uschar *server_cipher_list;
/* only passed down to tls_error: */
host_item *host;
- uschar * verify_cert_hostnames;
+ const uschar * verify_cert_hostnames;
#ifdef EXPERIMENTAL_EVENT
uschar * event_action;
#endif
}
else
{
- uschar * verify_cert_hostnames;
+ const uschar * verify_cert_hostnames;
tlsp->peerdn = txt;
tlsp->peercert = X509_dup(cert);
# endif
{
int sep = 0;
- uschar * list = verify_cert_hostnames;
+ const uschar * list = verify_cert_hostnames;
uschar * name;
int rc;
while ((name = string_nextinlist(&list, &sep, NULL, 0)))
set but both tls_verify_hosts and tls_try_verify_hosts is not set. Check only
the specified host patterns if one of them is defined */
-if ( (!ob->tls_verify_hosts && !ob->tls_try_verify_hosts)
+if ( ( !ob->tls_verify_hosts
+ && (!ob->tls_try_verify_hosts || !*ob->tls_try_verify_hosts)
+ )
|| (verify_check_given_host(&ob->tls_verify_hosts, host) == OK)
)
client_verify_optional = FALSE;
return OK;
log_write(0, LOG_MAIN, "DANE error: No usable TLSA records");
-return FAIL;
+return DEFER;
}
#endif /*EXPERIMENTAL_DANE*/