Page 1 of 1

New Boost/OpenSSL versions

Posted: 2019-08-03 21:38
by martin
I have updated the code to use the latest Boost & OpenSSL-versions in Git.

The way you compile these two have changed, so I've updated the "Building OpenSSL" and "Building Boost"-sections here:

https://github.com/hmailserver/hmailserver/tree/5.6.8

Re: New Boost/OpenSSL versions

Posted: 2019-08-06 12:06
by BeSmart
Martin,

The changes made to Server\Common\AntiSpam\DKIM\DKIM.cpp (commit 81171a4d9e) won't work with OpenSSL 1.0+ (create()/destroy() have been removed in OpenSSL 1.0). Use new()/free() instead.

See also https[://]www[.]openssl[.]org/docs/man1.1.1/man3/EVP_DigestInit.html.

Re: New Boost/OpenSSL versions

Posted: 2019-08-06 13:08
by BeSmart
Just figured that evp.h (1.1.0/1.1.1) still has redefinitions for create()/destroy() in place so this still works.

Re: New Boost/OpenSSL versions

Posted: 2019-08-07 11:21
by Dravion
BeSmart wrote:
2019-08-06 13:08
Just figured that evp.h (1.1.0/1.1.1) still has redefinitions for create()/destroy() in place so this still works.
As far as i know OpenSSL was allways ISO C Language only compliant but release() and new() are C++ syntax elements. Are parts of the 1.1.x series now C++ coded as well?

Re: New Boost/OpenSSL versions

Posted: 2019-08-08 17:57
by BeSmart
new()/free() just replace create()/destroy().

Re: New Boost/OpenSSL versions

Posted: 2019-08-08 18:30
by Dravion
BeSmart wrote:
2019-08-08 17:57
new()/free() just replace create()/destroy().
That's not what i asked.

Re: New Boost/OpenSSL versions

Posted: 2019-08-08 21:05
by Dravion
I checked out the new commits from branch 5.6.8 and was able to build it with lots of Warnings

OpenSSL 1.1.1c + BOOST 1.70.0 Windows 64-Bit

There is a Debug/Test Installer (libmysql.dll for 64-Bit MySQL 5.27 already included) which works with MySQL 8.0 in version 5.x legacy mode.
Debug/Test build with ready to go InnoSetup Installer can be downloaded from my Github page:

Don't use InternalDB with this build, it fails! I only tested it for MySQL.

https://github.com/Dravion/hmailserver/releases

TLSv1.3.png
However, checking the configured SSL-Connection with a self signed SSL-Certificate shows there is something wrong.
The TLS-Connection always falls back to TLSv1.0 instead of TLSv1.2 or TLSv1.3.

See log:
openssl s_client -host smtp.dravionsrealm.net -port 25 -starttls smtp

Certificate chain
0 s:C = DE, ST = Baden Wuerttemberg, L = Freiburg im Breisgau, O = Dravions Realm Inc., OU = IT Department, CN = smtp.dravionsrealm.net
i:C = DE, ST = Baden Wuerttemberg, L = Freiburg, O = Dravionsrealm CA, OU = Security Department, CN = dravionsrealm.net, emailAddress = info@dravionsrealm.net

SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: B84B3F4242279C3F8A64901359D00E15A2B41B70BB41390B7188B7E7487ACB4A
Session-ID-ctx:
Master-Key: 548F2BE50D4E77CBB07E590C3B485CCFADC4A9849C58866A111292357517313A59318DCB0C3A437FF940E2B342B1CEC4
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - fd 61 78 c6 68 2e a9 b9-9e e9 59 af 94 74 ce 11 .ax.h.....Y..t..
0010 - f3 8a f1 6d f6 da a6 63-e4 39 a1 a1 06 85 ba 49 ...m...c.9.....I
0020 - 7c cb 0d 7c 8a ce 9b 9f-ad 2f 1e 6e f1 17 8f a1 |..|...../.n....
0030 - 28 83 d7 1f 84 1b 8a 05-53 22 98 7d 9f 03 03 ca (.......S".}....
0040 - eb b7 4d a8 0b 0a 5b b4-6d ba 43 a5 64 09 69 9c ..M...[.m.C.d.i.
0050 - 50 3f 05 b9 27 35 c9 4f-4b 3b c3 e3 b2 e6 79 7a P?..'5.OK;....yz
0060 - 8f 1c 4e 7a 96 42 43 29-de 47 ba c7 1a ac 8d a0 ..Nz.BC).G......
0070 - e2 06 24 bf 70 fc 2e f0-c9 67 f9 3c b4 fe 4a 57 ..$.p....g.<..JW
0080 - 5f 60 8a 31 7f cb c6 d3-2e 81 38 80 70 ad f3 80 _`.1......8.p...
0090 - 50 26 3e d7 93 b8 df f3-ad 84 c6 84 0a e1 08 66 P&>............f

Start Time: 1565290480
Timeout : 7200 (sec)
Extended master secret: yes
---
250 HELP

hMailServer log with full logging enabled shows no Error what so ever.

Re: New Boost/OpenSSL versions

Posted: 2019-08-08 22:07
by martin
The 5.6.8-branch hasn't been updated to support x64. x64-support is being added in 5.7, which is currently in the master-branch. I had to do a lot of fixes (like >50) to get hMailServer x64-compatible and those are in the master branch - not in the 5.6.8-branch. You may be able to compile hMailServer in x64 on 5.6.8-branch (with a lot of warnings, as you say), but I would be surprised if much worked properly.

I have merged 5.6.8 into master now, so the latest 5.7-builds on the build server has x64 and latest OpenSSL/Boost.

Re: New Boost/OpenSSL versions

Posted: 2019-08-08 22:34
by Dravion
Ok, i will fetch your comits from master tomorrow, run some tests and built a new Inno Test Installer.

PS: I found out Postgres headers and static libs can be quickly updated by installing Postgres 10 or higher and let VS pointing to it. It already has TLSv1.2 DB Connection security as default.

More recent MySQL headers and libs are a diffrent beast.
Since version 8.0 it requires to configure MySQL in Legacy
mode or hMail cant connect to it.

Re: New Boost/OpenSSL versions

Posted: 2019-08-09 12:51
by martin
Okay. But you know there are already builds you can download from https://build.hmailserver.com/ right? Of course you can create your own builds, but I'm not sure I understand why?

Re: New Boost/OpenSSL versions

Posted: 2019-08-09 13:40
by Dravion
martin wrote:
2019-08-09 12:51
Okay. But you know there are already builds you can download from https://build.hmailserver.com/ right? Of course you can create your own builds, but I'm not sure I understand why?
Because i am a Programmer and like to study the code. I have no Production need for hMailServer.
It's about coding, improving and testing for me.

Re: New Boost/OpenSSL versions

Posted: 2019-08-09 13:55
by martin
Alright, then it makes sense :)

Re: New Boost/OpenSSL versions

Posted: 2019-08-09 15:36
by RvdH
@martin

Do you read comments made on commits?
https://github.com/hmailserver/hmailser ... 6#comments

Re: New Boost/OpenSSL versions

Posted: 2019-08-09 16:48
by martin
Yeap. I fixed them now.

The errors.txt file is a bit silly actually. It's just a way to keep track of what error numbers have been used. It isn't actually used for anything during compilation/runtime.

Re: New Boost/OpenSSL versions

Posted: 2019-08-09 17:14
by RvdH
👍