logmsg = string_append(logmsg, 2, "d=", s);
if (!(s = sig->selector)) s = US"<UNSET>";
logmsg = string_append(logmsg, 2, " s=", s);
-logmsg = string_append(logmsg, 7,
- " c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
- "/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
- " a=", dkim_sig_to_a_tag(sig),
-string_sprintf(" b=" SIZE_T_FMT,
- (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0));
+logmsg = string_fmt_append(logmsg, " c=%s/%s a=%s b=" SIZE_T_FMT,
+ sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
+ sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
+ dkim_sig_to_a_tag(sig),
+ (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : (size_t)0);
if ((s= sig->identity)) logmsg = string_append(logmsg, 2, " i=", s);
-if (sig->created > 0) logmsg = string_cat(logmsg,
- string_sprintf(" t=%lu", sig->created));
-if (sig->expires > 0) logmsg = string_cat(logmsg,
- string_sprintf(" x=%lu", sig->expires));
-if (sig->bodylength > -1) logmsg = string_cat(logmsg,
- string_sprintf(" l=%lu", sig->bodylength));
+if (sig->created > 0) logmsg = string_fmt_append(logmsg, " t=%lu",
+ sig->created);
+if (sig->expires > 0) logmsg = string_fmt_append(logmsg, " x=%lu",
+ sig->expires);
+if (sig->bodylength > -1) logmsg = string_fmt_append(logmsg, " l=%lu",
+ sig->bodylength);
if (sig->verify_status & PDKIM_VERIFY_POLICY)
logmsg = string_append(logmsg, 5,
log_write(0, LOG_MAIN,
"DKIM: Error during validation, disabling signature verification: %.100s",
dkim_collect_error);
- dkim_disable_verify = TRUE;
+ f.dkim_disable_verify = TRUE;
goto out;
}
dkim_verify_reason = US"";
dkim_cur_signer = id;
-if (dkim_disable_verify || !id || !dkim_verify_ctx)
+if (f.dkim_disable_verify || !id || !dkim_verify_ctx)
return OK;
/* Find signatures to run ACL on */
uschar *
dkim_exim_expand_query(int what)
{
-if (!dkim_verify_ctx || dkim_disable_verify || !dkim_cur_sig)
+if (!dkim_verify_ctx || f.dkim_disable_verify || !dkim_cur_sig)
return dkim_exim_expand_defaults(what);
switch (what)
uschar * dkim_private_key_expanded;
uschar * dkim_hash_expanded;
uschar * dkim_identity_expanded = NULL;
+ uschar * dkim_timestamps_expanded = NULL;
+ unsigned long tval = 0, xval = 0;
/* Get canonicalization to use */
else if (!*dkim_identity_expanded)
dkim_identity_expanded = NULL;
+ if (dkim->dkim_timestamps)
+ if (!(dkim_timestamps_expanded = expand_string(dkim->dkim_timestamps)))
+ { errwhen = US"dkim_timestamps"; goto expand_bad; }
+ else
+ xval = (tval = (unsigned long) time(NULL))
+ + strtoul(CCS dkim_timestamps_expanded, NULL, 10);
+
if (!(sig = pdkim_init_sign(&dkim_sign_ctx, dkim_signing_domain,
dkim_signing_selector,
dkim_private_key_expanded,
CS dkim_sign_headers_expanded,
CS dkim_identity_expanded,
pdkim_canon,
- pdkim_canon, -1, 0, 0);
+ pdkim_canon, -1, tval, xval);
if (!pdkim_set_sig_bodyhash(&dkim_sign_ctx, sig))
goto bad;