This diff removes the IO_TLSVERIFIED which is not a io event, and
inlines the necessary code where the callback functions are called
for this event.
Eric.
Index: ioev.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/ioev.c,v
retrieving revision 1.27
diff -u -p -r1.27 ioev.c
--- ioev.c 16 Nov 2016 21:30:37 -0000 1.27
+++ ioev.c 16 Nov 2016 21:56:25 -0000
@@ -118,7 +118,6 @@ io_strevent(int evt)
switch (evt) {
CASE(IO_CONNECTED);
CASE(IO_TLSREADY);
- CASE(IO_TLSVERIFIED);
CASE(IO_DATAIN);
CASE(IO_LOWAT);
CASE(IO_DISCONNECTED);
Index: ioev.h
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/ioev.h,v
retrieving revision 1.7
diff -u -p -r1.7 ioev.h
--- ioev.h 16 Nov 2016 21:30:37 -0000 1.7
+++ ioev.h 16 Nov 2016 21:56:25 -0000
@@ -20,7 +20,6 @@
enum {
IO_CONNECTED = 0, /* connection successful */
IO_TLSREADY, /* TLS started successfully */
- IO_TLSVERIFIED, /* XXX - needs more work */
IO_TLSERROR, /* XXX - needs more work */
IO_DATAIN, /* new data in input buffer */
IO_LOWAT, /* output queue running low */
Index: mta_session.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/mta_session.c,v
retrieving revision 1.84
diff -u -p -r1.84 mta_session.c
--- mta_session.c 16 Nov 2016 21:30:37 -0000 1.84
+++ mta_session.c 16 Nov 2016 21:56:25 -0000
@@ -259,6 +259,7 @@ mta_session_imsg(struct mproc *p, struct
const char *name;
void *ssl;
int dnserror, status;
+ X509 *x;
switch (imsg->hdr.type) {
@@ -363,7 +364,22 @@ mta_session_imsg(struct mproc *p, struct
return;
}
- mta_io(&s->io, IO_TLSVERIFIED, s->io.arg);
+ x = SSL_get_peer_certificate(s->io.ssl);
+ if (x) {
+ log_info("smtp-out: Server certificate verification %s "
+ "on session %016"PRIx64,
+ (s->flags & MTA_VERIFIED) ? "succeeded" : "failed",
+ s->id);
+ X509_free(x);
+ }
+
+ if (s->use_smtps) {
+ mta_enter_state(s, MTA_BANNER);
+ io_set_read(&s->io);
+ }
+ else
+ mta_enter_state(s, MTA_EHLO);
+
io_resume(&s->io, IO_PAUSE_IN);
io_reload(&s->io);
return;
@@ -1141,7 +1157,6 @@ mta_io(struct io *io, int evt, void *arg
size_t len;
const char *error;
int cont;
- X509 *x;
log_trace(TRACE_IO, "mta: %p: %s %s", s, io_strevent(evt),
io_strio(io));
@@ -1170,24 +1185,6 @@ mta_io(struct io *io, int evt, void *arg
io_pause(&s->io, IO_PAUSE_IN);
break;
}
-
- case IO_TLSVERIFIED:
- x = SSL_get_peer_certificate(s->io.ssl);
- if (x) {
- log_info("smtp-out: Server certificate verification %s "
- "on session %016"PRIx64,
- (s->flags & MTA_VERIFIED) ? "succeeded" : "failed",
- s->id);
- X509_free(x);
- }
-
- if (s->use_smtps) {
- mta_enter_state(s, MTA_BANNER);
- io_set_read(io);
- }
- else
- mta_enter_state(s, MTA_EHLO);
- break;
case IO_DATAIN:
nextline:
Index: smtp_session.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v
retrieving revision 1.290
diff -u -p -r1.290 smtp_session.c
--- smtp_session.c 16 Nov 2016 21:30:37 -0000 1.290
+++ smtp_session.c 16 Nov 2016 21:56:26 -0000
@@ -698,6 +698,7 @@ smtp_session_imsg(struct mproc *p, struc
uint32_t msgid;
int status, success, dnserror;
void *ssl_ctx;
+ X509 *x;
switch (imsg->hdr.type) {
case IMSG_SMTP_DNS_PTR:
@@ -993,7 +994,26 @@ smtp_session_imsg(struct mproc *p, struc
smtp_free(s, "SSL certificate check failed");
return;
}
- smtp_io(&s->io, IO_TLSVERIFIED, s->io.arg);
+
+ x = SSL_get_peer_certificate(s->io.ssl);
+ if (x) {
+ log_info("%016"PRIx64" smtp "
+ "event=client-cert-check address=%s host=%s
result=\"%s\"",
+ s->id, ss_to_text(&s->ss), s->hostname,
+ (s->flags & SF_VERIFIED) ? "success" : "failure");
+ X509_free(x);
+ }
+
+ if (s->listener->flags & F_SMTPS) {
+ stat_increment("smtp.smtps", 1);
+ io_set_write(&s->io);
+ smtp_send_banner(s);
+ }
+ else {
+ stat_increment("smtp.tls", 1);
+ smtp_enter_state(s, STATE_HELO);
+ }
+
io_resume(&s->io, IO_PAUSE_IN);
return;
}
@@ -1238,7 +1258,6 @@ smtp_io(struct io *io, int evt, void *ar
struct smtp_session *s = arg;
char *line;
size_t len;
- X509 *x;
log_trace(TRACE_IO, "smtp: %p: %s %s", s, io_strevent(evt),
io_strio(io));
@@ -1266,27 +1285,6 @@ smtp_io(struct io *io, int evt, void *ar
}
/* No verification required, cascade */
-
- case IO_TLSVERIFIED:
- x = SSL_get_peer_certificate(s->io.ssl);
- if (x) {
- log_info("%016"PRIx64" smtp "
- "event=client-cert-check address=%s host=%s
result=\"%s\"",
- s->id, ss_to_text(&s->ss), s->hostname,
- (s->flags & SF_VERIFIED) ? "success" : "failure");
- X509_free(x);
- }
-
- if (s->listener->flags & F_SMTPS) {
- stat_increment("smtp.smtps", 1);
- io_set_write(&s->io);
- smtp_send_banner(s);
- }
- else {
- stat_increment("smtp.tls", 1);
- smtp_enter_state(s, STATE_HELO);
- }
- break;
case IO_DATAIN:
nextline:
