diff options
author | Phil Pennock <pdp@exim.org> | 2018-04-13 18:51:23 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2018-04-13 18:51:23 -0400 |
commit | 8768e274c2470c6b7b99cffac768436557e5f52d (patch) | |
tree | a000656ac295eeb45638bb58c355d0221daf1375 | |
parent | bcea87a207ba5eeaf16173ad120cdc308399aff0 (diff) |
DKIM downgrade example again; this time debugged
As well as previous commit's `len_3` -> `length_3`, we were missing
braces around the expansion operator, resulting in trying to dereference
an unknown variable `$length_3`, and we were missing the outer braces
from the `or` expansion condition.
We really need a better way to test ACL expansion without a full harness. :(
This bug-fixed version is now running on my system.
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index dfe84c33d..2de41c606 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -39221,13 +39221,13 @@ This variable can be overwritten using an ACL 'set' modifier. This might, for instance, be done to enforce a policy restriction on hash-method or key-size: .code - warn condition = ${if eq {$dkim_verify_status}{pass}} - condition = ${if eq {$length_3:$dkim_algo}{rsa}} - condition = ${if or {eq {$dkim_algo}{rsa-sha1}} \ - {< {$dkim_key_length}{1024}} } - logwrite = NOTE: forcing dkim verify fail (was pass) - set dkim_verify_status = fail - set dkim_verify_reason = hash too weak or key too short + warn condition = ${if eq {$dkim_verify_status}{pass}} + condition = ${if eq {${length_3:$dkim_algo}}{rsa}} + condition = ${if or {{eq {$dkim_algo}{rsa-sha1}} \ + {< {$dkim_key_length}{1024}}}} + logwrite = NOTE: forcing DKIM verify fail (was pass) + set dkim_verify_status = fail + set dkim_verify_reason = hash too weak or key too short .endd After all the DKIM ACL runs have completed, the value becomes a |