X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/aded22555eeb31bc032f9bc58a83762981a58391..1a2e76e1676bf405a464a233950a95012533c227:/src/src/globals.h

diff --git a/src/src/globals.h b/src/src/globals.h
index f71f104e2..533def981 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -88,6 +88,8 @@ typedef struct {
   int     tlsa_usage;         /* TLSA record(s) usage */
 #endif
   uschar *cipher;             /* Cipher used */
+  const uschar *cipher_stdname; /* Cipher used, RFC version */
+  
   BOOL    on_connect;         /* For older MTAs that don't STARTTLS */
   uschar *on_connect_ports;   /* Ports always tls-on-connect */
   void   *ourcert;            /* Certificate we presented, binary */
@@ -101,11 +103,17 @@ typedef struct {
     OCSP_FAILED,		/* verify failed */
     OCSP_VFIED			/* verified */
     }     ocsp;		      /* Stapled OCSP status */
+#ifdef EXPERIMENTAL_TLS_RESUME
+  unsigned resumption;		/* Session resumption */
+  BOOL	  host_resumable:1;
+  BOOL	  ticket_received:1;
+#endif
+  BOOL	  verify_override:1;	/* certificate_verified only due to tls_try_verify_hosts */
 } tls_support;
 extern tls_support tls_in;
 extern tls_support tls_out;
 
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
 extern BOOL    gnutls_compat_mode;     /* Less security, more compatibility */
 extern BOOL    gnutls_allow_auto_pkcs11; /* Let GnuTLS autoload PKCS11 modules */
 extern uschar *openssl_options;        /* OpenSSL compatibility options */
@@ -120,13 +128,11 @@ extern uschar *tls_eccurve;            /* EC curve */
 extern uschar *tls_ocsp_file;          /* OCSP stapling proof file */
 # endif
 extern uschar *tls_privatekey;         /* Private key file */
-# ifdef EXPERIMENTAL_REQUIRETLS
-extern uschar  tls_requiretls;         /* REQUIRETLS active for this message */
-extern uschar *tls_advertise_requiretls; /* hosts for which REQUIRETLS adv */
-extern const pcre *regex_REQUIRETLS;   /* for recognising the command */
-# endif
 extern BOOL    tls_remember_esmtp;     /* For YAEB */
 extern uschar *tls_require_ciphers;    /* So some can be avoided */
+# ifdef EXPERIMENTAL_TLS_RESUME
+extern uschar *tls_resumption_hosts;   /* TLS session resumption */
+# endif
 extern uschar *tls_try_verify_hosts;   /* Optional client verification */
 extern uschar *tls_verify_certificates;/* Path for certificates to check */
 extern uschar *tls_verify_hosts;       /* Mandatory client verification */
@@ -193,7 +199,7 @@ extern struct global_flags {
 #ifndef DISABLE_DKIM
  BOOL   dkim_disable_verify		:1; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */
 #endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
  BOOL   dmarc_has_been_checked		:1; /* Global variable to check if test has been called yet */
  BOOL   dmarc_disable_verify		:1; /* Set via ACL control statement. When set, DMARC verification is disabled for the current message */
  BOOL   dmarc_enable_forensic		:1; /* Set via ACL control statement. When set, DMARC forensic reports are enabled for the current message */
@@ -251,7 +257,7 @@ extern struct global_flags {
  BOOL   sender_name_forced		:1; /* Set by -F */
  BOOL   sender_set_untrusted		:1; /* Sender set by untrusted caller */
  BOOL   smtp_authenticated		:1; /* Sending client has authenticated */
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
  BOOL   smtp_in_early_pipe_advertised	:1; /* server advertised PIPE_CONNECT */
  BOOL	smtp_in_early_pipe_no_auth	:1; /* too many authenticator names */
  BOOL   smtp_in_early_pipe_used		:1; /* client did send early data */
@@ -497,12 +503,15 @@ extern void   *dkim_signatures;	       /* Actually a (pdkim_signature *) but mos
 extern uschar *dkim_signers;           /* Expansion variable, holds colon-separated list of domains and identities that have signed a message */
 extern uschar *dkim_signing_domain;    /* Expansion variable, domain used for signing a message. */
 extern uschar *dkim_signing_selector;  /* Expansion variable, selector used for signing a message. */
+extern uschar *dkim_verify_hashes;     /* Preference order for signatures */
+extern uschar *dkim_verify_keytypes;   /* Preference order for signatures */
+extern BOOL    dkim_verify_minimal;    /* Shortcircuit signture verification */
 extern uschar *dkim_verify_overall;    /* First successful domain verified, or null */
 extern uschar *dkim_verify_signers;    /* Colon-separated list of domains for each of which we call the DKIM ACL */
 extern uschar *dkim_verify_status;     /* result for this signature */
 extern uschar *dkim_verify_reason;     /* result for this signature */
 #endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
 extern uschar *dmarc_domain_policy;    /* Expansion for declared policy of used domain */
 extern uschar *dmarc_forensic_sender;  /* Set sender address for forensic reports */
 extern uschar *dmarc_history_file;     /* Expansion variable, file to store dmarc results */
@@ -740,7 +749,7 @@ extern uschar *override_pid_file_path; /* Value of -oP argument */
 
 extern uschar *percent_hack_domains;   /* Local domains for which '% operates */
 extern uschar *pid_file_path;          /* For writing daemon pids */
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
 extern uschar *pipe_connect_advertise_hosts; /* for banner/EHLO pipelining */
 #endif
 extern uschar *pipelining_advertise_hosts; /* As it says */
@@ -751,7 +760,7 @@ extern BOOL    prdr_requested;         /* Connecting mail server wants PRDR */
 extern BOOL    preserve_message_logs;  /* Save msglog files */
 extern uschar *primary_hostname;       /* Primary name of this computer */
 extern BOOL    print_topbitchars;      /* Topbit chars are printing chars */
-extern uschar  process_info[];         /* For SIGUSR1 output */
+extern uschar *process_info;           /* For SIGUSR1 output */
 extern int     process_info_len;
 extern uschar *process_log_path;       /* Alternate path */
 extern BOOL    prod_requires_admin;    /* TRUE if prodding requires admin */
@@ -795,6 +804,7 @@ extern uschar *raw_active_hostname;    /* Pre-expansion */
 extern uschar *raw_sender;             /* Before rewriting */
 extern uschar **raw_recipients;        /* Before rewriting */
 extern int     raw_recipients_count;
+extern const uschar * rc_names[];      /* Mostly for debug output */
 extern int     rcpt_count;             /* Count of RCPT commands in a message */
 extern int     rcpt_fail_count;        /* Those that got 5xx */
 extern int     rcpt_defer_count;       /* Those that got 4xx */
@@ -822,7 +832,7 @@ extern const pcre  *regex_CHUNKING;    /* For recognizing CHUNKING (RFC 3030) */
 extern const pcre  *regex_IGNOREQUOTA; /* For recognizing IGNOREQUOTA (LMTP) */
 extern const pcre  *regex_PIPELINING;  /* For recognizing PIPELINING */
 extern const pcre  *regex_SIZE;        /* For recognizing SIZE settings */
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
 extern const pcre  *regex_EARLY_PIPE;  /* For recognizing PIPE_CONNCT */
 #endif
 extern const pcre  *regex_ismsgid;     /* Compiled r.e. for message it */
@@ -853,6 +863,7 @@ extern router_info routers_available[];/* Vector of available routers */
 extern router_instance *routers;       /* Chain of instantiated routers */
 extern router_instance router_defaults;/* Default values */
 extern uschar *router_name;            /* Name of router last started */
+extern tree_node *router_var;	       /* Variables set by router */
 extern ip_address_item *running_interfaces; /* Host's running interfaces */
 extern uschar *running_status;         /* Flag string for testing */
 extern int     runrc;                  /* rc from ${run} */