{ "regex_match_string", vtype_stringptr, ®ex_match_string },
#endif
{ "reply_address", vtype_reply, NULL },
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_REQUIRETLS)
- { "requiretls", vtype_bool, &tls_requiretls },
-#endif
{ "return_path", vtype_stringptr, &return_path },
{ "return_size_limit", vtype_int, &bounce_return_size_limit },
{ "router_name", vtype_stringptr, &router_name },
{ "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
{ "tls_in_peercert", vtype_cert, &tls_in.peercert },
{ "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
+#ifdef EXPERIMENTAL_TLS_RESUME
+ { "tls_in_resumption", vtype_int, &tls_in.resumption },
+#endif
#if defined(SUPPORT_TLS)
{ "tls_in_sni", vtype_stringptr, &tls_in.sni },
#endif
{ "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
{ "tls_out_peercert", vtype_cert, &tls_out.peercert },
{ "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
+#ifdef EXPERIMENTAL_TLS_RESUME
+ { "tls_out_resumption", vtype_int, &tls_out.resumption },
+#endif
#if defined(SUPPORT_TLS)
{ "tls_out_sni", vtype_stringptr, &tls_out.sni },
#endif
#ifdef SUPPORT_TLS
# undef vaguely_random_number
#endif
- static pid_t pid = 0;
- pid_t p2;
-#if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
- struct timeval tv;
-#endif
+static pid_t pid = 0;
+pid_t p2;
- p2 = getpid();
- if (p2 != pid)
+if ((p2 = getpid()) != pid)
+ {
+ if (pid != 0)
{
- if (pid != 0)
- {
#ifdef HAVE_ARC4RANDOM
- /* cryptographically strong randomness, common on *BSD platforms, not
- so much elsewhere. Alas. */
-#ifndef NOT_HAVE_ARC4RANDOM_STIR
- arc4random_stir();
-#endif
+ /* cryptographically strong randomness, common on *BSD platforms, not
+ so much elsewhere. Alas. */
+# ifndef NOT_HAVE_ARC4RANDOM_STIR
+ arc4random_stir();
+# endif
#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
-#ifdef HAVE_SRANDOMDEV
- /* uses random(4) for seeding */
- srandomdev();
-#else
- gettimeofday(&tv, NULL);
- srandom(tv.tv_sec | tv.tv_usec | getpid());
-#endif
+# ifdef HAVE_SRANDOMDEV
+ /* uses random(4) for seeding */
+ srandomdev();
+# else
+ {
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+ srandom(tv.tv_sec | tv.tv_usec | getpid());
+ }
+# endif
#else
- /* Poor randomness and no seeding here */
+ /* Poor randomness and no seeding here */
#endif
- }
- pid = p2;
}
+ pid = p2;
+ }
#ifdef HAVE_ARC4RANDOM
- return arc4random() % max;
+return arc4random() % max;
#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
- return random() % max;
+return random() % max;
#else
- /* This one returns a 16-bit number, definitely not crypto-strong */
- return random_number(max);
+/* This one returns a 16-bit number, definitely not crypto-strong */
+return random_number(max);
#endif
}
client_conn_ctx cctx;
int timeout = 5;
int save_ptr = yield->ptr;
- FILE * fp;
+ FILE * fp = NULL;
uschar * arg;
uschar * sub_arg[4];
uschar * server_name = NULL;
port = ntohs(service_info->s_port);
}
- /*XXX we trust that the request is idempotent. Hmm. */
+ /*XXX we trust that the request is idempotent for TFO. Hmm. */
cctx.sock = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
timeout, &host, &expand_string_message,
do_tls ? NULL : &reqstr);
reqstr.data);
if ( (
#ifdef SUPPORT_TLS
- cctx.tls_ctx ? tls_write(cctx.tls_ctx, reqstr.data, reqstr.len, FALSE) :
+ do_tls ? tls_write(cctx.tls_ctx, reqstr.data, reqstr.len, FALSE) :
#endif
write(cctx.sock, reqstr.data, reqstr.len)) != reqstr.len)
{
system doesn't have this function, make it conditional. */
#ifdef SHUT_WR
- if (!cctx.tls_ctx && do_shutdown) shutdown(cctx.sock, SHUT_WR);
+ if (!do_tls && do_shutdown) shutdown(cctx.sock, SHUT_WR);
#endif
if (f.running_in_test_harness) millisleep(100);
/* Now we need to read from the socket, under a timeout. The function
that reads a file can be used. */
- if (!cctx.tls_ctx)
+ if (!do_tls)
fp = fdopen(cctx.sock, "rb");
sigalrm_seen = FALSE;
ALARM(timeout);
yield =
#ifdef SUPPORT_TLS
- cctx.tls_ctx ? cat_file_tls(cctx.tls_ctx, yield, sub_arg[3]) :
+ do_tls ? cat_file_tls(cctx.tls_ctx, yield, sub_arg[3]) :
#endif
cat_file(fp, yield, sub_arg[3]);
ALARM_CLR(0);
#ifdef SUPPORT_TLS
- if (cctx.tls_ctx)
+ if (do_tls)
{
tls_close(cctx.tls_ctx, TRUE);
close(cctx.sock);