diff options
-rw-r--r-- | src/src/lookups/lf_check_file.c | 7 | ||||
-rw-r--r-- | src/src/tls-gnu.c | 32 | ||||
-rw-r--r-- | src/src/tls-openssl.c | 2 | ||||
-rw-r--r-- | src/src/verify.c | 2 |
4 files changed, 23 insertions, 20 deletions
diff --git a/src/src/lookups/lf_check_file.c b/src/src/lookups/lf_check_file.c index 5c74816ef..c4c05e44d 100644 --- a/src/src/lookups/lf_check_file.c +++ b/src/src/lookups/lf_check_file.c @@ -45,8 +45,7 @@ lf_check_file(int fd, const uschar * filename, int s_type, int modemask, { struct stat statbuf; -if ((fd >= 0 && fstat(fd, &statbuf) != 0) || - (fd < 0 && Ustat(filename, &statbuf) != 0)) +if ((fd < 0 ? Ustat(filename, &statbuf) : fstat(fd, &statbuf)) != 0) { int save_errno = errno; *errmsg = string_sprintf("%s: stat failed", filename); @@ -80,7 +79,7 @@ if ((statbuf.st_mode & modemask) != 0) return +1; } -if (owners != NULL) +if (owners) { BOOL uid_ok = FALSE; for (int i = 1; i <= (int)owners[0]; i++) @@ -94,7 +93,7 @@ if (owners != NULL) } } -if (owngroups != NULL) +if (owngroups) { BOOL gid_ok = FALSE; for (int i = 1; i <= (int)owngroups[0]; i++) diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 703a0a4ca..69387a3a7 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -2743,25 +2743,25 @@ exim_gnutls_state_st * state = gnutls_session_get_ptr(session); if ((cert_list = gnutls_certificate_get_peers(session, &cert_list_size))) while (cert_list_size--) - { - if ((rc = import_cert(&cert_list[cert_list_size], &crt)) != GNUTLS_E_SUCCESS) { - DEBUG(D_tls) debug_printf("TLS: peer cert problem: depth %d: %s\n", - cert_list_size, gnutls_strerror(rc)); - break; - } + if ((rc = import_cert(&cert_list[cert_list_size], &crt)) != GNUTLS_E_SUCCESS) + { + DEBUG(D_tls) debug_printf("TLS: peer cert problem: depth %d: %s\n", + cert_list_size, gnutls_strerror(rc)); + break; + } - state->tlsp->peercert = crt; - if ((yield = event_raise(state->event_action, - US"tls:cert", string_sprintf("%d", cert_list_size), &errno))) - { - log_write(0, LOG_MAIN, - "SSL verify denied by event-action: depth=%d: %s", - cert_list_size, yield); - return 1; /* reject */ + state->tlsp->peercert = crt; + if ((yield = event_raise(state->event_action, + US"tls:cert", string_sprintf("%d", cert_list_size), &errno))) + { + log_write(0, LOG_MAIN, + "SSL verify denied by event-action: depth=%d: %s", + cert_list_size, yield); + return 1; /* reject */ + } + state->tlsp->peercert = NULL; } - state->tlsp->peercert = NULL; - } return 0; } diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 2b3f02712..eabe34f31 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -2530,6 +2530,8 @@ if (!(bs = OCSP_response_get1_basic(rsp))) DEBUG(D_tls) bp = BIO_new(BIO_s_mem()); /* Use the CA & chain that verified the server cert to verify the stapled info */ + /*XXX could we do an event here, for observability of ocsp? What reasonable data could we give access to? */ + /* Dates would be a start. Do we need another opaque variable type, as for certs, plus an extract expansion? */ { /* If this routine is not available, we've avoided [in tls_client_start()] diff --git a/src/src/verify.c b/src/src/verify.c index 0ca096130..125df8d91 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -1056,6 +1056,8 @@ no_conn: HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n"); } #ifndef DISABLE_DKIM + /* DKIM signing needs to add a header after seeing the whole body, so we cannot just copy + body bytes to the outbound as they are received, which is the intent of cutthrough. */ if (ob->dkim.dkim_domain) { cutthrough.delivery= FALSE; |