On Wed, Nov 16, 2016 at 11:09:43PM +0100, Eric Faurot wrote: > This diff removes the IO_TLSVERIFIED which is not a io event, and > inlines the necessary code where the callback functions are called > for this event. >
yes, it was confusing too ok > Index: ioev.c > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/ioev.c,v > retrieving revision 1.27 > diff -u -p -r1.27 ioev.c > --- ioev.c 16 Nov 2016 21:30:37 -0000 1.27 > +++ ioev.c 16 Nov 2016 21:56:25 -0000 > @@ -118,7 +118,6 @@ io_strevent(int evt) > switch (evt) { > CASE(IO_CONNECTED); > CASE(IO_TLSREADY); > - CASE(IO_TLSVERIFIED); > CASE(IO_DATAIN); > CASE(IO_LOWAT); > CASE(IO_DISCONNECTED); > Index: ioev.h > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/ioev.h,v > retrieving revision 1.7 > diff -u -p -r1.7 ioev.h > --- ioev.h 16 Nov 2016 21:30:37 -0000 1.7 > +++ ioev.h 16 Nov 2016 21:56:25 -0000 > @@ -20,7 +20,6 @@ > enum { > IO_CONNECTED = 0, /* connection successful */ > IO_TLSREADY, /* TLS started successfully */ > - IO_TLSVERIFIED, /* XXX - needs more work */ > IO_TLSERROR, /* XXX - needs more work */ > IO_DATAIN, /* new data in input buffer */ > IO_LOWAT, /* output queue running low */ > Index: mta_session.c > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/mta_session.c,v > retrieving revision 1.84 > diff -u -p -r1.84 mta_session.c > --- mta_session.c 16 Nov 2016 21:30:37 -0000 1.84 > +++ mta_session.c 16 Nov 2016 21:56:25 -0000 > @@ -259,6 +259,7 @@ mta_session_imsg(struct mproc *p, struct > const char *name; > void *ssl; > int dnserror, status; > + X509 *x; > > switch (imsg->hdr.type) { > > @@ -363,7 +364,22 @@ mta_session_imsg(struct mproc *p, struct > return; > } > > - mta_io(&s->io, IO_TLSVERIFIED, s->io.arg); > + x = SSL_get_peer_certificate(s->io.ssl); > + if (x) { > + log_info("smtp-out: Server certificate verification %s " > + "on session %016"PRIx64, > + (s->flags & MTA_VERIFIED) ? "succeeded" : "failed", > + s->id); > + X509_free(x); > + } > + > + if (s->use_smtps) { > + mta_enter_state(s, MTA_BANNER); > + io_set_read(&s->io); > + } > + else > + mta_enter_state(s, MTA_EHLO); > + > io_resume(&s->io, IO_PAUSE_IN); > io_reload(&s->io); > return; > @@ -1141,7 +1157,6 @@ mta_io(struct io *io, int evt, void *arg > size_t len; > const char *error; > int cont; > - X509 *x; > > log_trace(TRACE_IO, "mta: %p: %s %s", s, io_strevent(evt), > io_strio(io)); > @@ -1170,24 +1185,6 @@ mta_io(struct io *io, int evt, void *arg > io_pause(&s->io, IO_PAUSE_IN); > break; > } > - > - case IO_TLSVERIFIED: > - x = SSL_get_peer_certificate(s->io.ssl); > - if (x) { > - log_info("smtp-out: Server certificate verification %s " > - "on session %016"PRIx64, > - (s->flags & MTA_VERIFIED) ? "succeeded" : "failed", > - s->id); > - X509_free(x); > - } > - > - if (s->use_smtps) { > - mta_enter_state(s, MTA_BANNER); > - io_set_read(io); > - } > - else > - mta_enter_state(s, MTA_EHLO); > - break; > > case IO_DATAIN: > nextline: > Index: smtp_session.c > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v > retrieving revision 1.290 > diff -u -p -r1.290 smtp_session.c > --- smtp_session.c 16 Nov 2016 21:30:37 -0000 1.290 > +++ smtp_session.c 16 Nov 2016 21:56:26 -0000 > @@ -698,6 +698,7 @@ smtp_session_imsg(struct mproc *p, struc > uint32_t msgid; > int status, success, dnserror; > void *ssl_ctx; > + X509 *x; > > switch (imsg->hdr.type) { > case IMSG_SMTP_DNS_PTR: > @@ -993,7 +994,26 @@ smtp_session_imsg(struct mproc *p, struc > smtp_free(s, "SSL certificate check failed"); > return; > } > - smtp_io(&s->io, IO_TLSVERIFIED, s->io.arg); > + > + x = SSL_get_peer_certificate(s->io.ssl); > + if (x) { > + log_info("%016"PRIx64" smtp " > + "event=client-cert-check address=%s host=%s > result=\"%s\"", > + s->id, ss_to_text(&s->ss), s->hostname, > + (s->flags & SF_VERIFIED) ? "success" : "failure"); > + X509_free(x); > + } > + > + if (s->listener->flags & F_SMTPS) { > + stat_increment("smtp.smtps", 1); > + io_set_write(&s->io); > + smtp_send_banner(s); > + } > + else { > + stat_increment("smtp.tls", 1); > + smtp_enter_state(s, STATE_HELO); > + } > + > io_resume(&s->io, IO_PAUSE_IN); > return; > } > @@ -1238,7 +1258,6 @@ smtp_io(struct io *io, int evt, void *ar > struct smtp_session *s = arg; > char *line; > size_t len; > - X509 *x; > > log_trace(TRACE_IO, "smtp: %p: %s %s", s, io_strevent(evt), > io_strio(io)); > @@ -1266,27 +1285,6 @@ smtp_io(struct io *io, int evt, void *ar > } > > /* No verification required, cascade */ > - > - case IO_TLSVERIFIED: > - x = SSL_get_peer_certificate(s->io.ssl); > - if (x) { > - log_info("%016"PRIx64" smtp " > - "event=client-cert-check address=%s host=%s > result=\"%s\"", > - s->id, ss_to_text(&s->ss), s->hostname, > - (s->flags & SF_VERIFIED) ? "success" : "failure"); > - X509_free(x); > - } > - > - if (s->listener->flags & F_SMTPS) { > - stat_increment("smtp.smtps", 1); > - io_set_write(&s->io); > - smtp_send_banner(s); > - } > - else { > - stat_increment("smtp.tls", 1); > - smtp_enter_state(s, STATE_HELO); > - } > - break; > > case IO_DATAIN: > nextline: > -- Gilles Chehade https://www.poolp.org @poolpOrg