dns_scan dnss;
dns_record * rr;
for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
- rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_TLSA)
- {
- uint16_t payload_length = rr->size - 3;
- uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
+ rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
+ if (rr->type == T_TLSA && rr->size > 3)
+ {
+ uint16_t payload_length = rr->size - 3;
+ uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
- sp += sprintf(CS sp, "%d ", *p++); /* usage */
- sp += sprintf(CS sp, "%d ", *p++); /* selector */
- sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
- while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
- sp += sprintf(CS sp, "%02x", *p++);
+ sp += sprintf(CS sp, "%d ", *p++); /* usage */
+ sp += sprintf(CS sp, "%d ", *p++); /* selector */
+ sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
+ while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
+ sp += sprintf(CS sp, "%02x", *p++);
- debug_printf(" %s\n", s);
- }
+ debug_printf(" %s\n", s);
+ }
}
return OK;
}
/* TLS negotiation failed; give an error. From outside, this function may
be called again to try in clear on a new connection, if the options permit
it for this host. */
+ DEBUG(D_tls) debug_printf("TLS session fail: %s\n", errstr);
# ifdef SUPPORT_DANE
if (sx->dane)
BOOL no_flush;
uschar * rcpt_addr;
- if (tcp_out_fastopen && !f.tcp_out_fastopen_logged)
+ if (tcp_out_fastopen != TFO_NOT_USED && !f.tcp_out_fastopen_logged)
{
setflag(addr, af_tcp_fastopen_conn);
- if (tcp_out_fastopen > 1) setflag(addr, af_tcp_fastopen);
+ if (tcp_out_fastopen >= TFO_USED) setflag(addr, af_tcp_fastopen);
}
addr->dsn_aware = sx->peer_offered & OPTION_DSN
"hosts_max_try (message older than host's retry time)\n");
}
}
+ if (f.running_in_test_harness) millisleep(500); /* let server debug out */
} /* End of loop for trying multiple hosts. */
/* If we failed to find a matching host in the list, for an already-open