summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/src/dane-openssl.c8
-rw-r--r--src/src/deliver.c2
-rw-r--r--src/src/expand.c4
-rw-r--r--src/src/globals.c6
-rw-r--r--src/src/spool_in.c2
-rw-r--r--src/src/tls-openssl.c6
6 files changed, 22 insertions, 6 deletions
diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index 2430d475f..6345b39ca 100644
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -202,9 +202,9 @@ for(matched = 0; !matched && slist; slist = slist->next)
{
dane_mtype_list m;
unsigned char mdbuf[EVP_MAX_MD_SIZE];
- unsigned char *buf;
+ unsigned char *buf = NULL;
unsigned char *buf2;
- unsigned int len;
+ unsigned int len = 0;
/*
* Extract ASN.1 DER form of certificate or public key.
@@ -679,6 +679,7 @@ int matched;
matched = match(dane->selectors[SSL_DANE_USAGE_FIXED_LEAF], cert, 0);
if(matched > 0)
if(!ctx->chain)
+ {
if( (ctx->chain = sk_X509_new_null())
&& sk_X509_push(ctx->chain, cert))
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
@@ -687,6 +688,7 @@ if(matched > 0)
DANEerr(DANE_F_CHECK_END_ENTITY, ERR_R_MALLOC_FAILURE);
return -1;
}
+ }
return matched;
}
@@ -714,12 +716,14 @@ for(hosts = dane->hosts; hosts; hosts = hosts->next)
* Sub-domain match: certid is any sub-domain of hostname.
*/
if(match_subdomain)
+ {
if( (idlen = strlen(certid)) > (domlen = strlen(domain)) + 1
&& certid[idlen - domlen - 1] == '.'
&& !strcasecmp(certid + (idlen - domlen), domain))
return 1;
else
continue;
+ }
/*
* Exact match and initial "*" match. The initial "*" in a certid
diff --git a/src/src/deliver.c b/src/src/deliver.c
index 86deceb76..ab0815ed4 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -7001,12 +7001,14 @@ wording. */
{
struct stat statbuf;
if (fstat(deliver_datafile, &statbuf) == 0 && statbuf.st_size > max)
+ {
if (emf_text)
fprintf(f, "%s", CS emf_text);
else
fprintf(f,
"------ The body of the message is " OFF_T_FMT " characters long; only the first\n"
"------ %d or so are included here.\n", statbuf.st_size, max);
+ }
}
fputc('\n', f);
diff --git a/src/src/expand.c b/src/src/expand.c
index 70d7c7d2f..e5af63d89 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -6368,14 +6368,14 @@ while (*s != 0)
case EOP_UTF8CLEAN:
{
- int seq_len, index = 0;
+ int seq_len = 0, index = 0;
int bytes_left = 0;
uschar seq_buff[4]; /* accumulate utf-8 here */
while (*sub != 0)
{
int complete;
- long codepoint;
+ long codepoint = 0;
uschar c;
complete = 0;
diff --git a/src/src/globals.c b/src/src/globals.c
index 7d4ab63a1..d09903d65 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -103,6 +103,9 @@ tls_support tls_in = {
-1, /* tls_active */
0, /* tls_bits */
FALSE,/* tls_certificate_verified */
+#ifdef EXPERIMENTAL_DANE
+ FALSE,/* dane_verified */
+#endif
NULL, /* tls_cipher */
FALSE,/* tls_on_connect */
NULL, /* tls_on_connect_ports */
@@ -116,6 +119,9 @@ tls_support tls_out = {
-1, /* tls_active */
0, /* tls_bits */
FALSE,/* tls_certificate_verified */
+#ifdef EXPERIMENTAL_DANE
+ FALSE,/* dane_verified */
+#endif
NULL, /* tls_cipher */
FALSE,/* tls_on_connect */
NULL, /* tls_on_connect_ports */
diff --git a/src/src/spool_in.c b/src/src/spool_in.c
index f53251a86..bbb4da6aa 100644
--- a/src/src/spool_in.c
+++ b/src/src/spool_in.c
@@ -495,7 +495,7 @@ for (;;)
if (Ustrncmp(p, "rozen", 5) == 0)
{
deliver_freeze = TRUE;
- sscanf(big_buffer+7, TIME_T_FMT, &deliver_frozen_at);
+ sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at);
}
break;
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 79beffadf..2ed1fcbe8 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -25,6 +25,10 @@ functions from the OpenSSL library. */
#ifndef DISABLE_OCSP
# include <openssl/ocsp.h>
#endif
+#ifdef EXPERIMENTAL_DANE
+# include <danessl.h>
+#endif
+
#ifndef DISABLE_OCSP
# define EXIM_OCSP_SKEW_SECONDS (300L)
@@ -1805,7 +1809,7 @@ if (dane)
{
dns_record * rr;
dns_scan dnss;
- uschar * hostnames[2] = { host->name, NULL };
+ const char * hostnames[2] = { CS host->name, NULL };
int found = 0;
if (DANESSL_init(client_ssl, NULL, hostnames) != 1)