Gitweb:
https://git.exim.org/exim.git/commitdiff/f5730918ef684baafbd9e606a1d4eb06914563cc
Commit: f5730918ef684baafbd9e606a1d4eb06914563cc
Parent: 1d28cc061677bd07d9bed48dd84bd5c590247043
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Aug 15 20:41:56 2022 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Tue Nov 29 16:02:55 2022 +0000
tidying
---
src/src/lookups/lf_check_file.c | 7 +++----
src/src/tls-gnu.c | 32 ++++++++++++++++----------------
src/src/tls-openssl.c | 2 ++
src/src/verify.c | 2 ++
4 files changed, 23 insertions(+), 20 deletions(-)
diff --git a/src/src/lookups/lf_check_file.c b/src/src/lookups/lf_check_file.c
index 5c74816ef..c4c05e44d 100644
--- a/src/src/lookups/lf_check_file.c
+++ b/src/src/lookups/lf_check_file.c
@@ -45,8 +45,7 @@ lf_check_file(int fd, const uschar * filename, int s_type, int modemask,
{
struct stat statbuf;
-if ((fd >= 0 && fstat(fd, &statbuf) != 0) ||
- (fd < 0 && Ustat(filename, &statbuf) != 0))
+if ((fd < 0 ? Ustat(filename, &statbuf) : fstat(fd, &statbuf)) != 0)
{
int save_errno = errno;
*errmsg = string_sprintf("%s: stat failed", filename);
@@ -80,7 +79,7 @@ if ((statbuf.st_mode & modemask) != 0)
return +1;
}
-if (owners != NULL)
+if (owners)
{
BOOL uid_ok = FALSE;
for (int i = 1; i <= (int)owners[0]; i++)
@@ -94,7 +93,7 @@ if (owners != NULL)
}
}
-if (owngroups != NULL)
+if (owngroups)
{
BOOL gid_ok = FALSE;
for (int i = 1; i <= (int)owngroups[0]; i++)
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 703a0a4ca..69387a3a7 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -2743,25 +2743,25 @@ exim_gnutls_state_st * state = gnutls_session_get_ptr(session);
if ((cert_list = gnutls_certificate_get_peers(session, &cert_list_size)))
while (cert_list_size--)
- {
- if ((rc = import_cert(&cert_list[cert_list_size], &crt)) != GNUTLS_E_SUCCESS)
{
- DEBUG(D_tls) debug_printf("TLS: peer cert problem: depth %d: %s\n",
- cert_list_size, gnutls_strerror(rc));
- break;
- }
+ if ((rc = import_cert(&cert_list[cert_list_size], &crt)) != GNUTLS_E_SUCCESS)
+ {
+ DEBUG(D_tls) debug_printf("TLS: peer cert problem: depth %d: %s\n",
+ cert_list_size, gnutls_strerror(rc));
+ break;
+ }
- state->tlsp->peercert = crt;
- if ((yield = event_raise(state->event_action,
- US"tls:cert", string_sprintf("%d", cert_list_size), &errno)))
- {
- log_write(0, LOG_MAIN,
- "SSL verify denied by event-action: depth=%d: %s",
- cert_list_size, yield);
- return 1; /* reject */
+ state->tlsp->peercert = crt;
+ if ((yield = event_raise(state->event_action,
+ US"tls:cert", string_sprintf("%d", cert_list_size), &errno)))
+ {
+ log_write(0, LOG_MAIN,
+ "SSL verify denied by event-action: depth=%d: %s",
+ cert_list_size, yield);
+ return 1; /* reject */
+ }
+ state->tlsp->peercert = NULL;
}
- state->tlsp->peercert = NULL;
- }
return 0;
}
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 2b3f02712..eabe34f31 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2530,6 +2530,8 @@ if (!(bs = OCSP_response_get1_basic(rsp)))
DEBUG(D_tls) bp = BIO_new(BIO_s_mem());
/* Use the CA & chain that verified the server cert to verify the stapled info */
+ /*XXX could we do an event here, for observability of ocsp? What reasonable data could we give access to? */
+ /* Dates would be a start. Do we need another opaque variable type, as for certs, plus an extract expansion? */
{
/* If this routine is not available, we've avoided [in tls_client_start()]
diff --git a/src/src/verify.c b/src/src/verify.c
index 0ca096130..125df8d91 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -1056,6 +1056,8 @@ no_conn:
HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
}
#ifndef DISABLE_DKIM
+ /* DKIM signing needs to add a header after seeing the whole body, so we cannot just copy
+ body bytes to the outbound as they are received, which is the intent of cutthrough. */
if (ob->dkim.dkim_domain)
{
cutthrough.delivery= FALSE;