X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/0e8aed8aab2d2b68d1f6e6b0b2985de2bd6d2a73..2bc0f45ec0637be57e5d87b576a72cac71ccaf81:/src/src/dkim.c

diff --git a/src/src/dkim.c b/src/src/dkim.c
index f400f7441..edbeded5e 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -33,6 +33,8 @@ pdkim_ctx *dkim_verify_ctx = NULL;
 pdkim_signature *dkim_cur_sig = NULL;
 static const uschar * dkim_collect_error = NULL;
 
+#define DKIM_MAX_SIGNATURES 20
+
 
 
 /*XXX the caller only uses the first record if we return multiple.
@@ -114,7 +116,7 @@ if (dkim_verify_ctx)
 /* Create new context */
 
 dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing);
-dkim_collect_input = !!dkim_verify_ctx;
+dkim_collect_input = dkim_verify_ctx ? DKIM_MAX_SIGNATURES : 0;
 dkim_collect_error = NULL;
 
 /* Start feed up with any cached data */
@@ -136,7 +138,7 @@ if (  dkim_collect_input
   dkim_collect_error = pdkim_errstr(rc);
   log_write(0, LOG_MAIN,
 	     "DKIM: validation error: %.100s", dkim_collect_error);
-  dkim_collect_input = FALSE;
+  dkim_collect_input = 0;
   }
 store_pool = dkim_verify_oldpool;
 }
@@ -308,7 +310,7 @@ if (dkim_collect_error)
   goto out;
   }
 
-dkim_collect_input = FALSE;
+dkim_collect_input = 0;
 
 /* Finish DKIM operation and fetch link to signatures chain */
 
@@ -643,6 +645,8 @@ if (dkim_domain)
     uschar * dkim_private_key_expanded;
     uschar * dkim_hash_expanded;
     uschar * dkim_identity_expanded = NULL;
+    uschar * dkim_timestamps_expanded = NULL;
+    unsigned long tval = 0, xval = 0;
 
     /* Get canonicalization to use */
 
@@ -693,6 +697,13 @@ if (dkim_domain)
       else if (!*dkim_identity_expanded)
 	dkim_identity_expanded = NULL;
 
+    if (dkim->dkim_timestamps)
+      if (!(dkim_timestamps_expanded = expand_string(dkim->dkim_timestamps)))
+	{ errwhen = US"dkim_timestamps"; goto expand_bad; }
+      else
+	xval = (tval = (unsigned long) time(NULL))
+	      + strtoul(dkim_timestamps_expanded, NULL, 10);
+
     if (!(sig = pdkim_init_sign(&dkim_sign_ctx, dkim_signing_domain,
 			  dkim_signing_selector,
 			  dkim_private_key_expanded,
@@ -706,7 +717,7 @@ if (dkim_domain)
 			CS dkim_sign_headers_expanded,
 			CS dkim_identity_expanded,
 			pdkim_canon,
-			pdkim_canon, -1, 0, 0);
+			pdkim_canon, -1, tval, xval);
 
     if (!pdkim_set_sig_bodyhash(&dkim_sign_ctx, sig))
       goto bad;