summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2018-04-13 18:51:23 -0400
committerPhil Pennock <pdp@exim.org>2018-04-13 18:51:23 -0400
commit8768e274c2470c6b7b99cffac768436557e5f52d (patch)
treea000656ac295eeb45638bb58c355d0221daf1375
parentbcea87a207ba5eeaf16173ad120cdc308399aff0 (diff)
DKIM downgrade example again; this time debugged
As well as previous commit's `len_3` -> `length_3`, we were missing braces around the expansion operator, resulting in trying to dereference an unknown variable `$length_3`, and we were missing the outer braces from the `or` expansion condition. We really need a better way to test ACL expansion without a full harness. :( This bug-fixed version is now running on my system.
-rw-r--r--doc/doc-docbook/spec.xfpt14
1 files changed, 7 insertions, 7 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index dfe84c33d..2de41c606 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -39221,13 +39221,13 @@ This variable can be overwritten using an ACL 'set' modifier.
This might, for instance, be done to enforce a policy restriction on
hash-method or key-size:
.code
- warn condition = ${if eq {$dkim_verify_status}{pass}}
- condition = ${if eq {$length_3:$dkim_algo}{rsa}}
- condition = ${if or {eq {$dkim_algo}{rsa-sha1}} \
- {< {$dkim_key_length}{1024}} }
- logwrite = NOTE: forcing dkim verify fail (was pass)
- set dkim_verify_status = fail
- set dkim_verify_reason = hash too weak or key too short
+ warn condition = ${if eq {$dkim_verify_status}{pass}}
+ condition = ${if eq {${length_3:$dkim_algo}}{rsa}}
+ condition = ${if or {{eq {$dkim_algo}{rsa-sha1}} \
+ {< {$dkim_key_length}{1024}}}}
+ logwrite = NOTE: forcing DKIM verify fail (was pass)
+ set dkim_verify_status = fail
+ set dkim_verify_reason = hash too weak or key too short
.endd
After all the DKIM ACL runs have completed, the value becomes a