diff options
| -rw-r--r-- | doc/doc-txt/ChangeLog | 3 | ||||
| -rw-r--r-- | src/src/functions.h | 3 | ||||
| -rw-r--r-- | src/src/tls.c | 12 | ||||
| -rw-r--r-- | src/src/transports/smtp.c | 13 | ||||
| -rw-r--r-- | src/src/verify.c | 17 | ||||
| -rw-r--r-- | test/confs/3465 | 4 |
6 files changed, 29 insertions, 23 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index e41dc3e02..56ff713cb 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -82,6 +82,9 @@ TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly is a combined value of both the record presence and the result of the analysis. +JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455. + + Exim version 4.82 ----------------- diff --git a/src/src/functions.h b/src/src/functions.h index 0bd3d7267..be71345a1 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -45,7 +45,7 @@ extern void tls_version_report(FILE *); #ifndef USE_GNUTLS extern BOOL tls_openssl_options_parse(uschar *, long *); #endif -#endif +#endif /*SUPPORT_TLS*/ /* Everything else... */ @@ -374,6 +374,7 @@ extern int strncmpic(const uschar *, const uschar *, int); extern uschar *strstric(uschar *, uschar *, BOOL); extern uschar *tod_stamp(int); +extern void tls_modify_variables(tls_support *); extern BOOL transport_check_waiting(uschar *, uschar *, int, uschar *, BOOL *); extern void transport_init(void); diff --git a/src/src/tls.c b/src/src/tls.c index 0625c48b8..972785284 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -181,4 +181,16 @@ return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm; #endif /* SUPPORT_TLS */ +void +tls_modify_variables(tls_support * dest_tsp) +{ +modify_variable(US"tls_bits", &dest_tsp->bits); +modify_variable(US"tls_certificate_verified", &dest_tsp->certificate_verified); +modify_variable(US"tls_cipher", &dest_tsp->cipher); +modify_variable(US"tls_peerdn", &dest_tsp->peerdn); +#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS) +modify_variable(US"tls_sni", &dest_tsp->sni); +#endif +} + /* End of tls.c */ diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 16e5c022f..0aa95a448 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -1213,13 +1213,6 @@ outblock.authenticating = FALSE; /* Reset the parameters of a TLS session. */ -tls_in.bits = 0; -tls_in.cipher = NULL; /* for back-compatible behaviour */ -tls_in.peerdn = NULL; -#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS) -tls_in.sni = NULL; -#endif - tls_out.bits = 0; tls_out.cipher = NULL; /* the one we may use for this transport */ tls_out.peerdn = NULL; @@ -1227,6 +1220,12 @@ tls_out.peerdn = NULL; tls_out.sni = NULL; #endif +/* Flip the legacy TLS-related variables over to the outbound set in case +they're used in the context of the transport. Don't bother resetting +afterward as we're in a subprocess. */ + +tls_modify_variables(&tls_out); + #ifndef SUPPORT_TLS if (smtps) { diff --git a/src/src/verify.c b/src/src/verify.c index 8cc67f1b1..690bb8f01 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -1576,13 +1576,7 @@ if (address[0] == 0) return OK; they're used in the context of a transport used by verification. Reset them at exit from this routine. */ -modify_variable(US"tls_bits", &tls_out.bits); -modify_variable(US"tls_certificate_verified", &tls_out.certificate_verified); -modify_variable(US"tls_cipher", &tls_out.cipher); -modify_variable(US"tls_peerdn", &tls_out.peerdn); -#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS) -modify_variable(US"tls_sni", &tls_out.sni); -#endif +tls_modify_variables(&tls_out); /* Save a copy of the sender address for re-instating if we change it to <> while verifying a sender address (a nice bit of self-reference there). */ @@ -2041,14 +2035,7 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) the -bv or -bt case). */ out: - -modify_variable(US"tls_bits", &tls_in.bits); -modify_variable(US"tls_certificate_verified", &tls_in.certificate_verified); -modify_variable(US"tls_cipher", &tls_in.cipher); -modify_variable(US"tls_peerdn", &tls_in.peerdn); -#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS) -modify_variable(US"tls_sni", &tls_in.sni); -#endif +tls_modify_variables(&tls_in); return yield; } diff --git a/test/confs/3465 b/test/confs/3465 index 161fff526..83592a678 100644 --- a/test/confs/3465 +++ b/test/confs/3465 @@ -70,5 +70,9 @@ t1: hosts_require_auth = * allow_localhost + # These can be made visible by adding "-d-all+deliver+transport+tls" to the script 1st queuerun + headers_add = X-tls-cipher: <$tls_cipher> + headers_add = X-tls-out-cipher: <$tls_out_cipher> + # End |