X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/ec4b68e5d820109e5954329013a911d4032bc4dc..44649fdb169979af3c5a08b10889d1ecee48a469:/src/src/dns.c

diff --git a/src/src/dns.c b/src/src/dns.c
index 95db52686..6efb88d58 100644
--- a/src/src/dns.c
+++ b/src/src/dns.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2012 */
+/* Copyright (c) University of Cambridge 1995 - 2014 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Functions for interfacing with the DNS. */
@@ -159,12 +159,13 @@ the first time we have been here, and set the resolver options.
 Arguments:
   qualify_single    TRUE to set the RES_DEFNAMES option
   search_parents    TRUE to set the RES_DNSRCH option
+  use_dnssec        TRUE to set the RES_USE_DNSSEC option
 
 Returns:            nothing
 */
 
 void
-dns_init(BOOL qualify_single, BOOL search_parents)
+dns_init(BOOL qualify_single, BOOL search_parents, BOOL use_dnssec)
 {
 res_state resp = os_get_dns_resolver_res();
 
@@ -206,28 +207,33 @@ if (dns_use_edns0 >= 0)
 #  ifndef RES_USE_EDNS0
 #   error Have RES_USE_DNSSEC but not RES_USE_EDNS0?  Something hinky ...
 #  endif
-if (dns_use_dnssec >= 0)
+if (use_dnssec)
+  resp->options |= RES_USE_DNSSEC;
+if (dns_dnssec_ok >= 0)
   {
-  if (dns_use_edns0 == 0 && dns_use_dnssec != 0)
+  if (dns_use_edns0 == 0 && dns_dnssec_ok != 0)
     {
     DEBUG(D_resolver)
-      debug_printf("CONFLICT: dns_use_edns0 forced false, dns_use_dnssec forced true!\n");
+      debug_printf("CONFLICT: dns_use_edns0 forced false, dns_dnssec_ok forced true, ignoring latter!\n");
     }
   else
     {
-    if (dns_use_dnssec)
+    if (dns_dnssec_ok)
       resp->options |= RES_USE_DNSSEC;
     else
       resp->options &= ~RES_USE_DNSSEC;
     DEBUG(D_resolver) debug_printf("Coerced resolver DNSSEC support %s.\n",
-        dns_use_dnssec ? "on" : "off");
+        dns_dnssec_ok ? "on" : "off");
     }
   }
 # else
-if (dns_use_dnssec >= 0)
+if (dns_dnssec_ok >= 0)
   DEBUG(D_resolver)
     debug_printf("Unable to %sset DNSSEC without resolver support.\n",
-        dns_use_dnssec ? "" : "un");
+        dns_dnssec_ok ? "" : "un");
+if (use_dnssec)
+  DEBUG(D_resolver)
+    debug_printf("Unable to set DNSSEC without resolver support.\n");
 # endif
 #endif /* DISABLE_DNSSEC */
 
@@ -479,6 +485,7 @@ switch(t)
   case T_SRV:   return US"SRV";
   case T_NS:    return US"NS";
   case T_CNAME: return US"CNAME";
+  case T_TLSA:  return US"TLSA";
   default:      return US"?";
   }
 }
@@ -1248,4 +1255,6 @@ else
 return yield;
 }
 
+/* vi: aw ai sw=2
+*/
 /* End of dns.c */