constification

[exim.git] / src / src / tls-openssl.c

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index bb17821e474d37fc39c31ebd1fee204041b255c8..f28b2fbf5d49b4ab9b584227b3882c522f5cbf86 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -123,7 +123,7 @@ typedef struct tls_ext_ctx_cb {
   uschar *server_cipher_list;
   /* only passed down to tls_error: */
   host_item *host;
-  uschar * verify_cert_hostnames;
+  const uschar * verify_cert_hostnames;
 #ifdef EXPERIMENTAL_EVENT
   uschar * event_action;
 #endif
@@ -351,7 +351,7 @@ else if (depth != 0)
   }
 else
   {
-  uschar * verify_cert_hostnames;
+  const uschar * verify_cert_hostnames;
 
   tlsp->peerdn = txt;
   tlsp->peercert = X509_dup(cert);
@@ -369,7 +369,7 @@ else
 #  endif
     {
     int sep = 0;
-    uschar * list = verify_cert_hostnames;
+    const uschar * list = verify_cert_hostnames;
     uschar * name;
     int rc;
     while ((name = string_nextinlist(&list, &sep, NULL, 0)))
@@ -1686,7 +1686,9 @@ int rc;
    set but both tls_verify_hosts and tls_try_verify_hosts is not set. Check only
    the specified host patterns if one of them is defined */
 
-if (  (!ob->tls_verify_hosts && !ob->tls_try_verify_hosts)
+if (  (  !ob->tls_verify_hosts
+      && (!ob->tls_try_verify_hosts || !*ob->tls_try_verify_hosts)
+      )
    || (verify_check_given_host(&ob->tls_verify_hosts, host) == OK)
    )
   client_verify_optional = FALSE;
@@ -1762,7 +1764,7 @@ if (found)
   return OK;
 
 log_write(0, LOG_MAIN, "DANE error: No usable TLSA records");
-return FAIL;
+return DEFER;
 }
 #endif /*EXPERIMENTAL_DANE*/