Testsuite: tidying

[exim.git] / src / src / tls.c

diff --git a/src/src/tls.c b/src/src/tls.c
index 825313a9a25de7f25792fab31deb8ecabda96941..0e9a7c5345a36f57d1c7a965f094b82e1407d687 100644 (file)
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) The Exim Maintainers 2020 - 2022 */
+/* Copyright (c) The Exim Maintainers 2020 - 2023 */
 /* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
 /* SPDX-License-Identifier: GPL-2.0-or-later */
@@ -40,13 +40,16 @@ functions from the OpenSSL or GNU TLS libraries. */
 static void tls_per_lib_daemon_init(void);
 static void tls_per_lib_daemon_tick(void);
 static unsigned  tls_server_creds_init(void);
-static void tls_server_creds_invalidate(void);
 static void tls_client_creds_init(transport_instance *, BOOL);
-static void tls_client_creds_invalidate(transport_instance *);
 static void tls_daemon_creds_reload(void);
 static BOOL opt_set_and_noexpand(const uschar *);
 static BOOL opt_unset_or_noexpand(const uschar *);
 
+#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
+static void tls_server_creds_invalidate(void);
+static void tls_client_creds_invalidate(transport_instance *);
+#endif
+
 
 
 /* This module is compiled only when it is specifically requested in the
@@ -105,7 +108,10 @@ expand_check(const uschar * s, const uschar * name,
   uschar ** result, uschar ** errstr)
 {
 if (!s)
+  {
+  f.expand_string_forcedfail = FALSE;
   *result = NULL;
+  }
 else if (  !(*result = expand_string(US s)) /* need to clean up const more */
        && !f.expand_string_forcedfail
        )
@@ -321,7 +327,9 @@ tls_client_creds_reload(BOOL watch)
 for(transport_instance * t = transports; t; t = t->next)
   if (Ustrcmp(t->driver_name, "smtp") == 0)
     {
+#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
     tls_client_creds_invalidate(t);
+#endif
     tls_client_creds_init(t, watch);
     }
 }
@@ -357,7 +365,9 @@ unsigned lifetime;
 tls_watch_invalidate();
 #endif
 
+#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
 tls_server_creds_invalidate();
+#endif
 
 /* _expire is for a time-limited selfsign server cert */
 tls_creds_expire = (lifetime = tls_server_creds_init())
@@ -670,21 +680,24 @@ Returns:
 BOOL
 tls_is_name_for_cert(const uschar * namelist, void * cert)
 {
-uschar * altnames = tls_cert_subject_altname(cert, US"dns");
-uschar * subjdn;
-uschar * certname;
+uschar * altnames, * subjdn, * certname, * cmpname;
 int cmp_sep = 0;
-uschar * cmpname;
 
 if ((altnames = tls_cert_subject_altname(cert, US"dns")))
   {
   int alt_sep = '\n';
+  DEBUG(D_tls|D_lookup) debug_printf_indent("cert has SAN\n");
   while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0)))
     {
     const uschar * an = altnames;
+    DEBUG(D_tls|D_lookup) debug_printf_indent(" %s in SANs?", cmpname);
     while ((certname = string_nextinlist(&an, &alt_sep, NULL, 0)))
       if (is_name_match(cmpname, certname))
+       {
+       DEBUG(D_tls|D_lookup) debug_printf_indent("  yes (matched %s)\n", certname);
        return TRUE;
+       }
+    DEBUG(D_tls|D_lookup) debug_printf_indent(" no (end of SAN list)\n");
     }
   }
 
@@ -696,13 +709,18 @@ else if ((subjdn = tls_cert_subject(cert, NULL)))
   while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0)))
     {
     const uschar * sn = subjdn;
+    DEBUG(D_tls|D_lookup) debug_printf_indent(" %s in SN?", cmpname);
     while ((certname = string_nextinlist(&sn, &sn_sep, NULL, 0)))
       if (  *certname++ == 'C'
         && *certname++ == 'N'
         && *certname++ == '='
         && is_name_match(cmpname, certname)
         )
+       {
+       DEBUG(D_tls|D_lookup) debug_printf_indent("  yes (matched %s)\n", certname);
        return TRUE;
+       }
+    DEBUG(D_tls|D_lookup) debug_printf_indent(" no (end of CN)\n");
     }
   }
 return FALSE;