[exim-cvs] Fix cert-try-verify when denied by event action

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Fix cert-try-verify when denied by event action
Gitweb: http://git.exim.org/exim.git/commitdiff/a3ef73105c3539e9d29c27095573f9d437752f7f
Commit:     a3ef73105c3539e9d29c27095573f9d437752f7f
Parent:     4650b314ad07f4813d2cb826546d9048a4555c83
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Oct 26 22:14:03 2014 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Oct 26 22:14:03 2014 +0000


    Fix cert-try-verify when denied by event action
---
 src/src/tls-openssl.c |   25 ++++++++++++++++++-------
 1 files changed, 18 insertions(+), 7 deletions(-)


diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 25d5232..a2e1136 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -305,7 +305,6 @@ if (state == 0)
     depth,
     X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509ctx)),
     txt);
-  tlsp->certificate_verified = FALSE;
   *calledp = TRUE;
   if (!*optionalp)
     {
@@ -339,9 +338,11 @@ else if (depth != 0)
       {
       log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
                   "depth=%d cert=%s", depth, txt);
-      tlsp->certificate_verified = FALSE;
       *calledp = TRUE;
-      return 0;                /* reject */
+      if (!*optionalp)
+    return 0;                /* reject */
+      DEBUG(D_tls) debug_printf("Event-action verify failure overridden "
+    "(host in tls_try_verify_hosts)\n");
       }
     X509_free(tlsp->peercert);
     tlsp->peercert = NULL;
@@ -386,7 +387,11 @@ else
       {
       log_write(0, LOG_MAIN,
     "SSL verify error: certificate name mismatch: \"%s\"\n", txt);
-      return 0;                /* reject */
+      *calledp = TRUE;
+      if (!*optionalp)
+    return 0;                /* reject */
+      DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
+    "tls_try_verify_hosts)\n");
       }
     }
 # else
@@ -394,7 +399,11 @@ else
       {
       log_write(0, LOG_MAIN,
     "SSL verify error: certificate name mismatch: \"%s\"\n", txt);
-      return 0;                /* reject */
+      *calledp = TRUE;
+      if (!*optionalp)
+    return 0;                /* reject */
+      DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
+    "tls_try_verify_hosts)\n");
       }
 # endif
 #endif    /*EXPERIMENTAL_CERTNAMES*/
@@ -406,9 +415,11 @@ else
       {
       log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
                   "depth=0 cert=%s", txt);
-      tlsp->certificate_verified = FALSE;
       *calledp = TRUE;
-      return 0;                /* reject */
+      if (!*optionalp)
+    return 0;                /* reject */
+      DEBUG(D_tls) debug_printf("Event-action verify failure overridden "
+    "(host in tls_try_verify_hosts)\n");
       }
 #endif