* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2014 */
+/* Copyright (c) University of Cambridge 1995 - 2015 */
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
FALSE, /* gethostbyname */
TRUE, /* dns_qualify_single */
FALSE, /* dns_search_parents */
- NULL, /* dnssec_request_domains */
- NULL, /* dnssec_require_domains */
+ { NULL, NULL }, /* dnssec_domains {request,require} */
TRUE, /* delay_after_cutoff */
FALSE, /* hosts_override */
FALSE, /* hosts_randomize */
default:
case DNS_FAIL:
if (dane_required)
- {
- log_write(0, LOG_MAIN, "DANE error: TLSA lookup failed");
return FAIL;
- }
break;
case DNS_SUCCEED:
BOOL dsn_all_lasthop = TRUE;
#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
BOOL dane = FALSE;
-BOOL dane_required;
+BOOL dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK;
dns_answer tlsa_dnsa;
#endif
smtp_inblock inblock;
tls_out.dane_verified = FALSE;
tls_out.tlsa_usage = 0;
- dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK;
-
if (host->dnssec == DS_YES)
{
if( ( dane_required
|| verify_check_given_host(&ob->hosts_try_dane, host) == OK
)
&& (rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK
+ && dane_required /* do not error on only dane-requested */
)
{
set_errno(addrlist, ERRNO_DNSDEFER,
string_sprintf("DANE error: tlsa lookup %s",
rc == DEFER ? "DEFER" : "FAIL"),
rc, FALSE, NULL);
- return rc;
+ return rc;
}
}
else if (dane_required)
git://git.exim.org / exim.git / blobdiff