New Boost/OpenSSL versions

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

New Boost/OpenSSL versions

Post by martin » 2019-08-03 21:38

I have updated the code to use the latest Boost & OpenSSL-versions in Git.

The way you compile these two have changed, so I've updated the "Building OpenSSL" and "Building Boost"-sections here:

https://github.com/hmailserver/hmailserver/tree/5.6.8
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

BeSmart
New user
New user
Posts: 7
Joined: 2019-05-21 10:26

Re: New Boost/OpenSSL versions

Post by BeSmart » 2019-08-06 12:06

Martin,

The changes made to Server\Common\AntiSpam\DKIM\DKIM.cpp (commit 81171a4d9e) won't work with OpenSSL 1.0+ (create()/destroy() have been removed in OpenSSL 1.0). Use new()/free() instead.

See also https[://]www[.]openssl[.]org/docs/man1.1.1/man3/EVP_DigestInit.html.

BeSmart
New user
New user
Posts: 7
Joined: 2019-05-21 10:26

Re: New Boost/OpenSSL versions

Post by BeSmart » 2019-08-06 13:08

Just figured that evp.h (1.1.0/1.1.1) still has redefinitions for create()/destroy() in place so this still works.

User avatar
Dravion
Senior user
Senior user
Posts: 1423
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: New Boost/OpenSSL versions

Post by Dravion » 2019-08-07 11:21

BeSmart wrote:
2019-08-06 13:08
Just figured that evp.h (1.1.0/1.1.1) still has redefinitions for create()/destroy() in place so this still works.
As far as i know OpenSSL was allways ISO C Language only compliant but release() and new() are C++ syntax elements. Are parts of the 1.1.x series now C++ coded as well?

BeSmart
New user
New user
Posts: 7
Joined: 2019-05-21 10:26

Re: New Boost/OpenSSL versions

Post by BeSmart » 2019-08-08 17:57

new()/free() just replace create()/destroy().

User avatar
Dravion
Senior user
Senior user
Posts: 1423
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: New Boost/OpenSSL versions

Post by Dravion » 2019-08-08 18:30

BeSmart wrote:
2019-08-08 17:57
new()/free() just replace create()/destroy().
That's not what i asked.

User avatar
Dravion
Senior user
Senior user
Posts: 1423
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: New Boost/OpenSSL versions

Post by Dravion » 2019-08-08 21:05

I checked out the new commits from branch 5.6.8 and was able to build it with lots of Warnings

OpenSSL 1.1.1c + BOOST 1.70.0 Windows 64-Bit

There is a Debug/Test Installer (libmysql.dll for 64-Bit MySQL 5.27 already included) which works with MySQL 8.0 in version 5.x legacy mode.
Debug/Test build with ready to go InnoSetup Installer can be downloaded from my Github page:

Don't use InternalDB with this build, it fails! I only tested it for MySQL.

https://github.com/Dravion/hmailserver/releases

TLSv1.3.png
However, checking the configured SSL-Connection with a self signed SSL-Certificate shows there is something wrong.
The TLS-Connection always falls back to TLSv1.0 instead of TLSv1.2 or TLSv1.3.

See log:
openssl s_client -host smtp.dravionsrealm.net -port 25 -starttls smtp

Certificate chain
0 s:C = DE, ST = Baden Wuerttemberg, L = Freiburg im Breisgau, O = Dravions Realm Inc., OU = IT Department, CN = smtp.dravionsrealm.net
i:C = DE, ST = Baden Wuerttemberg, L = Freiburg, O = Dravionsrealm CA, OU = Security Department, CN = dravionsrealm.net, emailAddress = info@dravionsrealm.net

SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: B84B3F4242279C3F8A64901359D00E15A2B41B70BB41390B7188B7E7487ACB4A
Session-ID-ctx:
Master-Key: 548F2BE50D4E77CBB07E590C3B485CCFADC4A9849C58866A111292357517313A59318DCB0C3A437FF940E2B342B1CEC4
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - fd 61 78 c6 68 2e a9 b9-9e e9 59 af 94 74 ce 11 .ax.h.....Y..t..
0010 - f3 8a f1 6d f6 da a6 63-e4 39 a1 a1 06 85 ba 49 ...m...c.9.....I
0020 - 7c cb 0d 7c 8a ce 9b 9f-ad 2f 1e 6e f1 17 8f a1 |..|...../.n....
0030 - 28 83 d7 1f 84 1b 8a 05-53 22 98 7d 9f 03 03 ca (.......S".}....
0040 - eb b7 4d a8 0b 0a 5b b4-6d ba 43 a5 64 09 69 9c ..M...[.m.C.d.i.
0050 - 50 3f 05 b9 27 35 c9 4f-4b 3b c3 e3 b2 e6 79 7a P?..'5.OK;....yz
0060 - 8f 1c 4e 7a 96 42 43 29-de 47 ba c7 1a ac 8d a0 ..Nz.BC).G......
0070 - e2 06 24 bf 70 fc 2e f0-c9 67 f9 3c b4 fe 4a 57 ..$.p....g.<..JW
0080 - 5f 60 8a 31 7f cb c6 d3-2e 81 38 80 70 ad f3 80 _`.1......8.p...
0090 - 50 26 3e d7 93 b8 df f3-ad 84 c6 84 0a e1 08 66 P&>............f

Start Time: 1565290480
Timeout : 7200 (sec)
Extended master secret: yes
---
250 HELP

hMailServer log with full logging enabled shows no Error what so ever.
Attachments
hmailserver_2019-08-08.zip
(7.67 KiB) Downloaded 10 times

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: New Boost/OpenSSL versions

Post by martin » 2019-08-08 22:07

The 5.6.8-branch hasn't been updated to support x64. x64-support is being added in 5.7, which is currently in the master-branch. I had to do a lot of fixes (like >50) to get hMailServer x64-compatible and those are in the master branch - not in the 5.6.8-branch. You may be able to compile hMailServer in x64 on 5.6.8-branch (with a lot of warnings, as you say), but I would be surprised if much worked properly.

I have merged 5.6.8 into master now, so the latest 5.7-builds on the build server has x64 and latest OpenSSL/Boost.
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

User avatar
Dravion
Senior user
Senior user
Posts: 1423
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: New Boost/OpenSSL versions

Post by Dravion » 2019-08-08 22:34

Ok, i will fetch your comits from master tomorrow, run some tests and built a new Inno Test Installer.

PS: I found out Postgres headers and static libs can be quickly updated by installing Postgres 10 or higher and let VS pointing to it. It already has TLSv1.2 DB Connection security as default.

More recent MySQL headers and libs are a diffrent beast.
Since version 8.0 it requires to configure MySQL in Legacy
mode or hMail cant connect to it.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: New Boost/OpenSSL versions

Post by martin » 2019-08-09 12:51

Okay. But you know there are already builds you can download from https://build.hmailserver.com/ right? Of course you can create your own builds, but I'm not sure I understand why?
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

User avatar
Dravion
Senior user
Senior user
Posts: 1423
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: New Boost/OpenSSL versions

Post by Dravion » 2019-08-09 13:40

martin wrote:
2019-08-09 12:51
Okay. But you know there are already builds you can download from https://build.hmailserver.com/ right? Of course you can create your own builds, but I'm not sure I understand why?
Because i am a Programmer and like to study the code. I have no Production need for hMailServer.
It's about coding, improving and testing for me.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: New Boost/OpenSSL versions

Post by martin » 2019-08-09 13:55

Alright, then it makes sense :)
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

User avatar
RvdH
Senior user
Senior user
Posts: 797
Joined: 2008-06-27 14:42
Location: Netherlands

Re: New Boost/OpenSSL versions

Post by RvdH » 2019-08-09 15:36

@martin

Do you read comments made on commits?
https://github.com/hmailserver/hmailser ... 6#comments
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: New Boost/OpenSSL versions

Post by martin » 2019-08-09 16:48

Yeap. I fixed them now.

The errors.txt file is a bit silly actually. It's just a way to keep track of what error numbers have been used. It isn't actually used for anything during compilation/runtime.
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

User avatar
RvdH
Senior user
Senior user
Posts: 797
Joined: 2008-06-27 14:42
Location: Netherlands

Re: New Boost/OpenSSL versions

Post by RvdH » 2019-08-09 17:14

👍
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

Post Reply