Re: TLS

Mon, 30 Jul 2001 07:34:02 -0700 

I got busy on Friday and couldn't do any work over the weekend.

It looks like I may not be able to dig into this until next weekend, but 
thanks for the comments so far.

Chris

> From:  "Chris Garrigues" <[EMAIL PROTECTED]>
> Date:  Thu, 26 Jul 2001 16:28:06 -0500
>
> > From:  Lynn Winebarger <[EMAIL PROTECTED]>
> > Date:  Thu, 26 Jul 2001 15:12:51 -0600 (MDT)
> >
> >    Do you need it for outgoing connections?  If you want it for incoming
> > connections, you can get it by compiling only qmail-remote.c without TLS
> > defined.  Otherwise you'll probably need to do some hacking.
> 
> I don't really *need* it for outgoing although it would be nice.
> 
> I'll give that compilation scheme a try tomorrow.
> 
> >   Here's the culprit code in qmail-remote.c:
> > ------------
> >           alarm(timeout);
> >           r = SSL_connect(ssl); saveerrno = errno;
> >           alarm(0);
> >           if (flagtimedout)
> >                     {
> >               out("ZTLS not available: connect timed out\n");
> >               zerodie();
> >             }
> >           errno = saveerrno;
> >           if (r<=0)
> >             {
> >               if (needtlsauth && (r=SSL_get_verify_result(ssl)) !=
> > X509_V_OK)
> >                 {
> >                   out("ZTLS unable to verify server with ");
> >                   out(servercert.s); out(": ");
> >                   out(X509_verify_cert_error_string(r)); out("\n");}
> >               else
> >               {
> > #ifdef DEBUG
> >                   out("ZTLS not available: connect failed");
> >                   out(": ");
> >                   out(ERR_error_string(ERR_get_error(), buf));
> >                   out("\n");
> > #else
> >                   out("ZTLS not available: connect failed\n");
> > #endif
> >                 }
> >               zerodie();
> > 
> > ---------------
> >   Probably that last ERR_get_error and ERR_error_string should be changed
> > to SSL_get_error and SSL_error_string, and the check should look for r=0
> > and r=-1 separately so you can find out what's going on at least.


-- 
Chris Garrigues                 http://www.DeepEddy.Com/~cwg/
virCIO                          http://www.virCIO.Com
4314 Avenue C                   
Austin, TX  78751-3709          +1 512 374 0500

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

    Nobody ever got fired for buying Microsoft,
      but they could get fired for relying on Microsoft.

PGP signature

Reply via email to