Support AUTH for verify-callout and cutthrough-delivery.

[exim.git] / src / src / verify.c

diff --git a/src/src/verify.c b/src/src/verify.c
index a1b8142a9e75346571e47685374cde0e36078105..ea7869d25df85f93e2d66b2d88cf7100de2073f5 100644 (file)
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -634,12 +634,14 @@ else
       else
         {
         int rc = tls_client_start(inblock.sock, host, addr,
-        NULL,                    /* No DH param */
         ob->tls_certificate, ob->tls_privatekey,
         ob->tls_sni,
         ob->tls_verify_certificates, ob->tls_crl,
-        ob->tls_require_ciphers,     ob->tls_dh_min_bits,
-        callout);
+        ob->tls_require_ciphers,
+#ifdef EXPERIMENTAL_OCSP
+        ob->hosts_require_ocsp,
+#endif
+        ob->tls_dh_min_bits,         callout);
 
         /* TLS negotiation failed; give an error.  Try in clear on a new connection,
            if the options permit it for this host. */
@@ -720,11 +722,18 @@ else
         }
       }
 
+    /* Try to AUTH */
+
+    else done = smtp_auth(responsebuffer, sizeof(responsebuffer),
+       addr, host, ob, esmtp, &inblock, &outblock) == OK  &&
+
+    /* Build a mail-AUTH string (re-using responsebuffer for convenience */
+      !smtp_mail_auth_str(responsebuffer, sizeof(responsebuffer), addr, ob)  &&
+
     /* Send the MAIL command */
 
-    else done =
-      smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
-        from_address) >= 0 &&
+      smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>%s\r\n",
+        from_address, responsebuffer) >= 0 &&
       smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
         '2', callout);