Openssl 3.0.0

Julien ÉLIE julien at trigofacile.com
Sat Oct 2 22:32:44 UTC 2021 

Hi all,

3 out of 4 of the deprecated functions are now fixed and committed to 
the main branch.

>> tls.c: In function 'tls_start_servertls':
>> tls.c:852:9: warning: 'BIO_set_callback' is deprecated: Since OpenSSL 
>> 3.0 [-Wdeprecated-declarations]
>>    852 |         BIO_set_callback(SSL_get_rbio(tls_conn), bio_dump_cb);
>>        |         ^~~~~~~~~~~~~~~~
> BIO_set_callback_ex() should now be used.
> There are 2 more arguments to deal with in the callback function. 
> Normally not difficult to take into account, I can have a look.

Done, and while updating it I saw that we have a possibility to log 
detailed TLS sessions (in hexadecimal) and more stuff: raise the 
tls_loglevel variable in nnrpd/tls.c to 4 and rebuild INN (the value is 
set to 0 in the source code).
I've added a comment to say the verbosity goes from 0 to 4.

This message is just to let you know in case you weren't aware.

I doubt users need it so I don't plan on making it configurable.
And I confirm it works well.

Oct  3 00:10:34 news nnrpd[256368]: starting TLS engine
Oct  3 00:10:34 news nnrpd[256368]: setting up TLS connection
Oct  3 00:10:34 news nnrpd[256368]: SSL_accept:before SSL initialization
Oct  3 00:10:34 news nnrpd[256368]: read from 55F514614640 
[55F51461F823] (5 bytes => 5 (0x5))
Oct  3 00:10:34 news nnrpd[256368]: 0000 16 03 01 02 57
Oct  3 00:10:34 news nnrpd[256368]: read from 55F514614640 
[55F51461F828] (599 bytes => 599 (0x257))
Oct  3 00:10:34 news nnrpd[256368]: 0000 01 00 02 53 03 03 f5 78|ac 91 
58 d6 6a 61 c9 fe
[...]
Oct  3 00:10:34 news nnrpd[256368]: SSL_accept:TLSv1.3 early data
Oct  3 00:10:34 news nnrpd[256368]: SSL_accept:SSLv3/TLS read finished
Oct  3 00:10:34 news nnrpd[256368]: SSL_accept:SSLv3/TLS write session 
ticket
Oct  3 00:10:34 news nnrpd[256368]: SSL_accept:SSLv3/TLS write session 
ticket
Oct  3 00:10:34 news nnrpd[256368]: starttls: TLSv1.3 with cipher 
TLS_AES_256_GCM_SHA384 (256/256 bits) no authentication
Oct  3 00:10:34 news nnrpd[256368]: read from 55F514614640 
[55F51461F823] (5 bytes => 5 (0x5))
Oct  3 00:10:34 news nnrpd[256368]: 0000 17 03 03 00 1e
[...]

-- 
Julien ÉLIE

« Soldats, du haut de ces pyramides, vingt siècles nous contemplent. »
   (Napoléon)

More information about the inn-workers mailing list