[hcoop/debian/exim4.git] / debian / patches / 75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch

From c15523829ba17cce5829e2976aa1ff928965d948 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sat, 16 Feb 2019 12:59:23 +0000
Subject: [PATCH 7/7] GnuTLS: Fix client detection of server reject of client
 cert under TLS1.3

(cherry picked from commit fc243e944ec00b59b75f41d07494116f925d58b4)
---
 doc/ChangeLog         |  7 +++
 src/deliver.c             |  2 +-
 src/smtp_out.c            | 10 +++--
 src/tls-gnu.c             | 23 +++-------
 src/transports/lmtp.c     |  3 +-
 src/transports/smtp.c     | 81 +++++++++++++++++++++++++++--------
 test/confs/2027               |  8 ++--
 test/confs/5652               |  1 +
 test/confs/5821               |  2 +-
 test/log/2027                 |  2 +-
 test/runtest                  | 14 ++++++
 test/scripts/2000-GnuTLS/2027 |  2 +
 12 files changed, 111 insertions(+), 44 deletions(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 66c8a7a1..867a1d8a 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -11,6 +11,13 @@ Since version 4.92
 JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible
       buffer overrun for (non-chunking) other transports.
 
+JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
+      TLS1.3, means that a server rejecting a client certificate is not visible
+      to the client until the first read of encrypted data (typically the
+      response to EHLO).  Add detection for that case and treat it as a failed
+      TLS connection attempt, so that the normal retry-in-clear can work (if
+      suitably configured).
+
 
 Exim version 4.92
 -----------------
diff --git a/src/deliver.c b/src/deliver.c
index 664d0045..e1799411 100644
--- a/src/deliver.c
+++ b/src/deliver.c
@@ -7433,7 +7433,7 @@ if (addr_senddsn)
 
     tctx.u.fd = fd;
     tctx.options = topt_add_return_path | topt_no_body;
-    /*XXX hmm, retval ignored.
+    /*XXX hmm, FALSE(fail) retval ignored.
     Could error for any number of reasons, and they are not handled. */
     transport_write_message(&tctx, 0);
     fflush(f);
diff --git a/src/smtp_out.c b/src/smtp_out.c
index 9bd90c77..b194e804 100644
--- a/src/smtp_out.c
+++ b/src/smtp_out.c
@@ -688,20 +688,22 @@ Returns:    TRUE if a valid, non-error response was received; else FALSE
 /*XXX could move to smtp transport; no other users */
 
 BOOL
-smtp_read_response(void * sx0, uschar *buffer, int size, int okdigit,
+smtp_read_response(void * sx0, uschar * buffer, int size, int okdigit,
    int timeout)
 {
 smtp_context * sx = sx0;
-uschar *ptr = buffer;
-int count = 0;
+uschar * ptr = buffer;
+int count = 0, rc;
 
 errno = 0;  /* Ensure errno starts out zero */
 
 #ifdef EXPERIMENTAL_PIPE_CONNECT
 if (sx->pending_BANNER || sx->pending_EHLO)
-  if (smtp_reap_early_pipe(sx, &count) != OK)
+  if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
     {
     DEBUG(D_transport) debug_printf("failed reaping pipelined cmd responsess\n");
+    buffer[0] = '\0';
+    if (rc == DEFER) errno = ERRNO_TLSFAILURE;
     return FALSE;
     }
 #endif
diff --git a/src/tls-gnu.c b/src/tls-gnu.c
index c404dc29..de2d70c0 100644
--- a/src/tls-gnu.c
+++ b/src/tls-gnu.c
@@ -229,7 +229,7 @@ static gnutls_dh_params_t dh_server_params = NULL;
 
 static const int ssl_session_timeout = 200;
 
-static const char * const exim_default_gnutls_priority = "NORMAL";
+static const uschar * const exim_default_gnutls_priority = US"NORMAL";
 
 /* Guard library core initialisation */
 
@@ -1278,7 +1278,6 @@ int rc;
 size_t sz;
 const char *errpos;
 uschar *p;
-BOOL want_default_priorities;
 
 if (!exim_gnutls_base_init_done)
   {
@@ -1387,32 +1386,24 @@ and replaces gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols.
 This was backwards incompatible, but means Exim no longer needs to track
 all algorithms and provide string forms for them. */
 
-want_default_priorities = TRUE;
-
+p = NULL;
 if (state->tls_require_ciphers && *state->tls_require_ciphers)
   {
   if (!expand_check_tlsvar(tls_require_ciphers, errstr))
     return DEFER;
   if (state->exp_tls_require_ciphers && *state->exp_tls_require_ciphers)
     {
-    DEBUG(D_tls) debug_printf("GnuTLS session cipher/priority \"%s\"\n",
-        state->exp_tls_require_ciphers);
-
-    rc = gnutls_priority_init(&state->priority_cache,
-        CS state->exp_tls_require_ciphers, &errpos);
-    want_default_priorities = FALSE;
     p = state->exp_tls_require_ciphers;
+    DEBUG(D_tls) debug_printf("GnuTLS session cipher/priority \"%s\"\n", p);
     }
   }
-if (want_default_priorities)
+if (!p)
   {
+  p = exim_default_gnutls_priority;
   DEBUG(D_tls)
-    debug_printf("GnuTLS using default session cipher/priority \"%s\"\n",
-        exim_default_gnutls_priority);
-  rc = gnutls_priority_init(&state->priority_cache,
-      exim_default_gnutls_priority, &errpos);
-  p = US exim_default_gnutls_priority;
+    debug_printf("GnuTLS using default session cipher/priority \"%s\"\n", p);
   }
+rc = gnutls_priority_init(&state->priority_cache, CCS p, &errpos);
 
 exim_gnutls_err_check(rc, string_sprintf(
       "gnutls_priority_init(%s) failed at offset %ld, \"%.6s..\"",
diff --git a/src/transports/lmtp.c b/src/transports/lmtp.c
index 240d78b2..57b346d4 100644
--- a/src/transports/lmtp.c
+++ b/src/transports/lmtp.c
@@ -122,7 +122,8 @@ Arguments:
 Returns:       TRUE if a "QUIT" command should be sent, else FALSE
 */
 
-static BOOL check_response(int *errno_value, int more_errno, uschar *buffer,
+static BOOL
+check_response(int *errno_value, int more_errno, uschar *buffer,
   int *yield, uschar **message)
 {
 *yield = '4';    /* Default setting is to give a temporary error */
diff --git a/src/transports/smtp.c b/src/transports/smtp.c
index a351da84..bfd6018d 100644
--- a/src/transports/smtp.c
+++ b/src/transports/smtp.c
@@ -594,6 +594,11 @@ switch(*errno_value)
 	  pl, smtp_command, s);
     return FALSE;
 
+  case ERRNO_TLSFAILURE:	/* Handle bad first read; can happen with
+				GnuTLS and TLS1.3 */
+    *message = US"bad first read from TLS conn";
+    return TRUE;
+
   case ERRNO_FILTER_FAIL:	/* Handle a failed filter process error;
 			  can't send QUIT as we mustn't end the DATA. */
     *message = string_sprintf("transport filter process failed (%d)%s",
@@ -942,6 +947,7 @@ Arguments:
 
 Return:
  OK	all well
+ DEFER	error on first read of TLS'd conn
  FAIL	SMTP error in response
 */
 int
@@ -949,6 +955,7 @@ smtp_reap_early_pipe(smtp_context * sx, int * countp)
 {
 BOOL pending_BANNER = sx->pending_BANNER;
 BOOL pending_EHLO = sx->pending_EHLO;
+int rc = FAIL;
 
 sx->pending_BANNER = FALSE;	/* clear early to avoid recursion */
 sx->pending_EHLO = FALSE;
@@ -960,6 +967,7 @@ if (pending_BANNER)
   if (!smtp_reap_banner(sx))
     {
     DEBUG(D_transport) debug_printf("bad banner\n");
+    if (tls_out.active.sock >= 0) rc = DEFER;
     goto fail;
     }
   }
@@ -974,6 +982,7 @@ if (pending_EHLO)
   if (!smtp_reap_ehlo(sx))
     {
     DEBUG(D_transport) debug_printf("bad response for EHLO\n");
+    if (tls_out.active.sock >= 0) rc = DEFER;
     goto fail;
     }
 
@@ -1011,7 +1020,7 @@ return OK;
 fail:
   invalidate_ehlo_cache_entry(sx);
   (void) smtp_discard_responses(sx, sx->conn_args.ob, *countp);
-  return FAIL;
+  return rc;
 }
 #endif
 
@@ -1056,6 +1065,7 @@ Returns:      3 if at least one address had 2xx and one had 5xx
              -2 I/O or other non-response error for RCPT
              -3 DATA or MAIL failed - errno and buffer set
 	     -4 banner or EHLO failed (early-pipelining)
+	     -5 banner or EHLO failed (early-pipelining, TLS)
 */
 
 static int
@@ -1064,10 +1074,11 @@ sync_responses(smtp_context * sx, int count, int pending_DATA)
 address_item * addr = sx->sync_addr;
 smtp_transport_options_block * ob = sx->conn_args.ob;
 int yield = 0;
+int rc;
 
 #ifdef EXPERIMENTAL_PIPE_CONNECT
-if (smtp_reap_early_pipe(sx, &count) != OK)
-  return -4;
+if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
+  return rc == FAIL ? -4 : -5;
 #endif
 
 /* Handle the response for a MAIL command. On error, reinstate the original
@@ -1083,6 +1094,8 @@ if (sx->pending_MAIL)
     {
     DEBUG(D_transport) debug_printf("bad response for MAIL\n");
     Ustrcpy(big_buffer, mail_command);  /* Fits, because it came from there! */
+    if (errno == ERRNO_TLSFAILURE)
+      return -5;
     if (errno == 0 && sx->buffer[0] != 0)
       {
       int save_errno = 0;
@@ -1141,6 +1154,11 @@ while (count-- > 0)
       }
     }
 
+  /* Error on first TLS read */
+
+  else if (errno == ERRNO_TLSFAILURE)
+    return -5;
+
   /* Timeout while reading the response */
 
   else if (errno == ETIMEDOUT)
@@ -1253,6 +1271,10 @@ if (pending_DATA != 0)
     int code;
     uschar *msg;
     BOOL pass_message;
+
+    if (errno == ERRNO_TLSFAILURE)	/* Error on first TLS read */
+      return -5;
+
     if (pending_DATA > 0 || (yield & 1) != 0)
       {
       if (errno == 0 && sx->buffer[0] == '4')
@@ -1802,7 +1824,9 @@ Args:
    tc_chunk_last	add LAST option to SMTP BDAT command
    tc_reap_prev		reap response to previous SMTP commands
 
-Returns:	OK or ERROR
+Returns:
+  OK or ERROR
+  DEFER			TLS error on first read (EHLO-resp); errno set
 */
 
 static int
@@ -1859,10 +1883,12 @@ if (flags & tc_reap_prev  &&  prev_cmd_count > 0)
     case 2: sx->completed_addr = TRUE;	/* 5xx (only) => progress made */
     case 0: break;			/* No 2xx or 5xx, but no probs */
 
-    case -1:				/* Timeout on RCPT */
+    case -5: errno = ERRNO_TLSFAILURE;
+	     return DEFER;
 #ifdef EXPERIMENTAL_PIPE_CONNECT
     case -4:				/* non-2xx for pipelined banner or EHLO */
 #endif
+    case -1:				/* Timeout on RCPT */
     default: return ERROR;		/* I/O error, or any MAIL/DATA error */
     }
   cmd_count = 1;
@@ -1933,6 +1959,9 @@ BOOL pass_message = FALSE;
 uschar * message = NULL;
 int yield = OK;
 int rc;
+#ifdef SUPPORT_TLS
+uschar * tls_errstr;
+#endif
 
 sx->conn_args.ob = ob;
 
@@ -2474,27 +2503,27 @@ if (  smtp_peer_options & OPTION_TLS
   TLS_NEGOTIATE:
     {
     address_item * addr;
-    uschar * errstr;
     sx->cctx.tls_ctx = tls_client_start(sx->cctx.sock, sx->conn_args.host,
 			    sx->addrlist, sx->conn_args.tblock,
 # ifdef SUPPORT_DANE
 			     sx->dane ? &tlsa_dnsa : NULL,
 # endif
-			     &tls_out, &errstr);
+			     &tls_out, &tls_errstr);
 
     if (!sx->cctx.tls_ctx)
       {
       /* TLS negotiation failed; give an error. From outside, this function may
       be called again to try in clear on a new connection, if the options permit
       it for this host. */
-      DEBUG(D_tls) debug_printf("TLS session fail: %s\n", errstr);
+GNUTLS_CONN_FAILED:
+      DEBUG(D_tls) debug_printf("TLS session fail: %s\n", tls_errstr);
 
 # ifdef SUPPORT_DANE
       if (sx->dane)
         {
 	log_write(0, LOG_MAIN,
 	  "DANE attempt failed; TLS connection to %s [%s]: %s",
-	  sx->conn_args.host->name, sx->conn_args.host->address, errstr);
+	  sx->conn_args.host->name, sx->conn_args.host->address, tls_errstr);
 #  ifndef DISABLE_EVENT
 	(void) event_raise(sx->conn_args.tblock->event_action,
 	  US"dane:fail", US"validation-failure");	/* could do with better detail */
@@ -2503,7 +2532,7 @@ if (  smtp_peer_options & OPTION_TLS
 # endif
 
       errno = ERRNO_TLSFAILURE;
-      message = string_sprintf("TLS session: %s", errstr);
+      message = string_sprintf("TLS session: %s", tls_errstr);
       sx->send_quit = FALSE;
       goto TLS_FAILED;
       }
@@ -2601,7 +2630,22 @@ if (tls_out.active.sock >= 0)
 #endif
     {
     if (!smtp_reap_ehlo(sx))
+#ifdef USE_GNUTLS
+      {
+      /* The GnuTLS layer in Exim only spots a server-rejection of a client
+      cert late, under TLS1.3 - which means here; the first time we try to
+      receive crypted data.  Treat it as if it was a connect-time failure.
+      See also the early-pipe equivalent... which will be hard; every call
+      to sync_responses will need to check the result.
+      It would be nicer to have GnuTLS check the cert during the handshake.
+      Can it do that, with all the flexibility we need? */
+
+      tls_errstr = US"error on first read";
+      goto GNUTLS_CONN_FAILED;
+      }
+#else
       goto RESPONSE_FAILED;
+#endif
     smtp_peer_options = 0;
     }
   }
@@ -3261,6 +3305,7 @@ for (addr = sx->first_addr, address_count = 0;
 
 #ifdef EXPERIMENTAL_PIPE_CONNECT
       case -4: return -1;			/* non-2xx for pipelined banner or EHLO */
+      case -5: return -1;			/* TLS first-read error */
 #endif
       }
     sx->pending_MAIL = FALSE;            /* Dealt with MAIL */
@@ -3589,11 +3634,12 @@ if (  !(sx.peer_offered & OPTION_CHUNKING)
 
     case 1: sx.ok = TRUE;            /* 2xx (only) => OK, but if LMTP, */
     if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
-    case 0: break;                       /* No 2xx or 5xx, but no probs */
+    case 0: break;			/* No 2xx or 5xx, but no probs */
 
-    case -1: goto END_OFF;               /* Timeout on RCPT */
+    case -1: goto END_OFF;		/* Timeout on RCPT */
 
 #ifdef EXPERIMENTAL_PIPE_CONNECT
+    case -5:				/* TLS first-read error */
     case -4:  HDEBUG(D_transport)
 		debug_printf("failed reaping pipelined cmd responses\n");
 #endif
@@ -3730,19 +3776,20 @@ else
       {
       case 3: sx.ok = TRUE;            /* 2xx & 5xx => OK & progress made */
       case 2: sx.completed_addr = TRUE;    /* 5xx (only) => progress made */
-      break;
+	      break;
 
-      case 1: sx.ok = TRUE;            /* 2xx (only) => OK, but if LMTP, */
+      case 1: sx.ok = TRUE;		/* 2xx (only) => OK, but if LMTP, */
       if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
-      case 0: break;                       /* No 2xx or 5xx, but no probs */
+      case 0: break;			/* No 2xx or 5xx, but no probs */
 
-      case -1: goto END_OFF;               /* Timeout on RCPT */
+      case -1: goto END_OFF;		/* Timeout on RCPT */
 
 #ifdef EXPERIMENTAL_PIPE_CONNECT
+      case -5:				/* TLS first-read error */
       case -4:  HDEBUG(D_transport)
 		  debug_printf("failed reaping pipelined cmd responses\n");
 #endif
-      default: goto RESPONSE_FAILED;       /* I/O error, or any MAIL/DATA error */
+      default: goto RESPONSE_FAILED;	/* I/O error, or any MAIL/DATA error */
       }
     }
 
-- 
2.20.1
Commit	Line	Data
01e60269 AM	1	From c15523829ba17cce5829e2976aa1ff928965d948 Mon Sep 17 00:00:00 2001
	2	From: Jeremy Harris <jgh146exb@wizmail.org>
	3	Date: Sat, 16 Feb 2019 12:59:23 +0000
	4	Subject: [PATCH 7/7] GnuTLS: Fix client detection of server reject of client
	5	cert under TLS1.3
	6
	7	(cherry picked from commit fc243e944ec00b59b75f41d07494116f925d58b4)
	8	---
	9	doc/ChangeLog \| 7 +++
	10	src/deliver.c \| 2 +-
	11	src/smtp_out.c \| 10 +++--
	12	src/tls-gnu.c \| 23 +++-------
	13	src/transports/lmtp.c \| 3 +-
	14	src/transports/smtp.c \| 81 +++++++++++++++++++++++++++--------
	15	test/confs/2027 \| 8 ++--
	16	test/confs/5652 \| 1 +
	17	test/confs/5821 \| 2 +-
	18	test/log/2027 \| 2 +-
	19	test/runtest \| 14 ++++++
	20	test/scripts/2000-GnuTLS/2027 \| 2 +
	21	12 files changed, 111 insertions(+), 44 deletions(-)
	22
	23	diff --git a/doc/ChangeLog b/doc/ChangeLog
	24	index 66c8a7a1..867a1d8a 100644
	25	--- a/doc/ChangeLog
	26	+++ b/doc/ChangeLog
	27	@@ -11,6 +11,13 @@ Since version 4.92
	28	JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible
	29	buffer overrun for (non-chunking) other transports.
	30
	31	+JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
	32	+ TLS1.3, means that a server rejecting a client certificate is not visible
	33	+ to the client until the first read of encrypted data (typically the
	34	+ response to EHLO). Add detection for that case and treat it as a failed
	35	+ TLS connection attempt, so that the normal retry-in-clear can work (if
	36	+ suitably configured).
	37	+
	38
	39	Exim version 4.92
	40	-----------------
	41	diff --git a/src/deliver.c b/src/deliver.c
	42	index 664d0045..e1799411 100644
	43	--- a/src/deliver.c
	44	+++ b/src/deliver.c
	45	@@ -7433,7 +7433,7 @@ if (addr_senddsn)
	46
	47	tctx.u.fd = fd;
	48	tctx.options = topt_add_return_path \| topt_no_body;
	49	- /*XXX hmm, retval ignored.
	50	+ /*XXX hmm, FALSE(fail) retval ignored.
	51	Could error for any number of reasons, and they are not handled. */
	52	transport_write_message(&tctx, 0);
	53	fflush(f);
	54	diff --git a/src/smtp_out.c b/src/smtp_out.c
	55	index 9bd90c77..b194e804 100644
	56	--- a/src/smtp_out.c
	57	+++ b/src/smtp_out.c
	58	@@ -688,20 +688,22 @@ Returns: TRUE if a valid, non-error response was received; else FALSE
	59	/XXX could move to smtp transport; no other users /
	60
	61	BOOL
	62	-smtp_read_response(void * sx0, uschar *buffer, int size, int okdigit,
	63	+smtp_read_response(void * sx0, uschar * buffer, int size, int okdigit,
	64	int timeout)
65	{
66	smtp_context * sx = sx0;
67	-uschar *ptr = buffer;
68	-int count = 0;
69	+uschar * ptr = buffer;
70	+int count = 0, rc;
71
72	errno = 0; /* Ensure errno starts out zero */
73
74	#ifdef EXPERIMENTAL_PIPE_CONNECT
75	if (sx->pending_BANNER \|\| sx->pending_EHLO)
76	- if (smtp_reap_early_pipe(sx, &count) != OK)
77	+ if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
78	{
79	DEBUG(D_transport) debug_printf("failed reaping pipelined cmd responsess\n");
80	+ buffer[0] = '\0';
81	+ if (rc == DEFER) errno = ERRNO_TLSFAILURE;
82	return FALSE;
83	}
84	#endif
85	diff --git a/src/tls-gnu.c b/src/tls-gnu.c
86	index c404dc29..de2d70c0 100644
87	--- a/src/tls-gnu.c
88	+++ b/src/tls-gnu.c
89	@@ -229,7 +229,7 @@ static gnutls_dh_params_t dh_server_params = NULL;
90
91	static const int ssl_session_timeout = 200;
92
93	-static const char * const exim_default_gnutls_priority = "NORMAL";
94	+static const uschar * const exim_default_gnutls_priority = US"NORMAL";
95
96	/* Guard library core initialisation */
97
98	@@ -1278,7 +1278,6 @@ int rc;
99	size_t sz;
100	const char *errpos;
101	uschar *p;
102	-BOOL want_default_priorities;
103
104	if (!exim_gnutls_base_init_done)
105	{
106	@@ -1387,32 +1386,24 @@ and replaces gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols.
107	This was backwards incompatible, but means Exim no longer needs to track
108	all algorithms and provide string forms for them. */
109
110	-want_default_priorities = TRUE;
111	-
112	+p = NULL;
113	if (state->tls_require_ciphers && *state->tls_require_ciphers)
114	{
115	if (!expand_check_tlsvar(tls_require_ciphers, errstr))
116	return DEFER;
117	if (state->exp_tls_require_ciphers && *state->exp_tls_require_ciphers)
118	{
119	- DEBUG(D_tls) debug_printf("GnuTLS session cipher/priority \"%s\"\n",
120	- state->exp_tls_require_ciphers);
121	-
122	- rc = gnutls_priority_init(&state->priority_cache,
123	- CS state->exp_tls_require_ciphers, &errpos);
124	- want_default_priorities = FALSE;
125	p = state->exp_tls_require_ciphers;
126	+ DEBUG(D_tls) debug_printf("GnuTLS session cipher/priority \"%s\"\n", p);
127	}
128	}
129	-if (want_default_priorities)
130	+if (!p)
131	{
132	+ p = exim_default_gnutls_priority;
133	DEBUG(D_tls)
134	- debug_printf("GnuTLS using default session cipher/priority \"%s\"\n",
135	- exim_default_gnutls_priority);
136	- rc = gnutls_priority_init(&state->priority_cache,
137	- exim_default_gnutls_priority, &errpos);
138	- p = US exim_default_gnutls_priority;
139	+ debug_printf("GnuTLS using default session cipher/priority \"%s\"\n", p);
140	}
141	+rc = gnutls_priority_init(&state->priority_cache, CCS p, &errpos);
142
143	exim_gnutls_err_check(rc, string_sprintf(
144	"gnutls_priority_init(%s) failed at offset %ld, \"%.6s..\"",
145	diff --git a/src/transports/lmtp.c b/src/transports/lmtp.c
146	index 240d78b2..57b346d4 100644
147	--- a/src/transports/lmtp.c
148	+++ b/src/transports/lmtp.c
149	@@ -122,7 +122,8 @@ Arguments:
150	Returns: TRUE if a "QUIT" command should be sent, else FALSE
151	*/
152
153	-static BOOL check_response(int errno_value, int more_errno, uschar buffer,
154	+static BOOL
155	+check_response(int errno_value, int more_errno, uschar buffer,
156	int yield, uschar *message)
157	{
158	yield = '4'; / Default setting is to give a temporary error */
159	diff --git a/src/transports/smtp.c b/src/transports/smtp.c
160	index a351da84..bfd6018d 100644
161	--- a/src/transports/smtp.c
162	+++ b/src/transports/smtp.c
163	@@ -594,6 +594,11 @@ switch(*errno_value)
164	pl, smtp_command, s);
165	return FALSE;
166
167	+ case ERRNO_TLSFAILURE: /* Handle bad first read; can happen with
168	+ GnuTLS and TLS1.3 */
169	+ *message = US"bad first read from TLS conn";
170	+ return TRUE;
171	+
172	case ERRNO_FILTER_FAIL: /* Handle a failed filter process error;
173	can't send QUIT as we mustn't end the DATA. */
174	*message = string_sprintf("transport filter process failed (%d)%s",
175	@@ -942,6 +947,7 @@ Arguments:
176
177	Return:
178	OK all well
179	+ DEFER error on first read of TLS'd conn
180	FAIL SMTP error in response
181	*/
182	int
183	@@ -949,6 +955,7 @@ smtp_reap_early_pipe(smtp_context * sx, int * countp)
184	{
185	BOOL pending_BANNER = sx->pending_BANNER;
186	BOOL pending_EHLO = sx->pending_EHLO;
187	+int rc = FAIL;
188
189	sx->pending_BANNER = FALSE; /* clear early to avoid recursion */
190	sx->pending_EHLO = FALSE;
191	@@ -960,6 +967,7 @@ if (pending_BANNER)
192	if (!smtp_reap_banner(sx))
193	{
194	DEBUG(D_transport) debug_printf("bad banner\n");
195	+ if (tls_out.active.sock >= 0) rc = DEFER;
196	goto fail;
197	}
198	}
199	@@ -974,6 +982,7 @@ if (pending_EHLO)
200	if (!smtp_reap_ehlo(sx))
201	{
202	DEBUG(D_transport) debug_printf("bad response for EHLO\n");
203	+ if (tls_out.active.sock >= 0) rc = DEFER;
204	goto fail;
205	}
206
207	@@ -1011,7 +1020,7 @@ return OK;
208	fail:
209	invalidate_ehlo_cache_entry(sx);
210	(void) smtp_discard_responses(sx, sx->conn_args.ob, *countp);
211	- return FAIL;
212	+ return rc;
213	}
214	#endif
215
216	@@ -1056,6 +1065,7 @@ Returns: 3 if at least one address had 2xx and one had 5xx
217	-2 I/O or other non-response error for RCPT
218	-3 DATA or MAIL failed - errno and buffer set
219	-4 banner or EHLO failed (early-pipelining)
220	+ -5 banner or EHLO failed (early-pipelining, TLS)
221	*/
222
223	static int
224	@@ -1064,10 +1074,11 @@ sync_responses(smtp_context * sx, int count, int pending_DATA)
225	address_item * addr = sx->sync_addr;
226	smtp_transport_options_block * ob = sx->conn_args.ob;
227	int yield = 0;
228	+int rc;
229
230	#ifdef EXPERIMENTAL_PIPE_CONNECT
231	-if (smtp_reap_early_pipe(sx, &count) != OK)
232	- return -4;
233	+if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
234	+ return rc == FAIL ? -4 : -5;
235	#endif
236
237	/* Handle the response for a MAIL command. On error, reinstate the original
238	@@ -1083,6 +1094,8 @@ if (sx->pending_MAIL)
239	{
240	DEBUG(D_transport) debug_printf("bad response for MAIL\n");
241	Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
242	+ if (errno == ERRNO_TLSFAILURE)
243	+ return -5;
244	if (errno == 0 && sx->buffer[0] != 0)
245	{
246	int save_errno = 0;
247	@@ -1141,6 +1154,11 @@ while (count-- > 0)
248	}
249	}
250
251	+ /* Error on first TLS read */
252	+
253	+ else if (errno == ERRNO_TLSFAILURE)
254	+ return -5;
255	+
256	/* Timeout while reading the response */
257
258	else if (errno == ETIMEDOUT)
259	@@ -1253,6 +1271,10 @@ if (pending_DATA != 0)
260	int code;
261	uschar *msg;
262	BOOL pass_message;
263	+
264	+ if (errno == ERRNO_TLSFAILURE) /* Error on first TLS read */
265	+ return -5;
266	+
267	if (pending_DATA > 0 \|\| (yield & 1) != 0)
268	{
269	if (errno == 0 && sx->buffer[0] == '4')
270	@@ -1802,7 +1824,9 @@ Args:
271	tc_chunk_last add LAST option to SMTP BDAT command
272	tc_reap_prev reap response to previous SMTP commands
273
274	-Returns: OK or ERROR
275	+Returns:
276	+ OK or ERROR
277	+ DEFER TLS error on first read (EHLO-resp); errno set
278	*/
279
280	static int
281	@@ -1859,10 +1883,12 @@ if (flags & tc_reap_prev && prev_cmd_count > 0)
282	case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
283	case 0: break; /* No 2xx or 5xx, but no probs */
284
285	- case -1: /* Timeout on RCPT */
286	+ case -5: errno = ERRNO_TLSFAILURE;
287	+ return DEFER;
288	#ifdef EXPERIMENTAL_PIPE_CONNECT
289	case -4: /* non-2xx for pipelined banner or EHLO */
290	#endif
291	+ case -1: /* Timeout on RCPT */
292	default: return ERROR; /* I/O error, or any MAIL/DATA error */
293	}
294	cmd_count = 1;
295	@@ -1933,6 +1959,9 @@ BOOL pass_message = FALSE;
296	uschar * message = NULL;
297	int yield = OK;
298	int rc;
299	+#ifdef SUPPORT_TLS
300	+uschar * tls_errstr;
301	+#endif
302
303	sx->conn_args.ob = ob;
304
305	@@ -2474,27 +2503,27 @@ if ( smtp_peer_options & OPTION_TLS
306	TLS_NEGOTIATE:
307	{
308	address_item * addr;
309	- uschar * errstr;
310	sx->cctx.tls_ctx = tls_client_start(sx->cctx.sock, sx->conn_args.host,
311	sx->addrlist, sx->conn_args.tblock,
312	# ifdef SUPPORT_DANE
313	sx->dane ? &tlsa_dnsa : NULL,
314	# endif
315	- &tls_out, &errstr);
316	+ &tls_out, &tls_errstr);
317
318	if (!sx->cctx.tls_ctx)
319	{
320	/* TLS negotiation failed; give an error. From outside, this function may
321	be called again to try in clear on a new connection, if the options permit
322	it for this host. */
323	- DEBUG(D_tls) debug_printf("TLS session fail: %s\n", errstr);
324	+GNUTLS_CONN_FAILED:
325	+ DEBUG(D_tls) debug_printf("TLS session fail: %s\n", tls_errstr);
326
327	# ifdef SUPPORT_DANE
328	if (sx->dane)
329	{
330	log_write(0, LOG_MAIN,
331	"DANE attempt failed; TLS connection to %s [%s]: %s",
332	- sx->conn_args.host->name, sx->conn_args.host->address, errstr);
333	+ sx->conn_args.host->name, sx->conn_args.host->address, tls_errstr);
334	# ifndef DISABLE_EVENT
335	(void) event_raise(sx->conn_args.tblock->event_action,
336	US"dane:fail", US"validation-failure"); /* could do with better detail */
337	@@ -2503,7 +2532,7 @@ if ( smtp_peer_options & OPTION_TLS
338	# endif
339
340	errno = ERRNO_TLSFAILURE;
341	- message = string_sprintf("TLS session: %s", errstr);
342	+ message = string_sprintf("TLS session: %s", tls_errstr);
343	sx->send_quit = FALSE;
344	goto TLS_FAILED;
345	}
346	@@ -2601,7 +2630,22 @@ if (tls_out.active.sock >= 0)
347	#endif
348	{
349	if (!smtp_reap_ehlo(sx))
350	+#ifdef USE_GNUTLS
351	+ {
352	+ /* The GnuTLS layer in Exim only spots a server-rejection of a client
353	+ cert late, under TLS1.3 - which means here; the first time we try to
354	+ receive crypted data. Treat it as if it was a connect-time failure.
355	+ See also the early-pipe equivalent... which will be hard; every call
356	+ to sync_responses will need to check the result.
357	+ It would be nicer to have GnuTLS check the cert during the handshake.
358	+ Can it do that, with all the flexibility we need? */
359	+
360	+ tls_errstr = US"error on first read";
361	+ goto GNUTLS_CONN_FAILED;
362	+ }
363	+#else
364	goto RESPONSE_FAILED;
365	+#endif
366	smtp_peer_options = 0;
367	}
368	}
369	@@ -3261,6 +3305,7 @@ for (addr = sx->first_addr, address_count = 0;
370
371	#ifdef EXPERIMENTAL_PIPE_CONNECT
372	case -4: return -1; /* non-2xx for pipelined banner or EHLO */
373	+ case -5: return -1; /* TLS first-read error */
374	#endif
375	}
376	sx->pending_MAIL = FALSE; /* Dealt with MAIL */
377	@@ -3589,11 +3634,12 @@ if ( !(sx.peer_offered & OPTION_CHUNKING)
378
379	case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
380	if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
381	- case 0: break; /* No 2xx or 5xx, but no probs */
382	+ case 0: break; /* No 2xx or 5xx, but no probs */
383
384	- case -1: goto END_OFF; /* Timeout on RCPT */
385	+ case -1: goto END_OFF; /* Timeout on RCPT */
386
387	#ifdef EXPERIMENTAL_PIPE_CONNECT
388	+ case -5: /* TLS first-read error */
389	case -4: HDEBUG(D_transport)
390	debug_printf("failed reaping pipelined cmd responses\n");
391	#endif
392	@@ -3730,19 +3776,20 @@ else
393	{
394	case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */
395	case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */
396	- break;
397	+ break;
398
399	- case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
400	+ case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
401	if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
402	- case 0: break; /* No 2xx or 5xx, but no probs */
403	+ case 0: break; /* No 2xx or 5xx, but no probs */
404
405	- case -1: goto END_OFF; /* Timeout on RCPT */
406	+ case -1: goto END_OFF; /* Timeout on RCPT */
407
408	#ifdef EXPERIMENTAL_PIPE_CONNECT
409	+ case -5: /* TLS first-read error */
410	case -4: HDEBUG(D_transport)
411	debug_printf("failed reaping pipelined cmd responses\n");
412	#endif
413	- default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
414	+ default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
415	}
416	}
417
418	--
419	2.20.1
420