static struct {
BOOL auth_advertised :1;
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
BOOL tls_advertised :1;
#endif
BOOL dsn_advertised :1;
BOOL helo_verify :1;
BOOL helo_seen :1;
BOOL helo_accept_junk :1;
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
BOOL pipe_connect_acceptable :1;
#endif
BOOL rcpt_smtp_response_same :1;
{ "helo", sizeof("helo")-1, HELO_CMD, TRUE, FALSE },
{ "ehlo", sizeof("ehlo")-1, EHLO_CMD, TRUE, FALSE },
{ "auth", sizeof("auth")-1, AUTH_CMD, TRUE, TRUE },
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
{ "starttls", sizeof("starttls")-1, STARTTLS_CMD, FALSE, FALSE },
{ "tls_auth", 0, TLS_AUTH_CMD, FALSE, FALSE },
#endif
fd_set fds;
struct timeval tzero;
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
if (tls_in.active.sock >= 0)
return !tls_could_read();
#endif
}
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
static BOOL
pipeline_connect_sends(void)
{
/* Now write the string */
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
if (tls_in.active.sock >= 0)
{
if (tls_write(NULL, gs.s, gs.ptr, more) < 0)
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
/* Append TLS-related information to a log line
Arguments:
s_tlslog(gstring * g)
{
if (LOGGING(tls_cipher) && tls_in.cipher)
+ {
g = string_append(g, 2, US" X=", tls_in.cipher);
+#ifdef EXPERIMENTAL_TLS_RESUME
+ if (LOGGING(tls_resumption) && tls_in.resumption & RESUME_USED)
+ g = string_catn(g, US"*", 1);
+#endif
+ }
if (LOGGING(tls_certificate_verified) && tls_in.cipher)
g = string_append(g, 2, US" CV=", tls_in.certificate_verified? "yes":"no");
if (LOGGING(tls_peerdn) && tls_in.peerdn)
if (authenticated_id) g = string_append(g, 2, US":", authenticated_id);
}
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
g = s_tlslog(g);
#endif
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
static BOOL
smtp_log_tls_fail(uschar * errstr)
{
sender_host_auth_pubname = sender_host_authenticated = NULL;
authenticated_by = NULL;
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
tls_in.cipher = tls_in.peerdn = NULL;
tls_in.ourcert = tls_in.peercert = NULL;
tls_in.sni = NULL;
/* Start up TLS if tls_on_connect is set. This is for supporting the legacy
smtps port for use with older style SSL MTAs. */
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
if (tls_in.on_connect)
{
if (tls_server_start(tls_require_ciphers, &user_msg) != OK)
/* Before we write the banner, check that there is no input pending, unless
this synchronisation check is disabled. */
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
fl.pipe_connect_acceptable =
sender_host_address && verify_check_host(&pipe_connect_advertise_hosts) == OK;
/*XXX the ehlo-resp code does its own tls/nontls bit. Maybe subroutine that? */
smtp_printf("%s",
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
fl.pipe_connect_acceptable && pipeline_connect_sends(),
#else
FALSE,
if (log_reject_target != 0)
{
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
gstring * g = s_tlslog(NULL);
uschar * tls = string_from_gstring(g);
if (!tls) tls = US"";
else
smtp_printf("221 %s closing connection\r\n", FALSE, smtp_active_hostname);
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
tls_close(NULL, TLS_SHUTDOWN_NOWAIT);
#endif
cmd_list[CMD_LIST_RSET].is_mail_cmd = TRUE;
cmd_list[CMD_LIST_HELO].is_mail_cmd = TRUE;
cmd_list[CMD_LIST_EHLO].is_mail_cmd = TRUE;
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
cmd_list[CMD_LIST_STARTTLS].is_mail_cmd = TRUE;
#endif
#endif
switch(smtp_read_command(
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
!fl.pipe_connect_acceptable,
#else
TRUE,
host_build_sender_fullhost(); /* Rebuild */
break;
}
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
else if (!fl.pipe_connect_acceptable && !check_sync())
#else
else if (!check_sync())
fl.auth_advertised = FALSE;
f.smtp_in_pipelining_advertised = FALSE;
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
fl.tls_advertised = FALSE;
#endif
fl.dsn_advertised = FALSE;
sync_cmd_limit = NON_SYNC_CMD_PIPELINING;
f.smtp_in_pipelining_advertised = TRUE;
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
if (fl.pipe_connect_acceptable)
{
f.smtp_in_early_pipe_advertised = TRUE;
tls_advertise_hosts. We must *not* advertise if we are already in a
secure connection. */
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
if (tls_in.active.sock < 0 &&
verify_check_host(&tls_advertise_hosts) != FAIL)
{
/* Terminate the string (for debug), write it, and note that HELO/EHLO
has been seen. */
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
if (tls_in.active.sock >= 0)
(void)tls_write(NULL, g->s, g->ptr,
-# ifdef EXPERIMENTAL_PIPE_CONNECT
+# ifdef SUPPORT_PIPE_CONNECT
fl.pipe_connect_acceptable && pipeline_connect_sends());
# else
FALSE);
f.dot_ends = TRUE;
DATA_BDAT: /* Common code for DATA and BDAT */
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
fl.pipe_connect_acceptable = FALSE;
#endif
if (!discarded && recipients_count <= 0)
break;
- #ifdef SUPPORT_TLS
+ #ifndef DISABLE_TLS
case STARTTLS_CMD:
HAD(SCH_STARTTLS);
uschar buffer[256];
buffer[0] = 0;
Ustrcat(buffer, " AUTH");
- #ifdef SUPPORT_TLS
+ #ifndef DISABLE_TLS
if (tls_in.active.sock < 0 &&
verify_check_host(&tls_advertise_hosts) != FAIL)
Ustrcat(buffer, " STARTTLS");