[ssmtp/f17] validate the TLS server
wolfy
wolfy at fedoraproject.org
Sat Oct 13 23:36:26 UTC 2012
commit 16486d3c61c351e24095fdc3f9d16bc4dbb75576
Author: Manuel Wolfshant <wolfy at fedoraproject.org>
Date: Sun Oct 14 02:36:16 2012 +0300
validate the TLS server
ssmtp-validate-TLS-server-cert.patch | 171 ++++++++++++++++++++++++++++++++++
ssmtp.spec | 16 +++-
2 files changed, 183 insertions(+), 4 deletions(-)
---
diff --git a/ssmtp-validate-TLS-server-cert.patch b/ssmtp-validate-TLS-server-cert.patch
new file mode 100644
index 0000000..36c7465
--- /dev/null
+++ b/ssmtp-validate-TLS-server-cert.patch
@@ -0,0 +1,171 @@
+diff -up ssmtp-2.61/ssmtp.c.old ssmtp-2.61/ssmtp.c
+--- ssmtp-2.61/ssmtp.c.old 2012-10-14 02:03:50.814311625 +0300
++++ ssmtp-2.61/ssmtp.c 2012-10-14 02:31:14.379894032 +0300
+@@ -72,6 +72,9 @@ char *gecos;
+ char *prog = (char)NULL;
+ char *root = NULL;
+ char *tls_cert = "/etc/pki/tls/private/ssmtp.pem"; /* Default Certificate */
++char *tls_key = "/etc/pki/tls/private/ssmtp.pem"; /* Default private key */
++char *tls_ca_file = NULL; /* Trusted Certificate file */
++char *tls_ca_dir = NULL; /* Trusted Certificate directory */
+ char *uad = (char)NULL;
+ char *config_file = (char)NULL; /* alternate configuration file */
+
+@@ -1087,6 +1090,33 @@ bool_t read_config()
+ log_event(LOG_INFO, "Set TLSCert=\"%s\"\n", tls_cert);
+ }
+ }
++ else if(strcasecmp(p, "TLSKey") == 0) {
++ if((tls_key = strdup(q)) == (char *)NULL) {
++ die("parse_config() -- strdup() failed");
++ }
++
++ if(log_level > 0) {
++ log_event(LOG_INFO, "Set TLSKey=\"%s\"\n", tls_key);
++ }
++ }
++ else if(strcasecmp(p, "TLS_CA_File") == 0) {
++ if((tls_ca_file = strdup(q)) == (char *)NULL) {
++ die("parse_config() -- strdup() failed");
++ }
++
++ if(log_level > 0) {
++ log_event(LOG_INFO, "Set TLS_CA_File=\"%s\"\n", tls_ca_file);
++ }
++ }
++ else if(strcasecmp(p, "TLS_CA_Dir") == 0) {
++ if((tls_ca_dir = strdup(q)) == (char *)NULL) {
++ die("parse_config() -- strdup() failed");
++ }
++
++ if(log_level > 0) {
++ log_event(LOG_INFO, "Set TLS_CA_Dir=\"%s\"\n", tls_ca_dir);
++ }
++ }
+ #endif
+ /* Command-line overrides these */
+ else if(strcasecmp(p, "AuthUser") == 0 && !auth_user) {
+@@ -1171,6 +1201,8 @@ int smtp_open(char *host, int port)
+
+ #ifdef HAVE_SSL
+ int err;
++ long lerr;
++ unsigned long ulerr;
+ char buf[(BUF_SZ + 1)];
+
+ /* Init SSL stuff */
+@@ -1193,7 +1225,7 @@ int smtp_open(char *host, int port)
+ return(-1);
+ }
+
+- if(SSL_CTX_use_PrivateKey_file(ctx, tls_cert, SSL_FILETYPE_PEM) <= 0) {
++ if(SSL_CTX_use_PrivateKey_file(ctx, tls_key, SSL_FILETYPE_PEM) <= 0) {
+ perror("Use PrivateKey");
+ return(-1);
+ }
+@@ -1204,6 +1236,17 @@ int smtp_open(char *host, int port)
+ return(-1);
+ }
+ #endif
++
++ if (tls_ca_file || tls_ca_dir) {
++ if(!SSL_CTX_load_verify_locations(ctx, tls_ca_file, tls_ca_dir)) {
++ ulerr = ERR_get_error();
++ log_event(LOG_ERR, "Error setting verify location: %s",
++ ERR_reason_error_string(ulerr));
++ return(-1);
++ }
++ }
++
++ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+ }
+ #endif
+
+@@ -1302,14 +1345,19 @@ int smtp_open(char *host, int port)
+
+ ssl = SSL_new(ctx);
+ if(!ssl) {
+- log_event(LOG_ERR, "SSL not working");
++ ulerr = ERR_get_error();
++ log_event(LOG_ERR, "SSL not working: %s",
++ ERR_reason_error_string(ulerr));
+ return(-1);
+ }
+ SSL_set_fd(ssl, s);
+
+ err = SSL_connect(ssl);
+ if(err < 0) {
+- perror("SSL_connect");
++ perror("SSL_connect")R_get_error();
++ lerr = SSL_get_verify_result(ssl);
++ log_event(LOG_ERR, "SSL not working: %s (%ld)",
++ ERR_reason_error_string(ulerr), lerr);
+ return(-1);
+ }
+
+@@ -1323,8 +1371,6 @@ int smtp_open(char *host, int port)
+ return(-1);
+ }
+ X509_free(server_cert);
+-
+- /* TODO: Check server cert if changed! */
+ }
+ #endif
+
+@@ -1777,7 +1823,7 @@ char **parse_options(int argc, char *arg
+ }
+ else if(strcmp(prog, "newaliases") == 0) {
+ /* Someone wanted to rebuild aliases */
+- paq("newaliases: Aliases are not used in sSMTP\n");
++ paq("newaliases: In sSMTP aliases are read from a plain text file\n");
+ }
+
+ i = 1;
+@@ -1988,7 +2034,7 @@ char **parse_options(int argc, char *arg
+
+ /* Run newaliases if required */
+ case 'D':
+- paq("%s: Aliases are not used in sSMTP\n", prog);
++ paq("%s: In sSMTP aliases are read from a plain text file\n", prog);
+
+ /* Deliver now, in background or queue */
+ /* This may warrant a diagnostic for b or q */
+diff -up ssmtp-2.61/ssmtp.conf.5.old ssmtp-2.61/ssmtp.conf.5
+--- ssmtp-2.61/ssmtp.conf.5.old 2012-10-14 02:10:19.618189217 +0300
++++ ssmtp-2.61/ssmtp.conf.5 2012-10-14 02:22:19.919995183 +0300
+@@ -54,6 +54,15 @@ See RFC 2487.
+ .It Cm TLSCert
+ The file name of an RSA certificate to use for TLS, if required.
+ .Pp
++.It Cm TLSKey
++The file name of an RSA key to use for TLS, if required.
++.Pp
++.It Cm TLS_CA_File
++A file of trusted certificates for validating the server, if required.
++.Pp
++.It Cm TLS_CA_Dir
++A directory of trusted certificates for validating the server, if required.
++.Pp
+ .It Cm AuthUser
+ The user name to use for SMTP AUTH.
+ The default is blank, in which case SMTP AUTH is not used.
+diff -up ssmtp-2.61/TLS.old ssmtp-2.61/TLS
+--- ssmtp-2.61/TLS.old 2012-10-14 02:08:41.110190031 +0300
++++ ssmtp-2.61/TLS 2012-10-14 02:22:48.394994588 +0300
+@@ -26,9 +26,12 @@ Set this to yes to make ssmtp identify i
+ TLSCert=<file>
+ Specify which certificate file should be used.
+
++TLSKey=<file>
++Specify which key file should be used (can be the same as the
++certificate file).
+
+-TODO:
+-* Check server certificate for changes and notify about it.
+-* Diffrent Certificate and Key file?
+-
++TLS_CA_File=<file>
++Optional file of trusted certificates for validating the server.
+
++TLS_CA_Dir=<file>
++Optional directory of trusted certificates for validating the server.
diff --git a/ssmtp.spec b/ssmtp.spec
index fdc8702..723f059 100644
--- a/ssmtp.spec
+++ b/ssmtp.spec
@@ -1,6 +1,6 @@
Name: ssmtp
Version: 2.61
-Release: 18%{?dist}
+Release: 19%{?dist}
Summary: Extremely simple MTA to get mail off the system to a Mailhub
Group: Applications/Internet
License: GPLv2+
@@ -21,6 +21,7 @@ Patch9: %{name}-aliases.patch
Patch10: %{name}-default-cert-path.patch
Patch11: %{name}-standardise.patch
Patch12: %{name}-garbage_writes.patch
+Patch13: %{name}-validate-TLS-server-cert.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
#hack around wrong requires for mutt and mdadm
%if 0%{?rhel}
@@ -42,8 +43,8 @@ hub. It contains no suid-binaries or other dangerous things - no mail spool
to poke around in, and no daemons running in the background. Mail is simply
forwarded to the configured mailhost. Extremely easy configuration.
-WARNING: the above is all it does; it does not receive mail, expand aliases
-or manage a queue. That belongs on a mail hub with a system administrator.
+WARNING: the above is all it does; it does not receive mail nor manage queues.
+That belongs on a mail hub with a system administrator.
%prep
@@ -61,8 +62,9 @@ or manage a queue. That belongs on a mail hub with a system administrator.
%patch10 -p1
%patch11 -p1
%patch12 -p1
+%patch13 -p1
-#add missing libs in orderto fix FTBFS due to changes in implicit DSO linking
+#add missing libs in order to fix FTBFS due to changes in implicit DSO linking
%if "0%{?dist}" >= "0.fc13"
sed -i "s/LIBS -lssl/LIBS -lssl -lcrypto/" configure
%endif
@@ -153,6 +155,12 @@ fi
%changelog
+* Sun Oct 14 2012 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.61-19
+- Optional separation of TLS client key and certificate files
+- Add patch enabling verification of TLS server ( #864894 )
+- Correct %%description and the source in order to reflect that sSMTP expands aliases
+ which are read from a plain text file
+
* Sat Jun 30 2012 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.61-18
- Apply patch to fix addition of garbage at end of attachments
More information about the scm-commits
mailing list