server2.example.net.p12 | Bin 3066 -> 3066 bytes .../server2.example.net/server2.example.net.pem | 20 +- .../server2.example.net.unlocked.key | 26 ++-- test/aux-fixed/exim-ca/example.org/BLANK/CA.pem | 20 +- .../aux-fixed/exim-ca/example.org/BLANK/Signer.pem | 18 +- test/aux-fixed/exim-ca/example.org/BLANK/cert8.db | Bin 65536 -> 65536 bytes test/aux-fixed/exim-ca/example.org/BLANK/key3.db | Bin 16384 -> 16384 bytes test/aux-fixed/exim-ca/example.org/CA/CA.pem | 20 +- test/aux-fixed/exim-ca/example.org/CA/OCSP.key | 30 ++-- test/aux-fixed/exim-ca/example.org/CA/OCSP.p12 | Bin 2906 -> 2906 bytes test/aux-fixed/exim-ca/example.org/CA/OCSP.pem | 14 +- test/aux-fixed/exim-ca/example.org/CA/Signer.pem | 18 +- test/aux-fixed/exim-ca/example.org/CA/ca.conf | 2 +- test/aux-fixed/exim-ca/example.org/CA/cert8.db | Bin 65536 -> 65536 bytes test/aux-fixed/exim-ca/example.org/CA/crl.empty | Bin 240 -> 240 bytes .../exim-ca/example.org/CA/crl.empty.in.txt | 2 +- .../aux-fixed/exim-ca/example.org/CA/crl.empty.pem | 8 +- test/aux-fixed/exim-ca/example.org/CA/crl.v2 | Bin 289 -> 289 bytes .../aux-fixed/exim-ca/example.org/CA/crl.v2.in.txt | 6 +- test/aux-fixed/exim-ca/example.org/CA/crl.v2.pem | 12 +- test/aux-fixed/exim-ca/example.org/CA/key3.db | Bin 24576 -> 24576 bytes test/aux-fixed/exim-ca/example.org/CA/noise.file | 221 ++++++++++---------- .../example.org/expired1.example.org/ca_chain.pem | 58 +++--- .../example.org/expired1.example.org/cert8.db | Bin 65536 -> 65536 bytes .../expired1.example.org.chain.pem | 38 ++-- .../expired1.example.org/expired1.example.org.key | 32 ++-- .../expired1.example.org.ocsp.dated.resp | Bin 923 -> 923 bytes .../expired1.example.org.ocsp.good.resp | Bin 904 -> 923 bytes .../expired1.example.org.ocsp.req | Bin 105 -> 105 bytes .../expired1.example.org.ocsp.revoked.resp | Bin 926 -> 945 bytes .../expired1.example.org/expired1.example.org.p12 | Bin 3076 -> 3076 bytes .../expired1.example.org/expired1.example.org.pem | 20 +- .../expired1.example.org.unlocked.key | 26 ++-- .../example.org/expired1.example.org/key3.db | Bin 16384 -> 16384 bytes .../example.org/expired2.example.org/ca_chain.pem | 58 +++--- .../example.org/expired2.example.org/cert8.db | Bin 65536 -> 65536 bytes .../expired2.example.org.chain.pem | 38 ++-- .../expired2.example.org/expired2.example.org.key | 32 ++-- .../expired2.example.org.ocsp.dated.resp | Bin 924 -> 924 bytes .../expired2.example.org.ocsp.good.resp | Bin 905 -> 924 bytes .../expired2.example.org.ocsp.req | Bin 106 -> 106 bytes .../expired2.example.org.ocsp.revoked.resp | Bin 905 -> 924 bytes .../expired2.example.org/expired2.example.org.p12 | Bin 3076 -> 3076 bytes .../expired2.example.org/expired2.example.org.pem | 20 +- .../expired2.example.org.unlocked.key | 26 ++-- .../example.org/expired2.example.org/key3.db | Bin 16384 -> 16384 bytes .../example.org/revoked1.example.org/ca_chain.pem | 58 +++--- .../example.org/revoked1.example.org/cert8.db | Bin 65536 -> 65536 bytes .../example.org/revoked1.example.org/key3.db | Bin 16384 -> 16384 bytes .../revoked1.example.org.chain.pem | 38 ++-- .../revoked1.example.org/revoked1.example.org.key | 32 ++-- .../revoked1.example.org.ocsp.dated.resp | Bin 923 -> 923 bytes .../revoked1.example.org.ocsp.good.resp | Bin 904 -> 923 bytes .../revoked1.example.org.ocsp.req | Bin 105 -> 105 bytes .../revoked1.example.org.ocsp.revoked.resp | Bin 926 -> 945 bytes .../revoked1.example.org/revoked1.example.org.p12 | Bin 3076 -> 3076 bytes .../revoked1.example.org/revoked1.example.org.pem | 20 +- .../revoked1.example.org.unlocked.key | 26 ++-- .../example.org/revoked2.example.org/ca_chain.pem | 58 +++--- .../example.org/revoked2.example.org/cert8.db | Bin 65536 -> 65536 bytes .../example.org/revoked2.example.org/key3.db | Bin 16384 -> 16384 bytes .../revoked2.example.org.chain.pem | 38 ++-- .../revoked2.example.org/revoked2.example.org.key | 32 ++-- .../revoked2.example.org.ocsp.dated.resp | Bin 924 -> 924 bytes .../revoked2.example.org.ocsp.good.resp | Bin 905 -> 924 bytes .../revoked2.example.org.ocsp.req | Bin 106 -> 106 bytes .../revoked2.example.org.ocsp.revoked.resp | Bin 905 -> 924 bytes .../revoked2.example.org/revoked2.example.org.p12 | Bin 3076 -> 3076 bytes .../revoked2.example.org/revoked2.example.org.pem | 20 +- .../revoked2.example.org.unlocked.key | 26 ++-- .../example.org/server1.example.org/ca_chain.pem | 68 +++--- .../example.org/server1.example.org/cert8.db | Bin 65536 -> 65536 bytes .../example.org/server1.example.org/key3.db | Bin 16384 -> 16384 bytes .../server1.example.org.chain.pem | 48 +++-- .../server1.example.org/server1.example.org.key | 32 ++-- .../server1.example.org.ocsp.dated.resp | Bin 923 -> 923 bytes .../server1.example.org.ocsp.good.resp | Bin 904 -> 923 bytes .../server1.example.org.ocsp.req | Bin 105 -> 105 bytes .../server1.example.org.ocsp.revoked.resp | Bin 926 -> 945 bytes .../server1.example.org/server1.example.org.p12 | Bin 3066 -> 3138 bytes .../server1.example.org/server1.example.org.pem | 30 ++-- .../server1.example.org.unlocked.key | 26 ++-- .../example.org/server2.example.org/ca_chain.pem | 58 +++--- .../example.org/server2.example.org/cert8.db | Bin 65536 -> 65536 bytes .../example.org/server2.example.org/key3.db | Bin 16384 -> 16384 bytes .../server2.example.org.chain.pem | 38 ++-- .../server2.example.org/server2.example.org.key | 32 ++-- .../server2.example.org.ocsp.dated.resp | Bin 924 -> 924 bytes .../server2.example.org.ocsp.good.resp | Bin 905 -> 924 bytes .../server2.example.org.ocsp.req | Bin 106 -> 106 bytes .../server2.example.org.ocsp.revoked.resp | Bin 905 -> 924 bytes .../server2.example.org/server2.example.org.p12 | Bin 3066 -> 3066 bytes .../server2.example.org/server2.example.org.pem | 20 +- .../server2.example.org.unlocked.key | 26 ++-- test/aux-fixed/exim-ca/genall | 13 +- test/aux-fixed/ocsp_file.der | Bin 1367 -> 0 bytes test/confs/5650 | 65 ++++++ test/confs/5651 | 118 +++++++++++ test/log/5650 | 7 + test/log/5651 | 34 +++ test/runtest | 4 + test/scripts/5600-OCSP-OpenSSL/5600 | 2 +- .../5600 => 5650-OCSP-GnuTLS/5650} | 8 +- test/scripts/5650-OCSP-GnuTLS/5651 | 65 ++++++ test/scripts/5650-OCSP-GnuTLS/REQUIRES | 3 + test/src/client.c | 68 ++++++- test/stdout/5650 | 80 +++++++ 295 files changed, 2739 insertions(+), 2195 deletions(-) -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
