them. Also, the tls_ variables are now always visible. */
typedef struct {
- int active; /* fd/socket when in a TLS session */
+ client_conn_ctx active; /* fd/socket when in a TLS session, and ptr to TLS context */
int bits; /* bits used in TLS session */
BOOL certificate_verified; /* Client certificate verified */
#ifdef SUPPORT_DANE
extern uschar *tls_ocsp_file; /* OCSP stapling proof file */
# endif
extern uschar *tls_privatekey; /* Private key file */
+# ifdef EXPERIMENTAL_REQUIRETLS
+extern uschar tls_requiretls; /* REQUIRETLS active for this message */
+extern uschar *tls_advertise_requiretls; /* hosts for which REQUIRETLS adv */
+extern const pcre *regex_REQUIRETLS; /* for recognising the command */
+# endif
extern BOOL tls_remember_esmtp; /* For YAEB */
extern uschar *tls_require_ciphers; /* So some can be avoided */
extern uschar *tls_try_verify_hosts; /* Optional client verification */
unsigned delivery:1; /* When to attempt */
unsigned defer_pass:1; /* Pass 4xx to caller rather than spooling */
unsigned is_tls:1; /* Conn has TLS active */
- int fd; /* Open connection */
+ client_conn_ctx cctx; /* Open connection */
int nrcpt; /* Count of addresses */
uschar * transport; /* Name of transport */
uschar * interface; /* (address of) */
extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */
extern int dns_csa_search_limit; /* How deep to search for CSA SRV records */
extern BOOL dns_csa_use_reverse; /* Check CSA in reverse DNS? (non-standard) */
+extern int dns_cname_loops; /* Follow CNAMEs returned by resolver to this depth */
extern uschar *dns_ipv4_lookup; /* For these domains, don't look for AAAA (or A6) */
#ifdef SUPPORT_DANE
extern int dns_dane_ok; /* Ok to use DANE when checking TLS authenticity */
git://git.exim.org / exim.git / blobdiff