git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
TLS: rework client-side use with an explicit context rather than a global
[exim.git]
/
src
/
src
/
dkim_transport.c
diff --git
a/src/src/dkim_transport.c
b/src/src/dkim_transport.c
index 866df263f047dc72b8cb3811ea48e930ca01d412..db3db91809b6d7a55e0f0cedae82a4456bfe8024 100644
(file)
--- a/
src/src/dkim_transport.c
+++ b/
src/src/dkim_transport.c
@@
-56,7
+56,7
@@
DEBUG(D_transport) debug_printf("send file fd=%d\n", out_fd);
to the socket. However only if we don't use TLS,
as then there's another layer of indirection
before the data finally hits the socket. */
to the socket. However only if we don't use TLS,
as then there's another layer of indirection
before the data finally hits the socket. */
-if (tls_out.active != out_fd)
+if (tls_out.active
.sock
!= out_fd)
{
ssize_t copied = 0;
{
ssize_t copied = 0;
@@
-84,8
+84,8
@@
else
while (sread)
{
#ifdef SUPPORT_TLS
while (sread)
{
#ifdef SUPPORT_TLS
- wwritten = tls_out.active == out_fd
- ? tls_write(
FALSE
, p, sread, FALSE)
+ wwritten = tls_out.active
.sock
== out_fd
+ ? tls_write(
tls_out.active.tls_ctx
, p, sread, FALSE)
: write(out_fd, CS p, sread);
#else
wwritten = write(out_fd, CS p, sread);
: write(out_fd, CS p, sread);
#else
wwritten = write(out_fd, CS p, sread);
@@
-150,8
+150,14
@@
if (!rc) return FALSE;
/* Get signatures for headers plus spool data file */
/* Get signatures for headers plus spool data file */
-dkim->dot_stuffed = !!(save_options & topt_end_dot);
+#ifdef EXPERIMENTAL_ARC
+arc_sign_init();
+#endif
+
+/* The dotstuffed status of the datafile depends on whether it was stored
+in wireformat. */
+dkim->dot_stuffed = spool_file_wireformat;
if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET,
hdrs, dkim, &errstr)))
if (!(rc = dkt_sign_fail(dkim, &errno)))
if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET,
hdrs, dkim, &errstr)))
if (!(rc = dkt_sign_fail(dkim, &errno)))
@@
-160,6
+166,18
@@
if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET,
return FALSE;
}
return FALSE;
}
+#ifdef EXPERIMENTAL_ARC
+if (dkim->arc_signspec) /* Prepend ARC headers */
+ {
+ uschar * e;
+ if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, &e)))
+ {
+ *err = e;
+ return FALSE;
+ }
+ }
+#endif
+
/* Write the signature and headers into the deliver-out-buffer. This should
mean they go out in the same packet as the MAIL, RCPT and (first) BDAT commands
(transport_write_message() sizes the BDAT for the buffered amount) - for short
/* Write the signature and headers into the deliver-out-buffer. This should
mean they go out in the same packet as the MAIL, RCPT and (first) BDAT commands
(transport_write_message() sizes the BDAT for the buffered amount) - for short
@@
-253,7
+271,13
@@
if (!rc)
goto CLEANUP;
}
goto CLEANUP;
}
-/* Feed the file to the goats^W DKIM lib */
+#ifdef EXPERIMENTAL_ARC
+arc_sign_init();
+#endif
+
+/* Feed the file to the goats^W DKIM lib. At this point the dotstuffed
+status of the file depends on the output of transport_write_message() just
+above, which should be the result of the end_dot flag in tctx->options. */
dkim->dot_stuffed = !!(options & topt_end_dot);
if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr)))
dkim->dot_stuffed = !!(options & topt_end_dot);
if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr)))
@@
-268,6
+292,15
@@
if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr)))
else
dlen = dkim_signature->ptr;
else
dlen = dkim_signature->ptr;
+#ifdef EXPERIMENTAL_ARC
+if (dkim->arc_signspec) /* Prepend ARC headers */
+ {
+ if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, USS err)))
+ goto CLEANUP;
+ dlen = dkim_signature->ptr;
+ }
+#endif
+
#ifndef OS_SENDFILE
if (options & topt_use_bdat)
#endif
#ifndef OS_SENDFILE
if (options & topt_use_bdat)
#endif
@@
-351,7
+384,8
@@
dkim_transport_write_message(transport_ctx * tctx,
{
/* If we can't sign, just call the original function. */
{
/* If we can't sign, just call the original function. */
-if (!(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector))
+if ( !(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector)
+ && !dkim->force_bodyhash)
return transport_write_message(tctx, 0);
/* If there is no filter command set up, construct the message and calculate
return transport_write_message(tctx, 0);
/* If there is no filter command set up, construct the message and calculate