[exim-cvs] tidying

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Exim Git Commits Mailing List
Fecha:  
A: exim-cvs
Asunto: [exim-cvs] tidying
Gitweb: https://git.exim.org/exim.git/commitdiff/f5730918ef684baafbd9e606a1d4eb06914563cc
Commit:     f5730918ef684baafbd9e606a1d4eb06914563cc
Parent:     1d28cc061677bd07d9bed48dd84bd5c590247043
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Aug 15 20:41:56 2022 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Tue Nov 29 16:02:55 2022 +0000


    tidying
---
 src/src/lookups/lf_check_file.c |  7 +++----
 src/src/tls-gnu.c               | 32 ++++++++++++++++----------------
 src/src/tls-openssl.c           |  2 ++
 src/src/verify.c                |  2 ++
 4 files changed, 23 insertions(+), 20 deletions(-)


diff --git a/src/src/lookups/lf_check_file.c b/src/src/lookups/lf_check_file.c
index 5c74816ef..c4c05e44d 100644
--- a/src/src/lookups/lf_check_file.c
+++ b/src/src/lookups/lf_check_file.c
@@ -45,8 +45,7 @@ lf_check_file(int fd, const uschar * filename, int s_type, int modemask,
{
struct stat statbuf;

-if ((fd >= 0 && fstat(fd, &statbuf) != 0) ||
-    (fd  < 0 && Ustat(filename, &statbuf) != 0))
+if ((fd  < 0 ? Ustat(filename, &statbuf) : fstat(fd, &statbuf)) != 0)
   {
   int save_errno = errno;
   *errmsg = string_sprintf("%s: stat failed", filename);
@@ -80,7 +79,7 @@ if ((statbuf.st_mode & modemask) != 0)
   return +1;
   }


-if (owners != NULL)
+if (owners)
   {
   BOOL uid_ok = FALSE;
   for (int i = 1; i <= (int)owners[0]; i++)
@@ -94,7 +93,7 @@ if (owners != NULL)
     }
   }


-if (owngroups != NULL)
+if (owngroups)
{
BOOL gid_ok = FALSE;
for (int i = 1; i <= (int)owngroups[0]; i++)
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 703a0a4ca..69387a3a7 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -2743,25 +2743,25 @@ exim_gnutls_state_st * state = gnutls_session_get_ptr(session);

 if ((cert_list = gnutls_certificate_get_peers(session, &cert_list_size)))
   while (cert_list_size--)
-  {
-  if ((rc = import_cert(&cert_list[cert_list_size], &crt)) != GNUTLS_E_SUCCESS)
     {
-    DEBUG(D_tls) debug_printf("TLS: peer cert problem: depth %d: %s\n",
-      cert_list_size, gnutls_strerror(rc));
-    break;
-    }
+    if ((rc = import_cert(&cert_list[cert_list_size], &crt)) != GNUTLS_E_SUCCESS)
+      {
+      DEBUG(D_tls) debug_printf("TLS: peer cert problem: depth %d: %s\n",
+    cert_list_size, gnutls_strerror(rc));
+      break;
+      }


-  state->tlsp->peercert = crt;
-  if ((yield = event_raise(state->event_action,
-          US"tls:cert", string_sprintf("%d", cert_list_size), &errno)))
-    {
-    log_write(0, LOG_MAIN,
-          "SSL verify denied by event-action: depth=%d: %s",
-          cert_list_size, yield);
-    return 1;                     /* reject */
+    state->tlsp->peercert = crt;
+    if ((yield = event_raise(state->event_action,
+        US"tls:cert", string_sprintf("%d", cert_list_size), &errno)))
+      {
+      log_write(0, LOG_MAIN,
+        "SSL verify denied by event-action: depth=%d: %s",
+        cert_list_size, yield);
+      return 1;                     /* reject */
+      }
+    state->tlsp->peercert = NULL;
     }
-  state->tlsp->peercert = NULL;
-  }


 return 0;
 }
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 2b3f02712..eabe34f31 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2530,6 +2530,8 @@ if (!(bs = OCSP_response_get1_basic(rsp)))
     DEBUG(D_tls) bp = BIO_new(BIO_s_mem());


     /* Use the CA & chain that verified the server cert to verify the stapled info */
+    /*XXX could we do an event here, for observability of ocsp?  What reasonable data could we give access to? */
+    /* Dates would be a start. Do we need another opaque variable type, as for certs, plus an extract expansion? */


    {
     /* If this routine is not available, we've avoided [in tls_client_start()]
diff --git a/src/src/verify.c b/src/src/verify.c
index 0ca096130..125df8d91 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -1056,6 +1056,8 @@ no_conn:
         HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
         }
 #ifndef DISABLE_DKIM
+      /* DKIM signing needs to add a header after seeing the whole body, so we cannot just copy
+      body bytes to the outbound as they are received, which is the intent of cutthrough. */
       if (ob->dkim.dkim_domain)
         {
         cutthrough.delivery= FALSE;