(void *)offsetof(smtp_transport_options_block, hosts_override) },
{ "hosts_randomize", opt_bool,
(void *)offsetof(smtp_transport_options_block, hosts_randomize) },
+#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_OCSP)
+ { "hosts_request_ocsp", opt_stringptr,
+ (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
+#endif
{ "hosts_require_auth", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
#ifdef SUPPORT_TLS
#endif
{ "hosts_try_auth", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
{ "hosts_try_prdr", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
#endif
NULL, /* serialize_hosts */
NULL, /* hosts_try_auth */
NULL, /* hosts_require_auth */
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
NULL, /* hosts_try_prdr */
#endif
#ifdef EXPERIMENTAL_OCSP
+ US"*", /* hosts_request_ocsp */
NULL, /* hosts_require_ocsp */
#endif
NULL, /* hosts_require_tls */
? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
: string_copy(addr->message)
: addr->basic_errno > 0
- ? string_copy(strerror(addr->basic_errno))
+ ? string_copy(US strerror(addr->basic_errno))
: NULL;
DEBUG(D_transport)
BOOL esmtp = TRUE;
BOOL pending_MAIL;
BOOL pass_message = FALSE;
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
BOOL prdr_offered = FALSE;
BOOL prdr_active;
#endif
#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
tls_out.sni = NULL;
#endif
+tls_out.ocsp = OCSP_NOT_REQ;
/* Flip the legacy TLS-related variables over to the outbound set in case
they're used in the context of the transport. Don't bother resetting
#ifndef SUPPORT_TLS
if (smtps)
{
- set_errno(addrlist, 0, US"TLS support not available", DEFER, FALSE);
- return ERROR;
+ set_errno(addrlist, 0, US"TLS support not available", DEFER, FALSE);
+ return ERROR;
}
#endif
PCRE_EOPT, NULL, 0) >= 0;
#endif
- #ifdef EXPERIMENTAL_PRDR
+ #ifndef DISABLE_PRDR
prdr_offered = esmtp &&
(pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
PCRE_EOPT, NULL, 0) >= 0) &&
else
TLS_NEGOTIATE:
{
- int rc = tls_client_start(inblock.sock,
- host,
- addrlist,
- ob->tls_certificate,
- ob->tls_privatekey,
- ob->tls_sni,
- ob->tls_verify_certificates,
- ob->tls_crl,
- ob->tls_require_ciphers,
-#ifdef EXPERIMENTAL_OCSP
- ob->hosts_require_ocsp,
-#endif
- ob->tls_dh_min_bits,
- ob->command_timeout,
- ob->tls_verify_hosts,
- ob->tls_try_verify_hosts);
+ int rc = tls_client_start(inblock.sock, host, addrlist, ob);
/* TLS negotiation failed; give an error. From outside, this function may
be called again to try in clear on a new connection, if the options permit
addr->ourcert = tls_out.ourcert;
addr->peercert = tls_out.peercert;
addr->peerdn = tls_out.peerdn;
+ addr->ocsp = tls_out.ocsp;
}
}
}
DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
smtp_use_pipelining? "" : "not ");
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
prdr_offered = esmtp &&
pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
PCRE_EOPT, NULL, 0) >= 0 &&
while (*p) p++;
}
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
prdr_active = FALSE;
if (prdr_offered)
{
smtp_command = US"end of data";
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
/* For PRDR we optionally get a partial-responses warning
* followed by the individual responses, before going on with
* the overall response. If we don't get the warning then deal
address. For temporary errors, add a retry item for the address so that
it doesn't get tried again too soon. */
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
if (lmtp || prdr_active)
#else
if (lmtp)
{
if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
addr->message = string_sprintf(
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
"%s error after %s: %s", prdr_active ? "PRDR":"LMTP",
#else
"LMTP error after %s: %s",
errno = ERRNO_DATA4XX;
addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
addr->transport_return = DEFER;
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
if (!prdr_active)
#endif
retry_add_item(addr, addr->address_retry_key, 0);
addr->host_used = thost;
addr->special_action = flag;
addr->message = conf;
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
if (prdr_active) addr->flags |= af_prdr_used;
#endif
flag = '-';
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
if (!prdr_active)
#endif
{
}
}
-#ifdef EXPERIMENTAL_PRDR
+#ifndef DISABLE_PRDR
if (prdr_active)
{
/* PRDR - get the final, overall response. For any non-success
addr->ourcert = NULL;
addr->peercert = NULL;
addr->peerdn = NULL;
+ addr->ocsp = OCSP_NOT_REQ;
#endif
}
return first_addr;
deliver_host = host->name;
deliver_host_address = host->address;
+ lookup_dnssec_authenticated = host->dnssec == DS_YES ? US"yes"
+ : host->dnssec == DS_NO ? US"no"
+ : US"";
/* Set up a string for adding to the retry key if the port number is not
the standard SMTP port. A host may have its own port setting that overrides