ACL: Permit the "encrypted" condition to be used in a HELO/EHLO ACL

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index f8ab5da0c33b71ece8ac47c0fe846d257cc2d1a2..db37c22bb34a5f1fb3df277870f8ae72c470634d 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -75,6 +75,12 @@ JH/16 Move running the smtp connect ACL to before, for TLS-on-connect ports,
       Also, avoid sending any SMTP fail response for either the connect ACL
       or host_reject_connection, for TLS-on-connect ports.
 
+JH/17 Permit the ACL "encrypted" condition to be used in a HELO/EHLO ACL,
+      Previously this was not permitted, but it makes reasonable sense.
+      While there, restore a restriction on using it from a connect ACL; given
+      the change JH/16 it could only return false (and before 4.91 was not
+      permitted).
+
 
 Exim version 4.96
 -----------------

diff --git a/src/src/acl.c b/src/src/acl.c
index 8e1d924575284d0b3787e258084376f6d8b9e8bc..74b59b0fe7f13c895140825cd4a46499c1aadb26 100644 (file)
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -223,7 +223,7 @@ static condition_def conditions[] = {
   },
   [ACLC_ENCRYPTED] =           { US"encrypted",        FALSE, FALSE,
                                  ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START |
-                                   ACL_BIT_HELO,
+                                   ACL_BIT_CONNECT
   },
 
   [ACLC_ENDPASS] =             { US"endpass",  TRUE, TRUE,     0 },