diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/src/dane-openssl.c | 8 | ||||
-rw-r--r-- | src/src/deliver.c | 2 | ||||
-rw-r--r-- | src/src/expand.c | 4 | ||||
-rw-r--r-- | src/src/globals.c | 6 | ||||
-rw-r--r-- | src/src/spool_in.c | 2 | ||||
-rw-r--r-- | src/src/tls-openssl.c | 6 |
6 files changed, 22 insertions, 6 deletions
diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c index 2430d475f..6345b39ca 100644 --- a/src/src/dane-openssl.c +++ b/src/src/dane-openssl.c @@ -202,9 +202,9 @@ for(matched = 0; !matched && slist; slist = slist->next) { dane_mtype_list m; unsigned char mdbuf[EVP_MAX_MD_SIZE]; - unsigned char *buf; + unsigned char *buf = NULL; unsigned char *buf2; - unsigned int len; + unsigned int len = 0; /* * Extract ASN.1 DER form of certificate or public key. @@ -679,6 +679,7 @@ int matched; matched = match(dane->selectors[SSL_DANE_USAGE_FIXED_LEAF], cert, 0); if(matched > 0) if(!ctx->chain) + { if( (ctx->chain = sk_X509_new_null()) && sk_X509_push(ctx->chain, cert)) CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); @@ -687,6 +688,7 @@ if(matched > 0) DANEerr(DANE_F_CHECK_END_ENTITY, ERR_R_MALLOC_FAILURE); return -1; } + } return matched; } @@ -714,12 +716,14 @@ for(hosts = dane->hosts; hosts; hosts = hosts->next) * Sub-domain match: certid is any sub-domain of hostname. */ if(match_subdomain) + { if( (idlen = strlen(certid)) > (domlen = strlen(domain)) + 1 && certid[idlen - domlen - 1] == '.' && !strcasecmp(certid + (idlen - domlen), domain)) return 1; else continue; + } /* * Exact match and initial "*" match. The initial "*" in a certid diff --git a/src/src/deliver.c b/src/src/deliver.c index 86deceb76..ab0815ed4 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -7001,12 +7001,14 @@ wording. */ { struct stat statbuf; if (fstat(deliver_datafile, &statbuf) == 0 && statbuf.st_size > max) + { if (emf_text) fprintf(f, "%s", CS emf_text); else fprintf(f, "------ The body of the message is " OFF_T_FMT " characters long; only the first\n" "------ %d or so are included here.\n", statbuf.st_size, max); + } } fputc('\n', f); diff --git a/src/src/expand.c b/src/src/expand.c index 70d7c7d2f..e5af63d89 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -6368,14 +6368,14 @@ while (*s != 0) case EOP_UTF8CLEAN: { - int seq_len, index = 0; + int seq_len = 0, index = 0; int bytes_left = 0; uschar seq_buff[4]; /* accumulate utf-8 here */ while (*sub != 0) { int complete; - long codepoint; + long codepoint = 0; uschar c; complete = 0; diff --git a/src/src/globals.c b/src/src/globals.c index 7d4ab63a1..d09903d65 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -103,6 +103,9 @@ tls_support tls_in = { -1, /* tls_active */ 0, /* tls_bits */ FALSE,/* tls_certificate_verified */ +#ifdef EXPERIMENTAL_DANE + FALSE,/* dane_verified */ +#endif NULL, /* tls_cipher */ FALSE,/* tls_on_connect */ NULL, /* tls_on_connect_ports */ @@ -116,6 +119,9 @@ tls_support tls_out = { -1, /* tls_active */ 0, /* tls_bits */ FALSE,/* tls_certificate_verified */ +#ifdef EXPERIMENTAL_DANE + FALSE,/* dane_verified */ +#endif NULL, /* tls_cipher */ FALSE,/* tls_on_connect */ NULL, /* tls_on_connect_ports */ diff --git a/src/src/spool_in.c b/src/src/spool_in.c index f53251a86..bbb4da6aa 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -495,7 +495,7 @@ for (;;) if (Ustrncmp(p, "rozen", 5) == 0) { deliver_freeze = TRUE; - sscanf(big_buffer+7, TIME_T_FMT, &deliver_frozen_at); + sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at); } break; diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 79beffadf..2ed1fcbe8 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -25,6 +25,10 @@ functions from the OpenSSL library. */ #ifndef DISABLE_OCSP # include <openssl/ocsp.h> #endif +#ifdef EXPERIMENTAL_DANE +# include <danessl.h> +#endif + #ifndef DISABLE_OCSP # define EXIM_OCSP_SKEW_SECONDS (300L) @@ -1805,7 +1809,7 @@ if (dane) { dns_record * rr; dns_scan dnss; - uschar * hostnames[2] = { host->name, NULL }; + const char * hostnames[2] = { CS host->name, NULL }; int found = 0; if (DANESSL_init(client_ssl, NULL, hostnames) != 1) |