diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/deliver.c | 21 | ||||
| -rw-r--r-- | src/src/tls-gnu.c | 19 | ||||
| -rw-r--r-- | src/src/verify.c | 4 |
3 files changed, 29 insertions, 15 deletions
diff --git a/src/src/deliver.c b/src/src/deliver.c index 2ee69d37e..c6339c62f 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -2988,16 +2988,15 @@ while (!done) to get all available data from pipe. unfinished has to be true as well. */ if (remaining < required) + { if (unfinished) continue; - else - { - msg = string_sprintf("failed to read pipe from transport process " - "%d for transport %s: required size=%d > remaining size=%d and unfinished=false", - pid, addr->transport->driver_name, required, remaining); - done = TRUE; - break; - } + msg = string_sprintf("failed to read pipe from transport process " + "%d for transport %s: required size=%d > remaining size=%d and unfinished=false", + pid, addr->transport->driver_name, required, remaining); + done = TRUE; + break; + } /* step behind the header */ ptr += PIPE_HEADER_SIZE; @@ -3703,7 +3702,7 @@ if (size > 99999) /* two write() calls would increase the complexity of reading from pipe */ /* convert size to human readable string prepended by id and subid */ -header_length = snprintf(writebuffer, PIPE_HEADER_SIZE+1, "%c%c%05d", id, subid, size); +header_length = snprintf(CS writebuffer, PIPE_HEADER_SIZE+1, "%c%c%05d", id, subid, size); if (header_length != PIPE_HEADER_SIZE) { log_write(0, LOG_MAIN|LOG_PANIC_DIE, "header snprintf failed\n"); @@ -4342,9 +4341,9 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) #ifndef DISABLE_PRDR if (addr->flags & af_prdr_used) rmt_dlv_checked_write(fd, 'P', '0', NULL, 0); - #endif +#endif - #ifdef EXPERIMENTAL_DSN +#ifdef EXPERIMENTAL_DSN memcpy(big_buffer, &addr->dsn_aware, sizeof(addr->dsn_aware)); rmt_dlv_checked_write(fd, 'D', '0', big_buffer, sizeof(addr->dsn_aware)); DEBUG(D_deliver) debug_printf("DSN write: addr->dsn_aware = %d\n", addr->dsn_aware); diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 3043e3abc..14cdd12d4 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -51,6 +51,11 @@ require current GnuTLS, then we'll drop support for the ancient libraries). # warning "GnuTLS library version too old; TPDA tls:cert event unsupported" # undef EXPERIMENTAL_TPDA #endif +#if GNUTLS_VERSION_NUMBER >= 0x030306 +# define SUPPORT_CA_DIR +#else +# undef SUPPORT_CA_DIR +#endif #ifndef DISABLE_OCSP # include <gnutls/ocsp.h> @@ -884,6 +889,7 @@ if (Ustat(state->exp_tls_verify_certificates, &statbuf) < 0) return DEFER; } +#ifndef SUPPORT_CA_DIR /* The test suite passes in /dev/null; we could check for that path explicitly, but who knows if someone has some weird FIFO which always dumps some certs, or other weirdness. The thing we really want to check is that it's not a @@ -899,6 +905,7 @@ if (S_ISDIR(statbuf.st_mode)) state->exp_tls_verify_certificates); return DEFER; } +#endif DEBUG(D_tls) debug_printf("verify certificates = %s size=" OFF_T_FMT "\n", state->exp_tls_verify_certificates, statbuf.st_size); @@ -910,8 +917,18 @@ if (statbuf.st_size == 0) return OK; } -cert_count = gnutls_certificate_set_x509_trust_file(state->x509_cred, +cert_count = + +#ifdef SUPPORT_CA_DIR + (statbuf.st_mode & S_IFMT) == S_IFDIR + ? + gnutls_certificate_set_x509_trust_dir(state->x509_cred, + CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM) + : +#endif + gnutls_certificate_set_x509_trust_file(state->x509_cred, CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM); + if (cert_count < 0) { rc = cert_count; diff --git a/src/src/verify.c b/src/src/verify.c index c25e6e257..29d7b1328 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -1044,9 +1044,7 @@ else cutthrough_addr = *addr; /* Save the address_item for later logging */ cutthrough_addr.next = NULL; cutthrough_addr.host_used = store_get(sizeof(host_item)); - cutthrough_addr.host_used->name = host->name; - cutthrough_addr.host_used->address = host->address; - cutthrough_addr.host_used->port = port; + *(cutthrough_addr.host_used) = *host; if (addr->parent) *(cutthrough_addr.parent = store_get(sizeof(address_item)))= *addr->parent; ctblock.buffer = ctbuffer; |