[exim-cvs] TLS: fix startup after forced-fail

Gitweb: https://git.exim.org/exim.git/commitdiff/fe105877d57ac7e05a4333e0d072f232d212b9fe

Commit:     fe105877d57ac7e05a4333e0d072f232d212b9fe
Parent:     17061038519b42b6919af1d3d82d346f2259a114
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Jan 20 12:38:15 2024 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sat Jan 20 12:44:52 2024 +0000

    TLS: fix startup after forced-fail

    Broken-by: cf0c61644d7d, ce93c6d840d5, 520ef00f56ce
---
 doc/doc-txt/ChangeLog | 7 +++++++
 src/src/expand.c      | 3 +--
 src/src/tls.c         | 3 +++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 40e8a9e7e..14cd45d85 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -86,6 +86,13 @@ JH/17 Bug 3064: Fix combination of "-q<period> -R <recipients>". Introduction of
 JH/18 Bug 3068: Log a warning for use of deprecated syntax in query-style
       lookups.

+JH/19 Fix TLS startup. When the last expansion done before the initiation of a
+      TLS session resulted in a forced-fail, a misleading error was logged for
+      the expansino of tls_certificates.  This would affect the common case of
+      that option being set (main-section options) but not having any vriable
+      parts.  It could also potentially affect tls_privatekeys.  The underlyding
+      coding errors go back to 4.90 but were only exposed in 4.97.
+

Exim version 4.97
-----------------
diff --git a/src/src/expand.c b/src/src/expand.c
index 9a88d38ca..f9813133d 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -8558,13 +8558,12 @@ Returns: the expanded string, or NULL if expansion failed; if failure was
const uschar *
expand_string_2(const uschar * string, BOOL * textonly_p)
{
+f.expand_string_forcedfail = f.search_find_defer = malformed_header = FALSE;
if (Ustrpbrk(string, "$\\") != NULL)
{
int old_pool = store_pool;
uschar * s;

-  f.search_find_defer = FALSE;
-  malformed_header = FALSE;
   store_pool = POOL_MAIN;
     s = expand_string_internal(string, ESI_HONOR_DOLLAR, NULL, NULL, textonly_p);
   store_pool = old_pool;
diff --git a/src/src/tls.c b/src/src/tls.c
index b6c5d70e1..e6203b768 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -105,7 +105,10 @@ expand_check(const uschar * s, const uschar * name,
   uschar ** result, uschar ** errstr)
 {
 if (!s)
+  {
+  f.expand_string_forcedfail = FALSE;
   *result = NULL;
+  }
 else if (  !(*result = expand_string(US s)) /* need to clean up const more */
     && !f.expand_string_forcedfail
     )

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/