You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by si...@apache.org on 2007/01/01 16:41:35 UTC
svn commit: r491592 - in /spamassassin/trunk: MANIFEST spamc/libspamc.c
spamc/libspamc.h spamc/spamc.c spamd/spamd.raw t/spamd_ssl.t
t/spamd_ssl_accept_fail.t t/spamd_ssl_tls.t t/spamd_ssl_v2.t
t/spamd_ssl_v23.t t/spamd_ssl_v3.t
Author: sidney
Date: Mon Jan 1 07:41:34 2007
New Revision: 491592
URL: http://svn.apache.org/viewvc?view=rev&rev=491592
Log:
bug 5265: Add SSL protocol options to spamc and spamd and make the default be a better choice for working on various platforms
Added:
spamassassin/trunk/t/spamd_ssl_tls.t (with props)
spamassassin/trunk/t/spamd_ssl_v2.t (with props)
spamassassin/trunk/t/spamd_ssl_v23.t (with props)
spamassassin/trunk/t/spamd_ssl_v3.t (with props)
Modified:
spamassassin/trunk/MANIFEST
spamassassin/trunk/spamc/libspamc.c
spamassassin/trunk/spamc/libspamc.h
spamassassin/trunk/spamc/spamc.c
spamassassin/trunk/spamd/spamd.raw
spamassassin/trunk/t/spamd_ssl.t
spamassassin/trunk/t/spamd_ssl_accept_fail.t
Modified: spamassassin/trunk/MANIFEST
URL: http://svn.apache.org/viewvc/spamassassin/trunk/MANIFEST?view=diff&rev=491592&r1=491591&r2=491592
==============================================================================
--- spamassassin/trunk/MANIFEST (original)
+++ spamassassin/trunk/MANIFEST Mon Jan 1 07:41:34 2007
@@ -363,10 +363,14 @@
t/spamd_report.t
t/spamd_report_ifspam.t
t/spamd_ssl.t
+t/spamd_ssl_v2.t
+t/spamd_ssl_v23.t
+t/spamd_ssl_v3.t
t/spamd_ssl_accept_fail.t
t/spamd_stop.t
t/spamd_symbols.t
t/spamd_syslog.t
+t/spamd_tls.t
t/spamd_unix.t
t/spamd_utf8.t
t/spf.t
Modified: spamassassin/trunk/spamc/libspamc.c
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamc/libspamc.c?view=diff&rev=491592&r1=491591&r2=491592
==============================================================================
--- spamassassin/trunk/spamc/libspamc.c (original)
+++ spamassassin/trunk/spamc/libspamc.c Mon Jan 1 07:41:34 2007
@@ -1013,7 +1013,15 @@
if (flags & SPAMC_USE_SSL) {
#ifdef SPAMC_SSL
SSLeay_add_ssl_algorithms();
- meth = SSLv2_client_method();
+ if ((flags & SPAMC_SSLV2) && (flags & SPAMC_SSLV3)) {
+ meth = TLSv1_client_method(); /* both flag bits on means use TLSv1 */
+ } else if (flags & SPAMC_SSLV2) {
+ meth = SSLv2_client_method();
+ } else if (flags & SPAMC_SSLV3) {
+ meth = SSLv3_client_method();
+ } else {
+ meth = SSLv23_client_method(); /* no flag bits, default SSLv23 */
+ }
SSL_load_error_strings();
ctx = SSL_CTX_new(meth);
#else
Modified: spamassassin/trunk/spamc/libspamc.h
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamc/libspamc.h?view=diff&rev=491592&r1=491591&r2=491592
==============================================================================
--- spamassassin/trunk/spamc/libspamc.h (original)
+++ spamassassin/trunk/spamc/libspamc.h Mon Jan 1 07:41:34 2007
@@ -116,6 +116,11 @@
/* Oct 21, 2005 sidney: added ping test */
#define SPAMC_PING (1<<19)
+/* Jan 1, 2007 sidney: added SSL protocol versions */
+/* no flags means use default of SSL_v23 */
+/* Set both flags to specify TSL_v1 */
+#define SPAMC_SSLV2 (1<<18)
+#define SPAMC_SSLV3 (1<<17)
#define SPAMC_MESSAGE_CLASS_SPAM 1
#define SPAMC_MESSAGE_CLASS_HAM 2
Modified: spamassassin/trunk/spamc/spamc.c
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamc/spamc.c?view=diff&rev=491592&r1=491591&r2=491592
==============================================================================
--- spamassassin/trunk/spamc/spamc.c (original)
+++ spamassassin/trunk/spamc/spamc.c Mon Jan 1 07:41:34 2007
@@ -220,7 +220,7 @@
{ "dest" , required_argument, 0, 'd' },
{ "randomize", no_argument, 0, 'H' },
{ "port", required_argument, 0, 'p' },
- { "ssl", no_argument, 0, 'S' },
+ { "ssl", optional_argument, 0, 'S' },
{ "socket", required_argument, 0, 'U' },
{ "config", required_argument, 0, 'F' },
{ "timeout", required_argument, 0, 't' },
@@ -333,6 +333,22 @@
case 'S':
{
flags |= SPAMC_USE_SSL;
+ if (!spamc_optarg || (strcmp(spamc_optarg,"sslv23") == 0)) {
+ /* this is the default */
+ }
+ else if (strcmp(spamc_optarg,"sslv2") == 0) {
+ flags |= SPAMC_SSLV2;
+ }
+ else if (strcmp(spamc_optarg,"sslv3") == 0) {
+ flags |= SPAMC_SSLV3;
+ }
+ else if (strcmp(spamc_optarg,"tlsv1") == 0) {
+ flags |= (SPAMC_SSLV2 | SPAMC_SSLV3);
+ }
+ else {
+ libspamc_log(flags, LOG_ERR, "Please specifiy a legal ssl version (%s)", spamc_optarg);
+ ret = EX_USAGE;
+ }
break;
}
#endif
Modified: spamassassin/trunk/spamd/spamd.raw
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamd/spamd.raw?view=diff&rev=491592&r1=491591&r2=491592
==============================================================================
--- spamassassin/trunk/spamd/spamd.raw (original)
+++ spamassassin/trunk/spamd/spamd.raw Mon Jan 1 07:41:34 2007
@@ -249,6 +249,7 @@
'sql-config!' => \$opt{'sql-config'},
'ssl' => \$opt{'ssl'},
'ssl-port=s' => \$opt{'ssl-port'},
+ 'ssl-version=s' => \$opt{'ssl-version'},
'syslog-socket=s' => \$opt{'syslog-socket'},
'syslog|s=s' => \$opt{'syslog'},
'timeout-tcp|T=i' => \$opt{'timeout-tcp'},
@@ -343,6 +344,7 @@
if (
defined $opt{'ssl'}
or defined $opt{'ssl-port'}
+ or defined $opt{'ssl-version'}
)
{
$listen_ssl = 1;
@@ -573,7 +575,7 @@
# Do whitelist later in tmp dir. Side effect: this will be done as -u user.
-my ( $sslport, $inetport, $addr, $proto );
+my ( $sslport, $sslversion, $inetport, $addr, $proto );
if ( $listen_inet || $listen_ssl ) {
$proto = getprotobyname('tcp') or die "getprotobyname(tcp): $!";
@@ -633,8 +635,13 @@
$sslport = ( getservbyname($sslport, 'tcp') )[2];
die "spamd: invalid ssl-port: $opt{'port'}\n" unless $sslport;
}
+ $sslversion = $opt{'ssl-version'} || 'sslv23';
+ if ($sslversion !~ /^(?:sslv([23]|23)|(tlsv1))$/) {
+ die "spamd: invalid ssl-version: $opt{'ssl-version'}\n";
+ }
push @listeninfo, "SSL port $sslport/tcp";
+ push @listeninfo, "SSL version $sslversion";
}
if ( $listen_inet ) {
@@ -788,6 +795,7 @@
Type => SOCK_STREAM,
ReuseAddr => 1,
Listen => SOMAXCONN,
+ SSL_version => $sslversion,
SSL_verify_mode => 0x00,
SSL_key_file => $opt{'server-key'},
SSL_cert_file => $opt{'server-cert'}
Modified: spamassassin/trunk/t/spamd_ssl.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/spamd_ssl.t?view=diff&rev=491592&r1=491591&r2=491592
==============================================================================
--- spamassassin/trunk/t/spamd_ssl.t (original)
+++ spamassassin/trunk/t/spamd_ssl.t Mon Jan 1 07:41:34 2007
@@ -2,7 +2,10 @@
use lib '.'; use lib 't';
use SATest; sa_t_init("spamd_ssl");
-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9),
+ onfail => sub {
+ warn "\n\nNote: This may not be a SpamAssassin bug, as some platforms require that you" .
+ "\nspecify a protocol in spamc --ssl option, and possibly in spamd --ssl-version.\n\n" };
exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
@@ -23,7 +26,6 @@
);
ok (sdrun ("-L --ssl --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
- "-S < data/spam/001",
+ "--ssl < data/spam/001",
\&patterns_run_cb));
ok_all_patterns();
-
Modified: spamassassin/trunk/t/spamd_ssl_accept_fail.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/spamd_ssl_accept_fail.t?view=diff&rev=491592&r1=491591&r2=491592
==============================================================================
--- spamassassin/trunk/t/spamd_ssl_accept_fail.t (original)
+++ spamassassin/trunk/t/spamd_ssl_accept_fail.t Mon Jan 1 07:41:34 2007
@@ -23,9 +23,9 @@
);
-ok (start_spamd ("-L --ssl --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert"));
+ok (start_spamd ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert"));
ok (spamcrun ("< data/spam/001", \&patterns_run_cb));
-ok (spamcrun ("-S < data/spam/001", \&patterns_run_cb));
+ok (spamcrun ("--ssl=sslv3 < data/spam/001", \&patterns_run_cb));
ok (stop_spamd ());
ok_all_patterns();
Added: spamassassin/trunk/t/spamd_ssl_tls.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/spamd_ssl_tls.t?view=auto&rev=491592
==============================================================================
--- spamassassin/trunk/t/spamd_ssl_tls.t (added)
+++ spamassassin/trunk/t/spamd_ssl_tls.t Mon Jan 1 07:41:34 2007
@@ -0,0 +1,28 @@
+#!/usr/bin/perl
+
+use lib '.'; use lib 't';
+use SATest; sa_t_init("spamd_ssl_tls");
+use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+
+exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+
+# ---------------------------------------------------------------------------
+
+%patterns = (
+
+q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
+q{ Subject: There yours for FREE!}, 'subj',
+q{ X-Spam-Status: Yes, score=}, 'status',
+q{ X-Spam-Flag: YES}, 'flag',
+q{ X-Spam-Level: **********}, 'stars',
+q{ TEST_ENDSNUMS}, 'endsinnums',
+q{ TEST_NOREALNAME}, 'noreal',
+q{ This must be the very last line}, 'lastline',
+
+
+);
+
+ok (sdrun ("-L --ssl --ssl-version=tlsv1 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
+ "--ssl=tlsv1 < data/spam/001",
+ \&patterns_run_cb));
+ok_all_patterns();
Propchange: spamassassin/trunk/t/spamd_ssl_tls.t
------------------------------------------------------------------------------
svn:executable = *
Added: spamassassin/trunk/t/spamd_ssl_v2.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/spamd_ssl_v2.t?view=auto&rev=491592
==============================================================================
--- spamassassin/trunk/t/spamd_ssl_v2.t (added)
+++ spamassassin/trunk/t/spamd_ssl_v2.t Mon Jan 1 07:41:34 2007
@@ -0,0 +1,28 @@
+#!/usr/bin/perl
+
+use lib '.'; use lib 't';
+use SATest; sa_t_init("spamd_sslv2");
+use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+
+exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+
+# ---------------------------------------------------------------------------
+
+%patterns = (
+
+q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
+q{ Subject: There yours for FREE!}, 'subj',
+q{ X-Spam-Status: Yes, score=}, 'status',
+q{ X-Spam-Flag: YES}, 'flag',
+q{ X-Spam-Level: **********}, 'stars',
+q{ TEST_ENDSNUMS}, 'endsinnums',
+q{ TEST_NOREALNAME}, 'noreal',
+q{ This must be the very last line}, 'lastline',
+
+
+);
+
+ok (sdrun ("-L --ssl --ssl-version=sslv2 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
+ "--ssl=sslv2 < data/spam/001",
+ \&patterns_run_cb));
+ok_all_patterns();
Propchange: spamassassin/trunk/t/spamd_ssl_v2.t
------------------------------------------------------------------------------
svn:executable = *
Added: spamassassin/trunk/t/spamd_ssl_v23.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/spamd_ssl_v23.t?view=auto&rev=491592
==============================================================================
--- spamassassin/trunk/t/spamd_ssl_v23.t (added)
+++ spamassassin/trunk/t/spamd_ssl_v23.t Mon Jan 1 07:41:34 2007
@@ -0,0 +1,28 @@
+#!/usr/bin/perl
+
+use lib '.'; use lib 't';
+use SATest; sa_t_init("spamd_sslv23");
+use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+
+exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+
+# ---------------------------------------------------------------------------
+
+%patterns = (
+
+q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
+q{ Subject: There yours for FREE!}, 'subj',
+q{ X-Spam-Status: Yes, score=}, 'status',
+q{ X-Spam-Flag: YES}, 'flag',
+q{ X-Spam-Level: **********}, 'stars',
+q{ TEST_ENDSNUMS}, 'endsinnums',
+q{ TEST_NOREALNAME}, 'noreal',
+q{ This must be the very last line}, 'lastline',
+
+
+);
+
+ok (sdrun ("-L --ssl --ssl-version=sslv23 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
+ "--ssl=sslv23 < data/spam/001",
+ \&patterns_run_cb));
+ok_all_patterns();
Propchange: spamassassin/trunk/t/spamd_ssl_v23.t
------------------------------------------------------------------------------
svn:executable = *
Added: spamassassin/trunk/t/spamd_ssl_v3.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/spamd_ssl_v3.t?view=auto&rev=491592
==============================================================================
--- spamassassin/trunk/t/spamd_ssl_v3.t (added)
+++ spamassassin/trunk/t/spamd_ssl_v3.t Mon Jan 1 07:41:34 2007
@@ -0,0 +1,28 @@
+#!/usr/bin/perl
+
+use lib '.'; use lib 't';
+use SATest; sa_t_init("spamd_sslv3");
+use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
+
+exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
+
+# ---------------------------------------------------------------------------
+
+%patterns = (
+
+q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
+q{ Subject: There yours for FREE!}, 'subj',
+q{ X-Spam-Status: Yes, score=}, 'status',
+q{ X-Spam-Flag: YES}, 'flag',
+q{ X-Spam-Level: **********}, 'stars',
+q{ TEST_ENDSNUMS}, 'endsinnums',
+q{ TEST_NOREALNAME}, 'noreal',
+q{ This must be the very last line}, 'lastline',
+
+
+);
+
+ok (sdrun ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
+ "--ssl=sslv3 < data/spam/001",
+ \&patterns_run_cb));
+ok_all_patterns();
Propchange: spamassassin/trunk/t/spamd_ssl_v3.t
------------------------------------------------------------------------------
svn:executable = *