The split of these variables into _in and _out sets introduced by d9b231
in 4.82 was incomplete, leaving the deprecated legacy variables nonfunctional
during a transport and associated client authenticator.
Fix by repointing the legacy set to the outbound connection set at
transport startup (and do not clear out the inbound set at this
time, either).
is a combined value of both the record presence and the result of the
analysis.
is a combined value of both the record presence and the result of the
analysis.
+JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455.
+
+
Exim version 4.82
-----------------
Exim version 4.82
-----------------
#ifndef USE_GNUTLS
extern BOOL tls_openssl_options_parse(uschar *, long *);
#endif
#ifndef USE_GNUTLS
extern BOOL tls_openssl_options_parse(uschar *, long *);
#endif
extern uschar *strstric(uschar *, uschar *, BOOL);
extern uschar *tod_stamp(int);
extern uschar *strstric(uschar *, uschar *, BOOL);
extern uschar *tod_stamp(int);
+extern void tls_modify_variables(tls_support *);
extern BOOL transport_check_waiting(uschar *, uschar *, int, uschar *,
BOOL *);
extern void transport_init(void);
extern BOOL transport_check_waiting(uschar *, uschar *, int, uschar *,
BOOL *);
extern void transport_init(void);
+void
+tls_modify_variables(tls_support * dest_tsp)
+{
+modify_variable(US"tls_bits", &dest_tsp->bits);
+modify_variable(US"tls_certificate_verified", &dest_tsp->certificate_verified);
+modify_variable(US"tls_cipher", &dest_tsp->cipher);
+modify_variable(US"tls_peerdn", &dest_tsp->peerdn);
+#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+modify_variable(US"tls_sni", &dest_tsp->sni);
+#endif
+}
+
/* Reset the parameters of a TLS session. */
/* Reset the parameters of a TLS session. */
-tls_in.bits = 0;
-tls_in.cipher = NULL; /* for back-compatible behaviour */
-tls_in.peerdn = NULL;
-#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
-tls_in.sni = NULL;
-#endif
-
tls_out.bits = 0;
tls_out.cipher = NULL; /* the one we may use for this transport */
tls_out.peerdn = NULL;
tls_out.bits = 0;
tls_out.cipher = NULL; /* the one we may use for this transport */
tls_out.peerdn = NULL;
tls_out.sni = NULL;
#endif
tls_out.sni = NULL;
#endif
+/* Flip the legacy TLS-related variables over to the outbound set in case
+they're used in the context of the transport. Don't bother resetting
+afterward as we're in a subprocess. */
+
+tls_modify_variables(&tls_out);
+
#ifndef SUPPORT_TLS
if (smtps)
{
#ifndef SUPPORT_TLS
if (smtps)
{
they're used in the context of a transport used by verification. Reset them
at exit from this routine. */
they're used in the context of a transport used by verification. Reset them
at exit from this routine. */
-modify_variable(US"tls_bits", &tls_out.bits);
-modify_variable(US"tls_certificate_verified", &tls_out.certificate_verified);
-modify_variable(US"tls_cipher", &tls_out.cipher);
-modify_variable(US"tls_peerdn", &tls_out.peerdn);
-#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
-modify_variable(US"tls_sni", &tls_out.sni);
-#endif
+tls_modify_variables(&tls_out);
/* Save a copy of the sender address for re-instating if we change it to <>
while verifying a sender address (a nice bit of self-reference there). */
/* Save a copy of the sender address for re-instating if we change it to <>
while verifying a sender address (a nice bit of self-reference there). */
the -bv or -bt case). */
out:
the -bv or -bt case). */
out:
-
-modify_variable(US"tls_bits", &tls_in.bits);
-modify_variable(US"tls_certificate_verified", &tls_in.certificate_verified);
-modify_variable(US"tls_cipher", &tls_in.cipher);
-modify_variable(US"tls_peerdn", &tls_in.peerdn);
-#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
-modify_variable(US"tls_sni", &tls_in.sni);
-#endif
+tls_modify_variables(&tls_in);
hosts_require_auth = *
allow_localhost
hosts_require_auth = *
allow_localhost
+ # These can be made visible by adding "-d-all+deliver+transport+tls" to the script 1st queuerun
+ headers_add = X-tls-cipher: <$tls_cipher>
+ headers_add = X-tls-out-cipher: <$tls_out_cipher>
+