Add hosts_verify_avoid_tls option to smtp transport.

[exim.git] / src / src / verify.c

diff --git a/src/src/verify.c b/src/src/verify.c
index 6d31b8256ceaead4619486171021d71ef0a60bf0..eaab14dc97bd2361070d7837fa35bedbd8e744ca 100644 (file)
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -498,7 +498,7 @@ else
     tls_retry_connection:
 
     inblock.sock = outblock.sock =
-      smtp_connect(host, host_af, port, interface, callout_connect, TRUE);
+      smtp_connect(host, host_af, port, interface, callout_connect, TRUE, NULL);
     /* reconsider DSCP here */
     if (inblock.sock < 0)
       {
@@ -601,7 +601,10 @@ else
     #ifdef SUPPORT_TLS
     if (tls_offered &&
        verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
-         host->address, NULL) != OK)
+         host->address, NULL) != OK &&
+       verify_check_this_host(&(ob->hosts_verify_avoid_tls), NULL, host->name,
+         host->address, NULL) != OK
+       )
       {
       uschar buffer2[4096];
       if (  !smtps
@@ -635,8 +638,7 @@ else
         ob->tls_certificate, ob->tls_privatekey,
         ob->tls_sni,
         ob->tls_verify_certificates, ob->tls_crl,
-        ob->tls_require_ciphers,
-        ob->gnutls_require_mac, ob->gnutls_require_kx, ob->gnutls_require_proto,
+        ob->tls_require_ciphers,     ob->tls_dh_min_bits,
         callout);
 
         /* TLS negotiation failed; give an error.  Try in clear on a new connection,