Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package librelp for openSUSE:Factory checked in at 2021-03-02 14:42:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/librelp (Old) and /work/SRC/openSUSE:Factory/.librelp.new.2378 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "librelp" Tue Mar 2 14:42:37 2021 rev:42 rq:874565 version:1.10.0 Changes: -------- --- /work/SRC/openSUSE:Factory/librelp/librelp.changes 2020-12-05 20:35:44.170620702 +0100 +++ /work/SRC/openSUSE:Factory/.librelp.new.2378/librelp.changes 2021-03-02 15:19:40.389718475 +0100 @@ -1,0 +2,6 @@ +Wed Feb 17 11:21:54 UTC 2021 - Andreas Stieger <andreas.stie...@gmx.de> + +- librelp 1.10.0: + * TLS handling: custom cipherstrings (tlscommands) were not used + +------------------------------------------------------------------- Old: ---- librelp-1.9.0.tar.gz New: ---- librelp-1.10.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ librelp.spec ++++++ --- /var/tmp/diff_new_pack.UyD7Pe/_old 2021-03-02 15:19:40.869718788 +0100 +++ /var/tmp/diff_new_pack.UyD7Pe/_new 2021-03-02 15:19:40.873718790 +0100 @@ -1,7 +1,7 @@ # # spec file for package librelp # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define library_name librelp0 Name: librelp -Version: 1.9.0 +Version: 1.10.0 Release: 0 Summary: A reliable logging library License: GPL-3.0-or-later ++++++ librelp-1.9.0.tar.gz -> librelp-1.10.0.tar.gz ++++++ ++++ 3224 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/ChangeLog new/librelp-1.10.0/ChangeLog --- old/librelp-1.9.0/ChangeLog 2020-11-20 08:34:10.000000000 +0100 +++ new/librelp-1.10.0/ChangeLog 2021-02-16 09:07:37.000000000 +0100 @@ -1,4 +1,21 @@ ---------------------------------------------------------------------- +Version 1.10.0 - 2021-02-16 +- TLS handling bugfix + When the client tried to conntect to the server, custom + cipherstrings (Set by tlscommands feature) were not used. This + could lead to the negotiation of different and potentially weaker + ciphers. Other custom tlscommands settings like Protocol where not + affected. We do not overwrite the custom ciphers anymore if they are + set by tlscommands. Another problem only related to the relp + receiver (server) was, that the custom tlscommands/priority string + where not applied on the accepted client connections. This could + lead to the same problem as the default ciphers were used. + Besides the main problem, the following changes were applied: + - Add new testcase for setting custom tls ciphers in tlscommand. + - Add support to use semicolon (;) as tlscommand seperator (See new testcase) + - Fix GCC9 "destination size" warning in offers.c + closes: https://github.com/rsyslog/librelp/issues/224 +---------------------------------------------------------------------- Version 1.9.0 - 2020-11-24 - openssl bugfix: preprocessor check for tlsconfigcmd code tls config commands no is compiled for OpenSSL 1.0.2. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/Makefile.am new/librelp-1.10.0/Makefile.am --- old/librelp-1.9.0/Makefile.am 2018-12-09 15:31:02.000000000 +0100 +++ new/librelp-1.10.0/Makefile.am 2021-02-16 09:07:37.000000000 +0100 @@ -3,3 +3,5 @@ pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = relp.pc + +# Note: version-info is set in ./src/Makefile.am! diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/compile new/librelp-1.10.0/compile --- old/librelp-1.9.0/compile 2020-08-24 09:08:30.000000000 +0200 +++ new/librelp-1.10.0/compile 2021-02-16 09:05:50.000000000 +0100 @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2012-10-14.11; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # Written by Tom Tromey <tro...@cygnus.com>. # # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -255,7 +255,8 @@ echo "compile $scriptversion" exit $? ;; - cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ + icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) func_cl_wrapper "$@" # Doesn't return... ;; esac @@ -339,9 +340,9 @@ # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/configure.ac new/librelp-1.10.0/configure.ac --- old/librelp-1.9.0/configure.ac 2020-11-20 08:33:46.000000000 +0100 +++ new/librelp-1.10.0/configure.ac 2021-02-16 09:07:37.000000000 +0100 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([librelp], [1.9.0], [rgerha...@adiscon.com]) +AC_INIT([librelp], [1.10.0], [rgerha...@adiscon.com]) # change to the one below if Travis has a timeout #AM_INIT_AUTOMAKE([subdir-objects serial-tests]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/m4/libtool.m4 new/librelp-1.10.0/m4/libtool.m4 --- old/librelp-1.9.0/m4/libtool.m4 2020-08-24 09:08:25.000000000 +0200 +++ new/librelp-1.10.0/m4/libtool.m4 2021-02-16 09:05:43.000000000 +0100 @@ -1041,8 +1041,8 @@ _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD - echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD - $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF @@ -1492,7 +1492,7 @@ m4_defun([_LT_PROG_AR], [AC_CHECK_TOOLS(AR, [ar], false) : ${AR=ar} -: ${AR_FLAGS=cru} +: ${AR_FLAGS=cr} _LT_DECL([], [AR], [1], [The archiver]) _LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) @@ -4063,7 +4063,8 @@ if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm - if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then + $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD + if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -4703,6 +4704,12 @@ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; + # flang / f18. f95 an alias for gfortran or flang on Debian + flang* | f18* | f95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) @@ -6438,7 +6445,7 @@ # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else GXX=no @@ -6813,7 +6820,7 @@ # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test yes = "$GXX"; then @@ -6878,7 +6885,7 @@ # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test yes = "$GXX"; then @@ -7217,7 +7224,7 @@ # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else # FIXME: insert proper C++ library support @@ -7301,7 +7308,7 @@ # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else # g++ 2.7 appears to require '-G' NOT '-shared' on this # platform. @@ -7312,7 +7319,7 @@ # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/missing new/librelp-1.10.0/missing --- old/librelp-1.9.0/missing 2020-08-24 09:08:30.000000000 +0200 +++ new/librelp-1.10.0/missing 2021-02-16 09:05:50.000000000 +0100 @@ -1,9 +1,9 @@ #! /bin/sh # Common wrapper for a few potentially missing GNU programs. -scriptversion=2013-10-28.13; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996. # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -101,9 +101,9 @@ exit $st fi -perl_URL=http://www.perl.org/ -flex_URL=http://flex.sourceforge.net/ -gnu_software_URL=http://www.gnu.org/software +perl_URL=https://www.perl.org/ +flex_URL=https://github.com/westes/flex +gnu_software_URL=https://www.gnu.org/software program_details () { @@ -207,9 +207,9 @@ exit $st # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/src/Makefile.am new/librelp-1.10.0/src/Makefile.am --- old/librelp-1.9.0/src/Makefile.am 2020-11-19 12:54:12.000000000 +0100 +++ new/librelp-1.10.0/src/Makefile.am 2021-02-16 09:07:37.000000000 +0100 @@ -50,6 +50,6 @@ librelp_la_LIBADD = $(rt_libs) $(GNUTLS_LIBS) $(OPENSSL_LIBS) # info on version-info: # http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html -librelp_la_LDFLAGS = -version-info 5:0:5 -export-symbols-regex '^relp[^_]*$$' +librelp_la_LDFLAGS = -version-info 5:1:5 -export-symbols-regex '^relp[^_]*$$' include_HEADERS = librelp.h diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/src/offers.c new/librelp-1.10.0/src/offers.c --- old/librelp-1.9.0/src/offers.c 2020-08-19 10:06:16.000000000 +0200 +++ new/librelp-1.10.0/src/offers.c 2021-02-16 09:07:24.000000000 +0100 @@ -218,7 +218,7 @@ snprintf((char*)pThis->szVal, sizeof(pThis->szVal), "%d", intVal); pThis->intVal = intVal; } else { - strncpy((char*)pThis->szVal, (char*)pszVal, sizeof(pThis->szVal)); + strncpy((char*)pThis->szVal, (char*)pszVal, sizeof(pThis->szVal) - 1); /* check if the string actually is an integer... */ Val = 0; i = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/src/tcp.c new/librelp-1.10.0/src/tcp.c --- old/librelp-1.9.0/src/tcp.c 2020-11-19 12:54:12.000000000 +0100 +++ new/librelp-1.10.0/src/tcp.c 2021-02-16 09:07:24.000000000 +0100 @@ -1228,6 +1228,7 @@ pristringBuf[sizeof(pristringBuf)-1] = '\0'; pristring = pristringBuf; } else { + /* We use custom CipherString if used sets it by SslConfCmd */ pristring = pThis->pristring; } @@ -1662,6 +1663,7 @@ pszCmd = strndup(pCurrentPos, pNextPos-pCurrentPos); pCurrentPos = pNextPos+1; pNextPos = index(pCurrentPos, '\n'); + pNextPos = (pNextPos == NULL ? index(pCurrentPos, ';') : pNextPos); pszValue = (pNextPos == NULL ? strdup(pCurrentPos) : strndup(pCurrentPos, pNextPos - pCurrentPos)); @@ -1673,6 +1675,12 @@ pThis->pEngine->dbgprint((char*)"relpTcpSetSslConfCmd_ossl: " "Successfully added Command '%s':'%s'\n", pszCmd, pszValue); + if(!strcmp(pszCmd, "CipherString")) { + relpTcpSetGnuTLSPriString(pThis,pszValue); + pThis->pEngine->dbgprint((char*)"relpTcpSetSslConfCmd_ossl: " + "Copy Custom CipherString '%s' to GnuTLSPriString\n", + pszValue); + } } else { snprintf(errmsg, sizeof(errmsg), @@ -1729,16 +1737,24 @@ // Set SSL_MODE_AUTO_RETRY to SSL obj SSL_set_mode(pThis->ssl, SSL_MODE_AUTO_RETRY); - + + // Copy Properties from Server TCP obj over pThis->authmode = pSrv->pTcp->authmode; pThis->pUsr = pSrv->pUsr; + pThis->pristring = (pSrv->pTcp->pristring != NULL ? strdup(pSrv->pTcp->pristring) : NULL); + pThis->tlsConfigCmd = (pSrv->pTcp->tlsConfigCmd != NULL ? strdup(pSrv->pTcp->tlsConfigCmd) : NULL); if(!isAnonAuth(pThis->pSrv->pTcp)) { CHKRet(relpTcpSslInitCerts(pThis, pThis->pSrv->ownCertFile, pThis->pSrv->privKey)); } else pThis->authmode = eRelpAuthMode_None; + /* Set TLS Options if configured */ + CHKRet(relpTcpSetSslConfCmd_ossl(pThis, pThis->tlsConfigCmd)); + + /* Set TLS Priority Options */ CHKRet(relpTcpTLSSetPrio(pThis)); + SSL_set_ex_data(pThis->ssl, 0, pThis); if (pThis->authmode != eRelpAuthMode_None) { @@ -1817,29 +1833,14 @@ CHKRet(relpTcpInitTLS(pThis)); } - /*set client state */ - pThis->sslState = osslClient; - - /* Set TLS Options if configured */ - CHKRet(relpTcpSetSslConfCmd_ossl(pThis, pThis->tlsConfigCmd)); - - /* Create BIO from ptcp socket! */ - conn = BIO_new_socket(pThis->sock, BIO_CLOSE /*BIO_NOCLOSE*/); - pThis->pEngine->dbgprint((char*)"relpTcpConnectTLSInit: Init conn BIO[%p] done\n", (void *)conn); - - /* Set debug Callback for client BIO as well! */ - BIO_set_callback(conn, BIO_debug_callback); - BIO_set_callback_arg(conn, (char *)pThis); - -/* TODO: still needed? Set to NON blocking ! */ -BIO_set_nbio( conn, 1 ); - /*if we reach this point we are in tls mode */ pThis->pEngine->dbgprint((char*)"relpTcpConnectTLSInit: TLS Mode\n"); + if(!(pThis->ssl = SSL_new(ctx))) { relpTcpLastSSLErrorMsg(0, pThis, "relpTcpConnectTLSInit"); ABORT_FINALIZE(RELP_RET_IO_ERR); } + // Set SSL_MODE_AUTO_RETRY to SSL obj SSL_set_mode(pThis->ssl, SSL_MODE_AUTO_RETRY); @@ -1850,9 +1851,28 @@ } else pThis->authmode = eRelpAuthMode_None; + /* Set TLS Options if configured */ + CHKRet(relpTcpSetSslConfCmd_ossl(pThis, pThis->tlsConfigCmd)); + + /* Set TLS Priority Options */ CHKRet(relpTcpTLSSetPrio(pThis)); + SSL_set_ex_data(pThis->ssl, 0, (void*)pThis); + /*set client state */ + pThis->sslState = osslClient; + + /* Create BIO from ptcp socket! */ + conn = BIO_new_socket(pThis->sock, BIO_CLOSE /*BIO_NOCLOSE*/); + pThis->pEngine->dbgprint((char*)"relpTcpConnectTLSInit: Init conn BIO[%p] done\n", (void *)conn); + + /* Set debug Callback for client BIO as well! */ + BIO_set_callback(conn, BIO_debug_callback); + BIO_set_callback_arg(conn, (char *)pThis); + +/* TODO: still needed? Set to NON blocking ! */ +BIO_set_nbio( conn, 1 ); + SSL_set_bio(pThis->ssl, conn, conn); SSL_set_connect_state(pThis->ssl); /*sets ssl to work in client mode.*/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/test-driver new/librelp-1.10.0/test-driver --- old/librelp-1.9.0/test-driver 2020-08-24 09:08:30.000000000 +0200 +++ new/librelp-1.10.0/test-driver 2021-02-16 09:05:50.000000000 +0100 @@ -1,9 +1,9 @@ #! /bin/sh # test-driver - basic testsuite driver script. -scriptversion=2013-07-13.22; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 2011-2014 Free Software Foundation, Inc. +# Copyright (C) 2011-2018 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -140,9 +140,9 @@ # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/tests/Makefile.am new/librelp-1.10.0/tests/Makefile.am --- old/librelp-1.9.0/tests/Makefile.am 2020-09-29 09:01:33.000000000 +0200 +++ new/librelp-1.10.0/tests/Makefile.am 2021-02-16 09:07:24.000000000 +0100 @@ -26,6 +26,7 @@ tls-basic-fingerprint.sh \ tls-basic-wildcard.sh \ tls-basic-tlscommand.sh \ + tls-basic-tlscommand-ciphers.sh \ tls-basic-certchain.sh \ tls-basic-certvalid-mixed.sh \ tls-receiver-abort.sh \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/tests/tls-basic-tlscommand-ciphers.sh new/librelp-1.10.0/tests/tls-basic-tlscommand-ciphers.sh --- old/librelp-1.9.0/tests/tls-basic-tlscommand-ciphers.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/librelp-1.10.0/tests/tls-basic-tlscommand-ciphers.sh 2021-02-16 09:07:24.000000000 +0100 @@ -0,0 +1,49 @@ +#!/bin/bash +. ${srcdir:=$(pwd)}/test-framework.sh +export errorlog="error.$LIBRELP_DYN.log" +# export OPT_VERBOSE=-v # uncomment for debugging + +function actual_test() { + # Test only supported for OpenSSL + if [ "$TEST_TLS_LIB" == "openssl" ]; then + startup_receiver --tls-lib $TEST_TLS_LIB -T -a "name" -x ${srcdir}/tls-certs/ca.pem \ + -y ${srcdir}/tls-certs/cert.pem -z ${srcdir}/tls-certs/key.pem \ + -P 'testbench.rsyslog.com' \ + --errorfile $TESTDIR/$errorlog \ + -c "Protocol=ALL,-SSLv2,-SSLv3,-TLSv1,-TLSv1.1;CipherString=ECDHE-RSA-AES256-GCM-SHA384;MinProtocol=TLSv1.2;MaxProtocol=TLSv1.2;Ciphersuites=TLS_AES_256_GCM_SHA384" + + echo 'Send Message...' + ./send --tls-lib $TEST_TLS_LIB -t 127.0.0.1 -p $TESTPORT -m "testmessage" -T -a "name" \ + -x ${srcdir}/tls-certs/ca.pem -y ${srcdir}/tls-certs/cert.pem \ + -z ${srcdir}/tls-certs/key.pem -P 'testbench.rsyslog.com' \ + -c "CipherString=ECDHE-RSA-AES128-GCM-SHA256;Ciphersuites=TLS_AES_128_GCM_SHA256" \ + --errorfile $TESTDIR/$errorlog \ + $OPT_VERBOSE + + stop_receiver + + if test -f $TESTDIR/$errorlog; then + check_output --check-only "OpenSSL Version too old" $TESTDIR/$errorlog + ret=$? + if [ $ret == 0 ]; then + echo "SKIP: OpenSSL Version too old" + exit 77 + else + # Try "handshake failed" first + check_output --check-only "handshake fail" $TESTDIR/$errorlog + ret=$? + if [ $ret != 0 ]; then + check_output "wrong version number" $TESTDIR/$errorlog + fi + fi + else + echo "SKIP: $TESTDIR/$errorlog was not created" + exit 77 + fi + else + echo "SKIP: For $TEST_TLS_LIB" + fi +} + +do_tls_subtests +terminate diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/librelp-1.9.0/tests/tls-basic-tlscommand.sh new/librelp-1.10.0/tests/tls-basic-tlscommand.sh --- old/librelp-1.9.0/tests/tls-basic-tlscommand.sh 2020-11-19 12:54:12.000000000 +0100 +++ new/librelp-1.10.0/tests/tls-basic-tlscommand.sh 2021-02-16 09:07:24.000000000 +0100 @@ -1,26 +1,27 @@ #!/bin/bash . ${srcdir:=$(pwd)}/test-framework.sh export errorlog="error.$LIBRELP_DYN.log" +# export OPT_VERBOSE=-v # uncomment for debugging function actual_test() { - startup_receiver --tls-lib $TEST_TLS_LIB -T -a "name" -x ${srcdir}/tls-certs/ca.pem \ - -y ${srcdir}/tls-certs/cert.pem -z ${srcdir}/tls-certs/key.pem \ - -P 'testbench.rsyslog.com' \ - --errorfile $TESTDIR/$errorlog \ - -c "Protocol=ALL,-SSLv2,-SSLv3,-TLSv1,-TLSv1.2" + # Test only supported for OpenSSL + if [ "$TEST_TLS_LIB" == "openssl" ]; then + startup_receiver --tls-lib $TEST_TLS_LIB -T -a "name" -x ${srcdir}/tls-certs/ca.pem \ + -y ${srcdir}/tls-certs/cert.pem -z ${srcdir}/tls-certs/key.pem \ + -P 'testbench.rsyslog.com' \ + --errorfile $TESTDIR/$errorlog \ + -c "Protocol=ALL,-SSLv2,-SSLv3,-TLSv1,-TLSv1.2;CipherString=ECDHE-RSA-AES256-GCM-SHA384;Protocol=ALL,-SSLv2,-SSLv3,-TLSv1,-TLSv1.2,-TLSv1.3;MinProtocol=TLSv1.2;MaxProtocol=TLSv1.2" - echo 'Send Message...' - ./send --tls-lib $TEST_TLS_LIB -t 127.0.0.1 -p $TESTPORT -m "testmessage" -T -a "name" \ - -x ${srcdir}/tls-certs/ca.pem -y ${srcdir}/tls-certs/cert.pem \ - -z ${srcdir}/tls-certs/key.pem -P 'testbench.rsyslog.com' \ - -c "Protocol=-ALL,TLSv1.2" \ - --errorfile $TESTDIR/$errorlog \ - $OPT_VERBOSE + echo 'Send Message...' + ./send --tls-lib $TEST_TLS_LIB -t 127.0.0.1 -p $TESTPORT -m "testmessage" -T -a "name" \ + -x ${srcdir}/tls-certs/ca.pem -y ${srcdir}/tls-certs/cert.pem \ + -z ${srcdir}/tls-certs/key.pem -P 'testbench.rsyslog.com' \ + -c "Protocol=ALL,-SSLv2,-SSLv3,-TLSv1.1,-TLSv1.2;CipherString=DHE-RSA-AES256-SHA;Protocol=ALL,-SSLv2,-SSLv3,-TLSv1.1,-TLSv1.2,-TLSv1.3;MinProtocol=TLSv1.1;MaxProtocol=TLSv1.1" \ + --errorfile $TESTDIR/$errorlog \ + $OPT_VERBOSE - stop_receiver + stop_receiver - # Test only supported for OpenSSL - if [ "$TEST_TLS_LIB" == "openssl" ]; then if test -f $TESTDIR/$errorlog; then check_output --check-only "OpenSSL Version too old" $TESTDIR/$errorlog ret=$? @@ -39,6 +40,8 @@ echo "SKIP: $TESTDIR/$errorlog was not created" exit 77 fi + else + echo "SKIP: For $TEST_TLS_LIB" fi }