Re: [exim-dev] Help debugging a tls smtp session
Thanks, Jeremy and Victor. As is often the way, once I sent my plea, the next search of the code found my problem. I was setting the status value (done) to something other than "continue". In fact I should not have touched it at all. On Wed, 29 Mar 2023, Jeremy Harris via Exim-dev wrote: On 28/03/2023 13:48, Andrew C Aitchison via Exim-dev wrote: I'm attempting to write CLIENTID support for Exim. My current attempt is available at https://www.aitchison.me.uk/exim/clientid.20230325.patch I am using the exim test suite. Below is the significant part of runtest --keep 3752 When I do STARTTLS -> CLIENTID -> NOOP the CLIENTID gives the correct response code but the next command fails (it doesn't have to be a NOOP) in a way suggesting that I have lost synchronization. Sometimes the TLS connection reports unexpected commands in the input buffer (which I confirm to match what I expect the script to send next). Next step: add "-d+all" to the exim daemon line in the test script, and inspect the resulting "test-sterr-server" file. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: [exim-dev] Help debugging a tls smtp session
On Tue, Mar 28, 2023 at 01:48:25PM +0100, Andrew C Aitchison via Exim-dev wrote: > When I do STARTTLS -> CLIENTID -> NOOP > the CLIENTID gives the correct response code but the next command > fails (it doesn't have to be a NOOP) in a way suggesting that I have > lost synchronization. Sometimes the TLS connection reports unexpected > commands in the input buffer (which I confirm to match what I expect > the script to send next). > > I do have PIPECONNECT enabled, so I may well be tangled up in that somehow. Can you explain in more detail what the test script is doing? Is per chance pipelining multiple commands with STARTTLS (which then end up in the cleartext input buffer even post STARTTLS)? The client script must not transmit any further SMTP commands after "STARTTLS" until it has read the response and if succesful (2XX) completed a TLS handshake. Only at that point may further commands be sent, and they must be sent over the TLS connection, not the raw TCP connection. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: [exim-dev] Help debugging a tls smtp session
On 28/03/2023 13:48, Andrew C Aitchison via Exim-dev wrote: I'm attempting to write CLIENTID support for Exim. My current attempt is available at https://www.aitchison.me.uk/exim/clientid.20230325.patch I am using the exim test suite. Below is the significant part of runtest --keep 3752 When I do STARTTLS -> CLIENTID -> NOOP the CLIENTID gives the correct response code but the next command fails (it doesn't have to be a NOOP) in a way suggesting that I have lost synchronization. Sometimes the TLS connection reports unexpected commands in the input buffer (which I confirm to match what I expect the script to send next). I do have PIPECONNECT enabled, so I may well be tangled up in that somehow. That's not getting involved, here (your exim is not advertising it for the connection). Any suggestions on how to proceed ? Connecting to 127.0.0.1 port 1225 ... connected So this is the testsuite "client" output. ... ??? 250-CLIENTID <<< 250-CLIENTID ??? 250 HELP <<< 250 HELP CLIENTID exim-device client-id-token ??? 250 OK <<< 250 OK NOOP ??? 250 OK Error in the pull function. Unexpected EOF read The client was expecting some more TLS input, but (probably; it's the most likely cause for that) the server closed the TCP connection. Next step: add "-d+all" to the exim daemon line in the test script, and inspect the resulting "test-sterr-server" file. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] Help debugging a tls smtp session
I'm attempting to write CLIENTID support for Exim. My current attempt is available at https://www.aitchison.me.uk/exim/clientid.20230325.patch I am using the exim test suite. Below is the significant part of runtest --keep 3752 When I do STARTTLS -> CLIENTID -> NOOP the CLIENTID gives the correct response code but the next command fails (it doesn't have to be a NOOP) in a way suggesting that I have lost synchronization. Sometimes the TLS connection reports unexpected commands in the input buffer (which I confirm to match what I expect the script to send next). I do have PIPECONNECT enabled, so I may well be tangled up in that somehow. Any suggestions on how to proceed ? Connecting to 127.0.0.1 port 1225 ... connected Certificate file = /home/eximtest/git/Exim/exim/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.examp le.org.pem Key file = /home/eximtest/git/Exim/exim/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.u nlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Sat, 25 Mar 2023 17:48:12 + EHLO tester2a ??? 250- <<< 250-myhost.test.ex Hello tester2a [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- <<< 250-8BITMIME ??? 250-STARTTLS <<< 250-STARTTLS ??? 250 HELP <<< 250 HELP STARTTLS ??? 220 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS EHLO tester2b ??? 250- <<< 250-myhost.test.ex Hello tester2b [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- <<< 250-8BITMIME ??? 250-AUTH <<< 250-AUTH EXTERNAL ??? 250-CLIENTID <<< 250-CLIENTID ??? 250 HELP <<< 250 HELP CLIENTID exim-device client-id-token ??? 250 OK <<< 250 OK NOOP ??? 250 OK Error in the pull function. Unexpected EOF read Thanks, -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##