New Boost/OpenSSL versions
New Boost/OpenSSL versions
I have updated the code to use the latest Boost & OpenSSL-versions in Git.
The way you compile these two have changed, so I've updated the "Building OpenSSL" and "Building Boost"-sections here:
https://github.com/hmailserver/hmailserver/tree/5.6.8
The way you compile these two have changed, so I've updated the "Building OpenSSL" and "Building Boost"-sections here:
https://github.com/hmailserver/hmailserver/tree/5.6.8
Martin Knafve
Re: New Boost/OpenSSL versions
Martin,
The changes made to Server\Common\AntiSpam\DKIM\DKIM.cpp (commit 81171a4d9e) won't work with OpenSSL 1.0+ (create()/destroy() have been removed in OpenSSL 1.0). Use new()/free() instead.
See also https[://]www[.]openssl[.]org/docs/man1.1.1/man3/EVP_DigestInit.html.
The changes made to Server\Common\AntiSpam\DKIM\DKIM.cpp (commit 81171a4d9e) won't work with OpenSSL 1.0+ (create()/destroy() have been removed in OpenSSL 1.0). Use new()/free() instead.
See also https[://]www[.]openssl[.]org/docs/man1.1.1/man3/EVP_DigestInit.html.
Re: New Boost/OpenSSL versions
Just figured that evp.h (1.1.0/1.1.1) still has redefinitions for create()/destroy() in place so this still works.
Re: New Boost/OpenSSL versions
As far as i know OpenSSL was allways ISO C Language only compliant but release() and new() are C++ syntax elements. Are parts of the 1.1.x series now C++ coded as well?
Re: New Boost/OpenSSL versions
new()/free() just replace create()/destroy().
Re: New Boost/OpenSSL versions
I checked out the new commits from branch 5.6.8 and was able to build it with lots of Warnings
OpenSSL 1.1.1c + BOOST 1.70.0 Windows 64-Bit
There is a Debug/Test Installer (libmysql.dll for 64-Bit MySQL 5.27 already included) which works with MySQL 8.0 in version 5.x legacy mode.
Debug/Test build with ready to go InnoSetup Installer can be downloaded from my Github page:
Don't use InternalDB with this build, it fails! I only tested it for MySQL.
https://github.com/Dravion/hmailserver/releases
However, checking the configured SSL-Connection with a self signed SSL-Certificate shows there is something wrong.
The TLS-Connection always falls back to TLSv1.0 instead of TLSv1.2 or TLSv1.3.
See log:
openssl s_client -host smtp.dravionsrealm.net -port 25 -starttls smtp
Certificate chain
0 s:C = DE, ST = Baden Wuerttemberg, L = Freiburg im Breisgau, O = Dravions Realm Inc., OU = IT Department, CN = smtp.dravionsrealm.net
i:C = DE, ST = Baden Wuerttemberg, L = Freiburg, O = Dravionsrealm CA, OU = Security Department, CN = dravionsrealm.net, emailAddress = info@dravionsrealm.net
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: B84B3F4242279C3F8A64901359D00E15A2B41B70BB41390B7188B7E7487ACB4A
Session-ID-ctx:
Master-Key: 548F2BE50D4E77CBB07E590C3B485CCFADC4A9849C58866A111292357517313A59318DCB0C3A437FF940E2B342B1CEC4
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - fd 61 78 c6 68 2e a9 b9-9e e9 59 af 94 74 ce 11 .ax.h.....Y..t..
0010 - f3 8a f1 6d f6 da a6 63-e4 39 a1 a1 06 85 ba 49 ...m...c.9.....I
0020 - 7c cb 0d 7c 8a ce 9b 9f-ad 2f 1e 6e f1 17 8f a1 |..|...../.n....
0030 - 28 83 d7 1f 84 1b 8a 05-53 22 98 7d 9f 03 03 ca (.......S".}....
0040 - eb b7 4d a8 0b 0a 5b b4-6d ba 43 a5 64 09 69 9c ..M...[.m.C.d.i.
0050 - 50 3f 05 b9 27 35 c9 4f-4b 3b c3 e3 b2 e6 79 7a P?..'5.OK;....yz
0060 - 8f 1c 4e 7a 96 42 43 29-de 47 ba c7 1a ac 8d a0 ..Nz.BC).G......
0070 - e2 06 24 bf 70 fc 2e f0-c9 67 f9 3c b4 fe 4a 57 ..$.p....g.<..JW
0080 - 5f 60 8a 31 7f cb c6 d3-2e 81 38 80 70 ad f3 80 _`.1......8.p...
0090 - 50 26 3e d7 93 b8 df f3-ad 84 c6 84 0a e1 08 66 P&>............f
Start Time: 1565290480
Timeout : 7200 (sec)
Extended master secret: yes
---
250 HELP
hMailServer log with full logging enabled shows no Error what so ever.
OpenSSL 1.1.1c + BOOST 1.70.0 Windows 64-Bit
There is a Debug/Test Installer (libmysql.dll for 64-Bit MySQL 5.27 already included) which works with MySQL 8.0 in version 5.x legacy mode.
Debug/Test build with ready to go InnoSetup Installer can be downloaded from my Github page:
Don't use InternalDB with this build, it fails! I only tested it for MySQL.
https://github.com/Dravion/hmailserver/releases
However, checking the configured SSL-Connection with a self signed SSL-Certificate shows there is something wrong.
The TLS-Connection always falls back to TLSv1.0 instead of TLSv1.2 or TLSv1.3.
See log:
openssl s_client -host smtp.dravionsrealm.net -port 25 -starttls smtp
Certificate chain
0 s:C = DE, ST = Baden Wuerttemberg, L = Freiburg im Breisgau, O = Dravions Realm Inc., OU = IT Department, CN = smtp.dravionsrealm.net
i:C = DE, ST = Baden Wuerttemberg, L = Freiburg, O = Dravionsrealm CA, OU = Security Department, CN = dravionsrealm.net, emailAddress = info@dravionsrealm.net
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: B84B3F4242279C3F8A64901359D00E15A2B41B70BB41390B7188B7E7487ACB4A
Session-ID-ctx:
Master-Key: 548F2BE50D4E77CBB07E590C3B485CCFADC4A9849C58866A111292357517313A59318DCB0C3A437FF940E2B342B1CEC4
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - fd 61 78 c6 68 2e a9 b9-9e e9 59 af 94 74 ce 11 .ax.h.....Y..t..
0010 - f3 8a f1 6d f6 da a6 63-e4 39 a1 a1 06 85 ba 49 ...m...c.9.....I
0020 - 7c cb 0d 7c 8a ce 9b 9f-ad 2f 1e 6e f1 17 8f a1 |..|...../.n....
0030 - 28 83 d7 1f 84 1b 8a 05-53 22 98 7d 9f 03 03 ca (.......S".}....
0040 - eb b7 4d a8 0b 0a 5b b4-6d ba 43 a5 64 09 69 9c ..M...[.m.C.d.i.
0050 - 50 3f 05 b9 27 35 c9 4f-4b 3b c3 e3 b2 e6 79 7a P?..'5.OK;....yz
0060 - 8f 1c 4e 7a 96 42 43 29-de 47 ba c7 1a ac 8d a0 ..Nz.BC).G......
0070 - e2 06 24 bf 70 fc 2e f0-c9 67 f9 3c b4 fe 4a 57 ..$.p....g.<..JW
0080 - 5f 60 8a 31 7f cb c6 d3-2e 81 38 80 70 ad f3 80 _`.1......8.p...
0090 - 50 26 3e d7 93 b8 df f3-ad 84 c6 84 0a e1 08 66 P&>............f
Start Time: 1565290480
Timeout : 7200 (sec)
Extended master secret: yes
---
250 HELP
hMailServer log with full logging enabled shows no Error what so ever.
- Attachments
-
- hmailserver_2019-08-08.zip
- (7.67 KiB) Downloaded 506 times
Re: New Boost/OpenSSL versions
The 5.6.8-branch hasn't been updated to support x64. x64-support is being added in 5.7, which is currently in the master-branch. I had to do a lot of fixes (like >50) to get hMailServer x64-compatible and those are in the master branch - not in the 5.6.8-branch. You may be able to compile hMailServer in x64 on 5.6.8-branch (with a lot of warnings, as you say), but I would be surprised if much worked properly.
I have merged 5.6.8 into master now, so the latest 5.7-builds on the build server has x64 and latest OpenSSL/Boost.
I have merged 5.6.8 into master now, so the latest 5.7-builds on the build server has x64 and latest OpenSSL/Boost.
Martin Knafve
Re: New Boost/OpenSSL versions
Ok, i will fetch your comits from master tomorrow, run some tests and built a new Inno Test Installer.
PS: I found out Postgres headers and static libs can be quickly updated by installing Postgres 10 or higher and let VS pointing to it. It already has TLSv1.2 DB Connection security as default.
More recent MySQL headers and libs are a diffrent beast.
Since version 8.0 it requires to configure MySQL in Legacy
mode or hMail cant connect to it.
PS: I found out Postgres headers and static libs can be quickly updated by installing Postgres 10 or higher and let VS pointing to it. It already has TLSv1.2 DB Connection security as default.
More recent MySQL headers and libs are a diffrent beast.
Since version 8.0 it requires to configure MySQL in Legacy
mode or hMail cant connect to it.
Re: New Boost/OpenSSL versions
Okay. But you know there are already builds you can download from https://build.hmailserver.com/ right? Of course you can create your own builds, but I'm not sure I understand why?
Martin Knafve
Re: New Boost/OpenSSL versions
Because i am a Programmer and like to study the code. I have no Production need for hMailServer.martin wrote: ↑2019-08-09 12:51Okay. But you know there are already builds you can download from https://build.hmailserver.com/ right? Of course you can create your own builds, but I'm not sure I understand why?
It's about coding, improving and testing for me.
Re: New Boost/OpenSSL versions
@martin
Do you read comments made on commits?
https://github.com/hmailserver/hmailser ... 6#comments
Do you read comments made on commits?
https://github.com/hmailserver/hmailser ... 6#comments
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: New Boost/OpenSSL versions
Yeap. I fixed them now.
The errors.txt file is a bit silly actually. It's just a way to keep track of what error numbers have been used. It isn't actually used for anything during compilation/runtime.
The errors.txt file is a bit silly actually. It's just a way to keep track of what error numbers have been used. It isn't actually used for anything during compilation/runtime.
Martin Knafve
Re: New Boost/OpenSSL versions
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup