[exim-cvs] DKIM: fix verify under TLS & chunking, with pipe…

Inizio della pagina
Delete this message
Reply to this message
Autore: Exim Git Commits Mailing List
Data:  
To: exim-cvs
Oggetto: [exim-cvs] DKIM: fix verify under TLS & chunking, with pipelined next command
Gitweb: https://git.exim.org/exim.git/commitdiff/b367453a08bff7123dfe0b841de290e17372ad7c
Commit:     b367453a08bff7123dfe0b841de290e17372ad7c
Parent:     15a44d749b2f4097d43c2d887b6c5bca2d0d8b4a
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Tue Aug 10 21:32:18 2021 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Wed Aug 11 00:07:45 2021 +0100


    DKIM: fix verify under TLS & chunking, with pipelined next command
---
 doc/doc-txt/ChangeLog           |  5 ++++
 src/src/dkim.c                  |  7 ++++--
 src/src/functions.h             |  4 +--
 src/src/globals.c               |  2 +-
 src/src/globals.h               |  2 +-
 src/src/smtp_in.c               |  8 +++---
 src/src/tls-gnu.c               |  5 +++-
 src/src/tls-openssl.c           |  5 +++-
 test/aux-fixed/4535.mlistfooter |  4 +++
 test/confs/4530                 |  6 +++++
 test/confs/4535                 |  4 +++
 test/confs/4539                 |  6 ++++-
 test/log/4530                   | 40 +++++++-----------------------
 test/log/4531                   |  4 +--
 test/log/4533                   |  6 +----
 test/log/4534                   |  6 +----
 test/log/4535                   | 54 ++++++++++++++++++++---------------------
 test/log/4539                   | 16 +++++-------
 test/mail/4535.b                | 35 +++++++++++++++++++++++---
 test/mail/4535.c                | 35 +++++++++++++++++++++++---
 test/mail/4539.y                |  9 ++++---
 test/mail/4539.z                |  9 ++++---
 test/scripts/4520-TLS-DKIM/4539 |  4 ++-
 test/stderr/4530                |  6 +----
 test/stdout/4539                |  6 +++--
 25 files changed, 174 insertions(+), 114 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 89df375..5fa8040 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -327,6 +327,11 @@ JH/57 Fix control=fakreject for a custom message containing tainted data.
 JH/58 GnuTLS: Fix certextract expansion.  If a second modifier after a tag
       modifier was given, a loop resulted.


+JH/59 DKIM: Fix small-message verification under TLS with chunking. If a
+      pipelined SMTP command followed the BDAT LAST then it would be
+      incorrrectly treated as part of the message body, causing a verification
+      fail.
+


Exim version 4.94
-----------------
diff --git a/src/src/dkim.c b/src/src/dkim.c
index 63b0ba6..5b7f17b 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -128,13 +128,16 @@ dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing);
dkim_collect_input = dkim_verify_ctx ? DKIM_MAX_SIGNATURES : 0;
dkim_collect_error = NULL;

-/* Start feed up with any cached data */
-receive_get_cache();
+/* Start feed up with any cached data, but limited to message data */
+receive_get_cache(chunking_state == CHUNKING_LAST
+          ? chunking_data_left : GETC_BUFFER_UNLIMITED);


store_pool = dkim_verify_oldpool;
}


+/* Submit a chunk of data for verification input.
+Only use the data when the feed is activated. */
 void
 dkim_exim_verify_feed(uschar * data, int len)
 {
diff --git a/src/src/functions.h b/src/src/functions.h
index 0744697..f57379e 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -67,7 +67,7 @@ extern uschar *tls_field_from_dn(uschar *, const uschar *);
 extern void    tls_free_cert(void **);
 extern int     tls_getc(unsigned);
 extern uschar *tls_getbuf(unsigned *);
-extern void    tls_get_cache(void);
+extern void    tls_get_cache(unsigned);
 extern BOOL    tls_import_cert(const uschar *, void **);
 extern BOOL    tls_is_name_for_cert(const uschar *, void *);
 # ifdef USE_OPENSSL
@@ -493,7 +493,7 @@ extern BOOL    smtp_get_interface(uschar *, int, address_item *,
 extern BOOL    smtp_get_port(uschar *, address_item *, int *, uschar *);
 extern int     smtp_getc(unsigned);
 extern uschar *smtp_getbuf(unsigned *);
-extern void    smtp_get_cache(void);
+extern void    smtp_get_cache(unsigned);
 extern int     smtp_handle_acl_fail(int, int, uschar *, uschar *);
 extern void    smtp_log_no_mail(void);
 extern void    smtp_message_code(uschar **, int *, uschar **, uschar **, BOOL);
diff --git a/src/src/globals.c b/src/src/globals.c
index c3e8a16..5d9f7f8 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -176,7 +176,7 @@ uschar * (*lwr_receive_getbuf)(unsigned *) = NULL;
 int (*lwr_receive_ungetc)(int) = stdin_ungetc;
 int (*receive_getc)(unsigned)  = stdin_getc;
 uschar * (*receive_getbuf)(unsigned *)  = NULL;
-void (*receive_get_cache)(void)= NULL;
+void (*receive_get_cache)(unsigned)    = NULL;
 int (*receive_ungetc)(int)     = stdin_ungetc;
 int (*receive_feof)(void)      = stdin_feof;
 int (*receive_ferror)(void)    = stdin_ferror;
diff --git a/src/src/globals.h b/src/src/globals.h
index d5d9314..b610ac0 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -164,7 +164,7 @@ extern uschar * (*lwr_receive_getbuf)(unsigned *);
 extern int (*lwr_receive_ungetc)(int);
 extern int (*receive_getc)(unsigned);
 extern uschar * (*receive_getbuf)(unsigned *);
-extern void (*receive_get_cache)(void);
+extern void (*receive_get_cache)(unsigned);
 extern int (*receive_ungetc)(int);
 extern int (*receive_feof)(void);
 extern int (*receive_ferror)(void);
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index ee248c5..ffda0ec 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -581,12 +581,12 @@ return buf;
 }


 void
-smtp_get_cache(void)
+smtp_get_cache(unsigned lim)
 {
 #ifndef DISABLE_DKIM
 int n = smtp_inend - smtp_inptr;
-if (chunking_state == CHUNKING_LAST && chunking_data_left < n)
-  n = chunking_data_left;
+if (n > lim)
+  n = lim;
 if (n > 0)
   dkim_exim_verify_feed(smtp_inptr, n);
 #endif
@@ -661,7 +661,9 @@ for(;;)
   if (chunking_state == CHUNKING_LAST)
     {
 #ifndef DISABLE_DKIM
+    dkim_collect_input = dkim_save;
     dkim_exim_verify_feed(NULL, 0);    /* notify EOD */
+    dkim_collect_input = 0;
 #endif
     return EOD;
     }
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 7d434f6..796581b 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -3877,12 +3877,15 @@ return buf;
 }



+/* Get up to the given number of bytes from any cached data, and feed to dkim. */
void
-tls_get_cache(void)
+tls_get_cache(unsigned lim)
{
#ifndef DISABLE_DKIM
exim_gnutls_state_st * state = &state_server;
int n = state->xfer_buffer_hwm - state->xfer_buffer_lwm;
+if (n > lim)
+ n = lim;
if (n > 0)
dkim_exim_verify_feed(state->xfer_buffer+state->xfer_buffer_lwm, n);
#endif
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 89f11ce..298d8d4 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -4146,10 +4146,13 @@ return buf;


void
-tls_get_cache(void)
+tls_get_cache(unsigned lim)
{
#ifndef DISABLE_DKIM
int n = ssl_xfer_buffer_hwm - ssl_xfer_buffer_lwm;
+debug_printf("tls_get_cache\n");
+if (n > lim)
+ n = lim;
if (n > 0)
dkim_exim_verify_feed(ssl_xfer_buffer+ssl_xfer_buffer_lwm, n);
#endif
diff --git a/test/aux-fixed/4535.mlistfooter b/test/aux-fixed/4535.mlistfooter
new file mode 100644
index 0000000..7c33b82
--- /dev/null
+++ b/test/aux-fixed/4535.mlistfooter
@@ -0,0 +1,4 @@
+
+--
+This is a generic mailinglist footer, using a traditional .sig-separator line
+----
diff --git a/test/confs/4530 b/test/confs/4530
index daa9218..c27fb95 100644
--- a/test/confs/4530
+++ b/test/confs/4530
@@ -22,6 +22,9 @@ dkim_verify_minimal = true

DDIR=DIR/aux-fixed/dkim

+tls_certificate = DIR/aux-fixed/cert1
+tls_privatekey = DIR/aux-fixed/cert1
+
log_selector = -dkim +dkim_verbose +received_recipients

 # ----- Routers
@@ -48,6 +51,9 @@ send_to_server:
   port = PORT_D
   hosts_try_fastopen =    :
   hosts_require_tls =    *
+  tls_verify_certificates =   DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :
+


   dkim_domain =        test.ex
 .ifdef SELECTOR
diff --git a/test/confs/4535 b/test/confs/4535
index 62c06fc..bafcc53 100644
--- a/test/confs/4535
+++ b/test/confs/4535
@@ -27,6 +27,8 @@ pipelining_connect_advertise_hosts = :
 dmarc_tld_file =
 .endif
 tls_advertise_hosts = *
+tls_certificate = DIR/aux-fixed/cert1
+tls_privatekey = DIR/aux-fixed/cert1


primary_hostname = myhost.test.ex

@@ -67,6 +69,8 @@ send_to_server:
   port = PORT_D
   hosts_try_fastopen =    :
   hosts_require_tls =    *
+  tls_verify_certificates =   DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :


 .ifdef FILTER
   transport_filter =    /bin/cat - DIR/aux-fixed/TESTNUM.mlistfooter
diff --git a/test/confs/4539 b/test/confs/4539
index 57f359f..571ddc2 100644
--- a/test/confs/4539
+++ b/test/confs/4539
@@ -1,4 +1,4 @@
-# Exim test configuration 0906
+# Exim test configuration 4539
 SERVER=


 exim_path = EXIM_PATH
@@ -91,6 +91,8 @@ remote_smtp:
   port =    PORT_D
   hosts_try_fastopen = :
   allow_localhost
+  tls_verify_certificates =   DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :


 remote_smtp_dkim:
   driver = smtp
@@ -98,6 +100,8 @@ remote_smtp_dkim:
   port =    PORT_D
   hosts_try_fastopen = :
   allow_localhost
+  tls_verify_certificates =   DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :


 .ifdef OPT
   dkim_domain =        test.ex
diff --git a/test/log/4530 b/test/log/4530
index 8b739e9..f8695ac 100644
--- a/test/log/4530
+++ b/test/log/4530
@@ -1,41 +1,25 @@
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for a@???
-1999-03-02 09:44:33 10HmaY-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmaY-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmaY-0005vi-00 => a@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => a@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaZ-0005vi-00"
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for b@???
-1999-03-02 09:44:33 10HmbA-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmbA-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmbA-0005vi-00 => b@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmbA-0005vi-00 => b@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbB-0005vi-00"
 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for b10@???
-1999-03-02 09:44:33 10HmbC-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmbC-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmbC-0005vi-00 => b10@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbD-0005vi-00"
+1999-03-02 09:44:33 10HmbC-0005vi-00 => b10@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbD-0005vi-00"
 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for b12@???
-1999-03-02 09:44:33 10HmbE-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmbE-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmbE-0005vi-00 => b12@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbF-0005vi-00"
+1999-03-02 09:44:33 10HmbE-0005vi-00 => b12@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbF-0005vi-00"
 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for b20@???
-1999-03-02 09:44:33 10HmbG-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmbG-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmbG-0005vi-00 => b20@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbH-0005vi-00"
+1999-03-02 09:44:33 10HmbG-0005vi-00 => b20@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbH-0005vi-00"
 1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for b22@???
-1999-03-02 09:44:33 10HmbI-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmbI-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmbI-0005vi-00 => b22@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbJ-0005vi-00"
+1999-03-02 09:44:33 10HmbI-0005vi-00 => b22@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbJ-0005vi-00"
 1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for d@???
-1999-03-02 09:44:33 10HmbK-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmbK-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmbK-0005vi-00 => d@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbL-0005vi-00"
+1999-03-02 09:44:33 10HmbK-0005vi-00 => d@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbL-0005vi-00"
 1999-03-02 09:44:33 10HmbK-0005vi-00 Completed
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> U=CALLER P=local S=sss for e0@???
-1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
 1999-03-02 09:44:33 10HmaX-0005vi-00 failed to expand dkim_timestamps: unknown variable in "${bogus}"
 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: message could not be signed, and dkim_strict is set. Deferring message delivery.
 1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: send() to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] failed: failed to expand dkim_timestamps: unknown variable in "${bogus}": Permission denied
@@ -44,19 +28,13 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 e0@???: error ignored
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for e@???
-1999-03-02 09:44:33 10HmbM-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmbM-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmbM-0005vi-00 => e@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbN-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 => e@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbN-0005vi-00"
 1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for f@???
-1999-03-02 09:44:33 10HmbO-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmbO-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmbO-0005vi-00 => f@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbP-0005vi-00"
+1999-03-02 09:44:33 10HmbO-0005vi-00 => f@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbP-0005vi-00"
 1999-03-02 09:44:33 10HmbO-0005vi-00 Completed


******** SERVER ********
-1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one.
- Suggested action: either install a certificate or change tls_advertise_hosts option
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
1999-03-02 09:44:33 10HmaZ-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From
diff --git a/test/log/4531 b/test/log/4531
index 7cfbd7f..6740cab 100644
--- a/test/log/4531
+++ b/test/log/4531
@@ -7,7 +7,7 @@

******** SERVER ********
2017-07-30 18:51:05.712 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_S
-2017-07-30 18:51:05.712 10HmaY-0005vi-00 DKIM FAIL FAIL FAIL: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification failed - body hash mismatch (body probably modified in transit)]
-2017-07-30 18:51:05.712 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss id=E10HmaX-0005vi-00@??? for a@???
+2017-07-30 18:51:05.712 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+2017-07-30 18:51:05.712 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss DKIM=test.ex id=E10HmaX-0005vi-00@??? for a@???
2017-07-30 18:51:05.712 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
2017-07-30 18:51:05.712 10HmbA-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss DKIM=test.ex id=E10HmaZ-0005vi-00@??? for b@???
diff --git a/test/log/4533 b/test/log/4533
index e3f8d1a..315700e 100644
--- a/test/log/4533
+++ b/test/log/4533
@@ -1,12 +1,8 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for a@???
-1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed

******** SERVER ********
-1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one.
- Suggested action: either install a certificate or change tls_advertise_hosts option
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From:From
diff --git a/test/log/4534 b/test/log/4534
index b3d9d5f..faac1b6 100644
--- a/test/log/4534
+++ b/test/log/4534
@@ -1,12 +1,8 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for c@???
-1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmaX-0005vi-00 => c@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => c@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed

******** SERVER ********
-1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one.
- Suggested action: either install a certificate or change tls_advertise_hosts option
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 rcpt_acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 512 h=From:To:Subject
diff --git a/test/log/4535 b/test/log/4535
index 078e699..2e7fcf2 100644
--- a/test/log/4535
+++ b/test/log/4535
@@ -1,30 +1,20 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for a@???
-1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for b@???
-1999-03-02 09:44:33 10HmaZ-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmaZ-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 == b@??? R=client T=send_to_server defer (-24) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: transport filter process failed (1)
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for c@???
-1999-03-02 09:44:33 10HmbA-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmbA-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmbA-0005vi-00 == c@??? R=client T=send_to_server defer (-24) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: transport filter process failed (1)
-1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for b@???
-1999-03-02 09:44:33 10HmbB-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmbB-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmbB-0005vi-00 => b@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for c@???
+1999-03-02 09:44:33 10HmbB-0005vi-00 => c@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes K C="250- 7nn byte chunk, total 7nn\\n250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for c@???
-1999-03-02 09:44:33 10HmbD-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-1999-03-02 09:44:33 10HmbD-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
-1999-03-02 09:44:33 10HmbD-0005vi-00 => c@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K C="250- 7nn byte chunk, total 7nn\\n250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for b@???
+1999-03-02 09:44:33 10HmbD-0005vi-00 => b@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbE-0005vi-00"
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for c@???
+1999-03-02 09:44:33 10HmbF-0005vi-00 => c@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes K C="250- 7nn byte chunk, total 7nn\\n250 OK id=10HmbG-0005vi-00"
+1999-03-02 09:44:33 10HmbF-0005vi-00 Completed

 ******** SERVER ********
-1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one.
- Suggested action: either install a certificate or change tls_advertise_hosts option
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
 1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From
@@ -33,16 +23,26 @@
 1999-03-02 09:44:33 10HmaY-0005vi-00 => a <a@???> R=server_store T=file
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 SMTP connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] lost while reading message data (header)
+1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmbA-0005vi-00 data acl: dkim status pass
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss DKIM=test.ex id=E10HmaZ-0005vi-00@??? for b@???
+1999-03-02 09:44:33 10HmbA-0005vi-00 => b <b@???> R=server_store T=file
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
 1999-03-02 09:44:33 10HmbC-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From
 1999-03-02 09:44:33 10HmbC-0005vi-00 data acl: dkim status pass
-1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss DKIM=test.ex id=E10HmbB-0005vi-00@??? for b@???
-1999-03-02 09:44:33 10HmbC-0005vi-00 => b <b@???> R=server_store T=file
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss DKIM=test.ex id=E10HmbB-0005vi-00@??? for c@???
+1999-03-02 09:44:33 10HmbC-0005vi-00 => c <c@???> R=server_store T=file
 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmbE-0005vi-00 dkim_acl: signer: test.ex bits: 0 h=From
-1999-03-02 09:44:33 10HmbE-0005vi-00 data acl: dkim status fail
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss id=E10HmbD-0005vi-00@??? for c@???
-1999-03-02 09:44:33 10HmbE-0005vi-00 => c <c@???> R=server_store T=file
+1999-03-02 09:44:33 10HmbE-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmbE-0005vi-00 data acl: dkim status pass
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss DKIM=test.ex id=E10HmbD-0005vi-00@??? for b@???
+1999-03-02 09:44:33 10HmbE-0005vi-00 => b <b@???> R=server_store T=file
 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
+1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
+1999-03-02 09:44:33 10HmbG-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmbG-0005vi-00 data acl: dkim status pass
+1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss DKIM=test.ex id=E10HmbF-0005vi-00@??? for c@???
+1999-03-02 09:44:33 10HmbG-0005vi-00 => c <c@???> R=server_store T=file
+1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
diff --git a/test/log/4539 b/test/log/4539
index 903abb1..78ad873 100644
--- a/test/log/4539
+++ b/test/log/4539
@@ -8,18 +8,14 @@
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_S port PORT_D
 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss for z@???
-1999-03-02 09:44:33 10HmaZ-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmaZ-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="127.0.0.1"
-1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification failed - body hash mismatch (body probably modified in transit)]
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss for z@???
+1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss DKIM=test.ex for z@???
 1999-03-02 09:44:33 10HmaX-0005vi-00 no immediate delivery: queued by ACL
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => z@??? R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K C="250- 6nn byte chunk, total 6nn\\n250 OK id=10HmaX-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => z@??? R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes K C="250- 7nn byte chunk, total 7nn\\n250 OK id=10HmaX-0005vi-00"
 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss for y@???
-1999-03-02 09:44:33 10HmbA-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmbA-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="127.0.0.1"
-1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification failed - body hash mismatch (body probably modified in transit)]
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss for y@???
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss DKIM=test.ex for y@???
 1999-03-02 09:44:33 10HmaY-0005vi-00 no immediate delivery: queued by ACL
-1999-03-02 09:44:33 10HmbA-0005vi-00 => y@??? R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K C="250- 6nn byte chunk, total 6nn\\n250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmbA-0005vi-00 => y@??? R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes K C="250- 7nn byte chunk, total 7nn\\n250 OK id=10HmaY-0005vi-00"
 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
diff --git a/test/mail/4535.b b/test/mail/4535.b
index 8123854..0f04c25 100644
--- a/test/mail/4535.b
+++ b/test/mail/4535.b
@@ -3,7 +3,7 @@ Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex)
     by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
     (Exim x.yz)
     (envelope-from <CALLER@???>)
-    id 10HmbC-0005vi-00
+    id 10HmbA-0005vi-00
     for b@???;
     Tue, 2 Mar 1999 09:44:33 +0000
 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex;
@@ -13,11 +13,40 @@ DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex;
     ygZGjs=;
 Received: from CALLER by myhost.test.ex with local (Exim x.yz)
     (envelope-from <CALLER@???>)
-    id 10HmbB-0005vi-00
+    id 10HmaZ-0005vi-00
     for b@???;
     Tue, 2 Mar 1999 09:44:33 +0000
 From: nobody@???
-Message-Id: <E10HmbB-0005vi-00@???>
+Message-Id: <E10HmaZ-0005vi-00@???>
+Sender: CALLER_NAME <CALLER@???>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+content
+
+-- 
+This is a generic mailinglist footer, using a traditional .sig-separator line
+----
+
+From CALLER@??? Tue Mar 02 09:44:33 1999
+Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex)
+    by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
+    (Exim x.yz)
+    (envelope-from <CALLER@???>)
+    id 10HmbE-0005vi-00
+    for b@???;
+    Tue, 2 Mar 1999 09:44:33 +0000
+DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex;
+    s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL
+    wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM
+    ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL
+    ygZGjs=;
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+    (envelope-from <CALLER@???>)
+    id 10HmbD-0005vi-00
+    for b@???;
+    Tue, 2 Mar 1999 09:44:33 +0000
+From: nobody@???
+Message-Id: <E10HmbD-0005vi-00@???>
 Sender: CALLER_NAME <CALLER@???>
 Date: Tue, 2 Mar 1999 09:44:33 +0000


diff --git a/test/mail/4535.c b/test/mail/4535.c
index 4394d9c..96fe97f 100644
--- a/test/mail/4535.c
+++ b/test/mail/4535.c
@@ -3,7 +3,7 @@ Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex)
     by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
     (Exim x.yz)
     (envelope-from <CALLER@???>)
-    id 10HmbE-0005vi-00
+    id 10HmbC-0005vi-00
     for c@???;
     Tue, 2 Mar 1999 09:44:33 +0000
 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex;
@@ -13,11 +13,40 @@ DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex;
     ygZGjs=;
 Received: from CALLER by myhost.test.ex with local (Exim x.yz)
     (envelope-from <CALLER@???>)
-    id 10HmbD-0005vi-00
+    id 10HmbB-0005vi-00
     for c@???;
     Tue, 2 Mar 1999 09:44:33 +0000
 From: nobody@???
-Message-Id: <E10HmbD-0005vi-00@???>
+Message-Id: <E10HmbB-0005vi-00@???>
+Sender: CALLER_NAME <CALLER@???>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+content
+
+-- 
+This is a generic mailinglist footer, using a traditional .sig-separator line
+----
+
+From CALLER@??? Tue Mar 02 09:44:33 1999
+Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex)
+    by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
+    (Exim x.yz)
+    (envelope-from <CALLER@???>)
+    id 10HmbG-0005vi-00
+    for c@???;
+    Tue, 2 Mar 1999 09:44:33 +0000
+DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex;
+    s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL
+    wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM
+    ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL
+    ygZGjs=;
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+    (envelope-from <CALLER@???>)
+    id 10HmbF-0005vi-00
+    for c@???;
+    Tue, 2 Mar 1999 09:44:33 +0000
+From: nobody@???
+Message-Id: <E10HmbF-0005vi-00@???>
 Sender: CALLER_NAME <CALLER@???>
 Date: Tue, 2 Mar 1999 09:44:33 +0000


diff --git a/test/mail/4539.y b/test/mail/4539.y
index 14b663d..4626114 100644
--- a/test/mail/4539.y
+++ b/test/mail/4539.y
@@ -7,10 +7,10 @@ Received: from localhost ([127.0.0.1] helo=testhost.test.ex)
     for y@???;
     Tue, 2 Mar 1999 09:44:33 +0000
 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex;
-    s=sel; h=Subject; bh=CVpkzY75tV/NCKk5pPx4GnM3NX83xwCiT0xVwo0G1Rs=; b=JTYpVY1D
-    sO37MibaZTC2CgpQAZlz/lRefFQv3Q7JM4D0aUfseT24Xg+kxv3xc5guSzKWQzycm3zie366tHape
-    lu70O4/5+Dyr0f/FKjmYxT+ALcIzuVN7Rty2JioBG07aryqJqmcR0xpmiggctb/h/2a/JGRKPcDWO
-    psj50XQNQ=;
+    s=sel; h=Subject; bh=qrFAgZTdNItSIrBZpDPHl7T6nHDpDTlw6cFlhULnt3c=; b=XGR6pjWM
+    PEWqcZj6/UQcH54guCxLNrtBaOS6Bve1+prubUxn6u3FdP+deLkkZTMrgf2LUMg3APxC4moIREkTt
+    7JmnHBYDEeNOsV8Zpg95yRp+8BIEAqBGddOIs2KzUb3Ua0B2gbVd8Ovc2hrMu+JJPx9CE1mlHtHIw
+    txPmCs15I=;
 Received: from [127.0.0.1] (helo=xxx)
     by testhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
     (Exim x.yz)
@@ -26,5 +26,6 @@ X-received-count: 2
 Line 1: This is a simple test.
 Line 2: This is a simple test.
 .Line 3 has a leading dot
+extra32chars234567890123456789
 last line: 4


diff --git a/test/mail/4539.z b/test/mail/4539.z
index a2b43b8..584deb3 100644
--- a/test/mail/4539.z
+++ b/test/mail/4539.z
@@ -7,10 +7,10 @@ Received: from localhost ([127.0.0.1] helo=testhost.test.ex)
     for z@???;
     Tue, 2 Mar 1999 09:44:33 +0000
 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex;
-    s=sel; h=Subject; bh=CVpkzY75tV/NCKk5pPx4GnM3NX83xwCiT0xVwo0G1Rs=; b=JTYpVY1D
-    sO37MibaZTC2CgpQAZlz/lRefFQv3Q7JM4D0aUfseT24Xg+kxv3xc5guSzKWQzycm3zie366tHape
-    lu70O4/5+Dyr0f/FKjmYxT+ALcIzuVN7Rty2JioBG07aryqJqmcR0xpmiggctb/h/2a/JGRKPcDWO
-    psj50XQNQ=;
+    s=sel; h=Subject; bh=rr4Eahuyisf50jrZwCMRa+NKEI5cjCTLtiI8sXRsvJo=; b=DMx6DGzU
+    7Pbz5IGN4NvxeDHYJIVnSMRO0q5PBiGMoaESCZFhQF+fZ7f+kZyNY1Uanggg93Ux7OeQ3ZThnAg4t
+    1xm24pdfYtXKleKtsZ2ekh6SNXo2YcyclIo8hf4z3iZsjxcjnftZRbtaeAc3Coicq0+51i+/ZxCup
+    EwFMsq92M=;
 Received: from [127.0.0.1] (helo=xxx)
     by testhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
     (Exim x.yz)
@@ -26,5 +26,6 @@ X-received-count: 2
 Line 1: This is a simple test.
 Line 2: This is a simple test.
 .Line 3 has a leading dot
+extra30chars234567890123456789
 last line: 4


diff --git a/test/scripts/4520-TLS-DKIM/4539 b/test/scripts/4520-TLS-DKIM/4539
index eaa13fb..9321427 100644
--- a/test/scripts/4520-TLS-DKIM/4539
+++ b/test/scripts/4520-TLS-DKIM/4539
@@ -30,6 +30,7 @@ Subject: simple test
Line 1: This is a simple test.
Line 2: This is a simple test.
..Line 3 has a leading dot
+extra30chars234567890123456789
last line: 4
.
??? 250
@@ -58,12 +59,13 @@ MAIL FROM:<CALLER@???>
??? 250
RCPT TO:<y@???>
??? 250
-BDAT 129 LAST
+BDAT 161 LAST
Subject: simple test

Line 1: This is a simple test.
Line 2: This is a simple test.
.Line 3 has a leading dot
+extra32chars234567890123456789
last line: 4
??? 250-
??? 250
diff --git a/test/stderr/4530 b/test/stderr/4530
index 96951cf..4b93222 100644
--- a/test/stderr/4530
+++ b/test/stderr/4530
@@ -21,10 +21,6 @@ cmd buf flush ddd bytes
SMTP>> STARTTLS
cmd buf flush ddd bytes
SMTP<< 220 TLS go ahead
-LOG: MAIN
- [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=myhost.test.ex
-LOG: MAIN
- [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=Exim Developers/CN=myhost.test.ex" H="ip4.ip4.ip4.ip4"
SMTP>> EHLO myhost.test.ex
cmd buf flush ddd bytes
SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
@@ -68,7 +64,7 @@ cmd buf flush ddd bytes
SMTP<< 221 myhost.test.ex closing connection
SMTP(close)>>
LOG: MAIN
- => d@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbL-0005vi-00"
+ => d@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbL-0005vi-00"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp (local-accept-delivery) terminating with rc=0 >>>>>>>>>>>>>>>>

diff --git a/test/stdout/4539 b/test/stdout/4539
index 2a3824b..b766bb2 100644
--- a/test/stdout/4539
+++ b/test/stdout/4539
@@ -38,6 +38,7 @@ Succeeded in starting TLS
>>> Line 1: This is a simple test.
>>> Line 2: This is a simple test.
>>> ..Line 3 has a leading dot

+>>> extra30chars234567890123456789
>>> last line: 4
>>> .

??? 250
@@ -78,15 +79,16 @@ Succeeded in starting TLS
>>> RCPT TO:<y@???>

??? 250
<<< 250 Accepted
->>> BDAT 129 LAST
+>>> BDAT 161 LAST
>>> Subject: simple test
>>>
>>> Line 1: This is a simple test.
>>> Line 2: This is a simple test.
>>> .Line 3 has a leading dot

+>>> extra32chars234567890123456789
>>> last line: 4

??? 250-
-<<< 250- 129 byte chunk, total 129
+<<< 250- 161 byte chunk, total 161
??? 250
<<< 250 OK id=10HmbA-0005vi-00
>>> QUIT