int dkim_verify_oldpool;
pdkim_ctx *dkim_verify_ctx = NULL;
-pdkim_signature *dkim_signatures = NULL;
pdkim_signature *dkim_cur_sig = NULL;
static const uschar * dkim_collect_error = NULL;
+#define DKIM_MAX_SIGNATURES 20
+
/*XXX the caller only uses the first record if we return multiple.
/* Create new context */
dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing);
-dkim_collect_input = !!dkim_verify_ctx;
+dkim_collect_input = dkim_verify_ctx ? DKIM_MAX_SIGNATURES : 0;
dkim_collect_error = NULL;
/* Start feed up with any cached data */
dkim_collect_error = pdkim_errstr(rc);
log_write(0, LOG_MAIN,
"DKIM: validation error: %.100s", dkim_collect_error);
- dkim_collect_input = FALSE;
+ dkim_collect_input = 0;
}
store_pool = dkim_verify_oldpool;
}
goto out;
}
-dkim_collect_input = FALSE;
+dkim_collect_input = 0;
/* Finish DKIM operation and fetch link to signatures chain */
-rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures, &errstr);
+rc = pdkim_feed_finish(dkim_verify_ctx, (pdkim_signature **)&dkim_signatures,
+ &errstr);
if (rc != PDKIM_OK && errstr)
log_write(0, LOG_MAIN, "DKIM: validation error: %s", errstr);
them here. This is easy since a domain and selector is guaranteed
to be in a signature. The other dkim_* expansion items are
dynamically fetched from dkim_cur_sig at expansion time (see
- function below). */
+ dkim_exim_expand_query() below). */
dkim_cur_sig = sig;
dkim_signing_domain = US sig->domain;
for this domain. */
if (!(dkim_sel = expand_string(dkim->dkim_selector)))
- if (!(dkim_signing_selector = expand_string(dkim->dkim_selector)))
{ errwhen = US"dkim_selector"; goto expand_bad; }
while ((dkim_signing_selector = string_nextinlist(&dkim_sel, &sel_sep,
uschar * dkim_private_key_expanded;
uschar * dkim_hash_expanded;
uschar * dkim_identity_expanded = NULL;
+ uschar * dkim_timestamps_expanded = NULL;
+ unsigned long tval = 0, xval = 0;
/* Get canonicalization to use */
else if (!*dkim_identity_expanded)
dkim_identity_expanded = NULL;
+ if (dkim->dkim_timestamps)
+ if (!(dkim_timestamps_expanded = expand_string(dkim->dkim_timestamps)))
+ { errwhen = US"dkim_timestamps"; goto expand_bad; }
+ else
+ xval = (tval = (unsigned long) time(NULL))
+ + strtoul(dkim_timestamps_expanded, NULL, 10);
+
if (!(sig = pdkim_init_sign(&dkim_sign_ctx, dkim_signing_domain,
dkim_signing_selector,
dkim_private_key_expanded,
CS dkim_sign_headers_expanded,
CS dkim_identity_expanded,
pdkim_canon,
- pdkim_canon, -1, 0, 0);
+ pdkim_canon, -1, tval, xval);
if (!pdkim_set_sig_bodyhash(&dkim_sign_ctx, sig))
goto bad;
g = string_cat(g, US"permerror (overlong public key record)\n\t\t"); break;
case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD:
case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT:
- g = string_cat(g, US"neutral (syntax error in public key record)\n\t\t");
+ g = string_cat(g, US"neutral (public key record import problem)\n\t\t");
break;
case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR:
g = string_cat(g, US"neutral (signature tag missing or invalid)\n\t\t");
git://git.exim.org / exim.git / blobdiff