OCSP observability: variables $tls_{in,out}_ocsp

[exim.git] / src / src / spool_out.c

diff --git a/src/src/spool_out.c b/src/src/spool_out.c
index 5df2a414e98f7c196b723c6c3c5b2619a5e3ef12..de81786b30d7525c95ec012fe133b653cb98ce4a 100644 (file)
--- a/src/src/spool_out.c
+++ b/src/src/spool_out.c
@@ -93,10 +93,12 @@ double-check the mode because the group setting doesn't always get set
 automatically. */
 
 if (fd >= 0)
-  {
-  (void)fchown(fd, exim_uid, exim_gid);
-  (void)fchmod(fd, SPOOL_MODE);
-  }
+  if (fchown(fd, exim_uid, exim_gid) || fchmod(fd, SPOOL_MODE))
+    {
+    DEBUG(D_any) debug_printf("failed setting perms on %s\n", temp_name);
+    (void) close(fd); fd = -1;
+    Uunlink(temp_name);
+    }
 
 return fd;
 }
@@ -227,9 +229,20 @@ if (bmi_verdicts != NULL) fprintf(f, "-bmi_verdicts %s\n", bmi_verdicts);
 
 #ifdef SUPPORT_TLS
 if (tls_in.certificate_verified) fprintf(f, "-tls_certificate_verified\n");
-if (tls_in.cipher != NULL)       fprintf(f, "-tls_cipher %s\n", tls_in.cipher);
-if (tls_in.peerdn != NULL)       fprintf(f, "-tls_peerdn %s\n", string_printing(tls_in.peerdn));
-if (tls_in.sni != NULL)                 fprintf(f, "-tls_sni %s\n",    string_printing(tls_in.sni));
+if (tls_in.cipher)       fprintf(f, "-tls_cipher %s\n", tls_in.cipher);
+if (tls_in.peercert)
+  {
+  (void) tls_export_cert(big_buffer, big_buffer_size, tls_in.peercert);
+  fprintf(f, "-tls_peercert %s\n", CS big_buffer);
+  }
+if (tls_in.peerdn)       fprintf(f, "-tls_peerdn %s\n", string_printing(tls_in.peerdn));
+if (tls_in.sni)                 fprintf(f, "-tls_sni %s\n",    string_printing(tls_in.sni));
+if (tls_in.ourcert)
+  {
+  (void) tls_export_cert(big_buffer, big_buffer_size, tls_in.ourcert);
+  fprintf(f, "-tls_ourcert %s\n", CS big_buffer);
+  }
+if (tls_in.ocsp)        fprintf(f, "-tls_ocsp %d\n",   tls_in.ocsp);
 #endif
 
 /* To complete the envelope, write out the tree of non-recipients, followed by