diff options
| -rw-r--r-- | imap/ChangeLog | 5 | ||||
| -rw-r--r-- | tcpd/libcouriertls.c | 6 | ||||
| -rw-r--r-- | tcpd/starttls.c | 17 |
3 files changed, 27 insertions, 1 deletions
diff --git a/imap/ChangeLog b/imap/ChangeLog index 84296b4..23ba001 100644 --- a/imap/ChangeLog +++ b/imap/ChangeLog @@ -1,3 +1,8 @@ +2022-01-15 Sam Varshavchik <mrsam@courier-mta.com> + + * libcouriertls: use ALARM to kill couriertls if the server process + terminates but openssl hangs trying to shut down the socket. + 5.1.4 2021-08-01 Sam Varshavchik <mrsam@courier-mta.com> diff --git a/tcpd/libcouriertls.c b/tcpd/libcouriertls.c index 39c7d49..7c42f19 100644 --- a/tcpd/libcouriertls.c +++ b/tcpd/libcouriertls.c @@ -67,11 +67,15 @@ struct proto_ops { #define SSL_OP_NO_RENEGOTIATION 0 #endif +#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE +#define SSL_OP_CIPHER_SERVER_PREFERENCE 0 +#endif + struct proto_ops op_list[] = { #ifdef SSL_OP_NO_TLSv1 #ifdef SSL_OP_NO_TLSv1_1 - { "TLSv1.2++", &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_RENEGOTIATION }, + { "TLSv1.2++", &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_RENEGOTIATION|SSL_OP_CIPHER_SERVER_PREFERENCE}, { "TLSv1.2+", &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 }, { "TLSv1.2", &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 }, #endif diff --git a/tcpd/starttls.c b/tcpd/starttls.c index 76fcf3b..6e6229b 100644 --- a/tcpd/starttls.c +++ b/tcpd/starttls.c @@ -20,6 +20,7 @@ #include <stdlib.h> #include <ctype.h> #include <netdb.h> +#include <signal.h> #if HAVE_DIRENT_H #include <dirent.h> #define NAMLEN(dirent) strlen((dirent)->d_name) @@ -526,6 +527,21 @@ static int connect_completed(ssl_handle ssl, int fd) return (1); } +static void child_handler() +{ + alarm(10); +} + +static void trapexit() +{ + struct sigaction sa; + + memset(&sa, 0, sizeof(sa)); + + sa.sa_handler=child_handler; + sigaction(SIGCHLD, &sa, NULL); +} + static int dossl(int fd, int argn, int argc, char **argv) { ssl_context ctx; @@ -563,6 +579,7 @@ static int dossl(int fd, int argn, int argc, char **argv) } startclient(argn, argc, argv, fd, &stdin_fd, &stdout_fd); + trapexit(); if (username) libmail_changeusername(username, 0); |