git://git.exim.org
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
4650b31
)
Fix cert-try-verify when denied by event action
author
Jeremy Harris
<jgh146exb@wizmail.org>
Sun, 26 Oct 2014 22:14:03 +0000
(22:14 +0000)
committer
Jeremy Harris
<jgh146exb@wizmail.org>
Sun, 26 Oct 2014 22:14:03 +0000
(22:14 +0000)
src/src/tls-openssl.c
patch
|
blob
|
history
diff --git
a/src/src/tls-openssl.c
b/src/src/tls-openssl.c
index 25d523274fd1b39b8f08fc42e25f86403d3d35c8..a2e1136d0d5f6f3aad466d2a588eb01350b08a6c 100644
(file)
--- a/
src/src/tls-openssl.c
+++ b/
src/src/tls-openssl.c
@@
-305,7
+305,6
@@
if (state == 0)
depth,
X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509ctx)),
txt);
depth,
X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509ctx)),
txt);
- tlsp->certificate_verified = FALSE;
*calledp = TRUE;
if (!*optionalp)
{
*calledp = TRUE;
if (!*optionalp)
{
@@
-339,9
+338,11
@@
else if (depth != 0)
{
log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
"depth=%d cert=%s", depth, txt);
{
log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
"depth=%d cert=%s", depth, txt);
- tlsp->certificate_verified = FALSE;
*calledp = TRUE;
*calledp = TRUE;
- return 0; /* reject */
+ if (!*optionalp)
+ return 0; /* reject */
+ DEBUG(D_tls) debug_printf("Event-action verify failure overridden "
+ "(host in tls_try_verify_hosts)\n");
}
X509_free(tlsp->peercert);
tlsp->peercert = NULL;
}
X509_free(tlsp->peercert);
tlsp->peercert = NULL;
@@
-386,7
+387,11
@@
else
{
log_write(0, LOG_MAIN,
"SSL verify error: certificate name mismatch: \"%s\"\n", txt);
{
log_write(0, LOG_MAIN,
"SSL verify error: certificate name mismatch: \"%s\"\n", txt);
- return 0; /* reject */
+ *calledp = TRUE;
+ if (!*optionalp)
+ return 0; /* reject */
+ DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
+ "tls_try_verify_hosts)\n");
}
}
# else
}
}
# else
@@
-394,7
+399,11
@@
else
{
log_write(0, LOG_MAIN,
"SSL verify error: certificate name mismatch: \"%s\"\n", txt);
{
log_write(0, LOG_MAIN,
"SSL verify error: certificate name mismatch: \"%s\"\n", txt);
- return 0; /* reject */
+ *calledp = TRUE;
+ if (!*optionalp)
+ return 0; /* reject */
+ DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
+ "tls_try_verify_hosts)\n");
}
# endif
#endif /*EXPERIMENTAL_CERTNAMES*/
}
# endif
#endif /*EXPERIMENTAL_CERTNAMES*/
@@
-406,9
+415,11
@@
else
{
log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
"depth=0 cert=%s", txt);
{
log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
"depth=0 cert=%s", txt);
- tlsp->certificate_verified = FALSE;
*calledp = TRUE;
*calledp = TRUE;
- return 0; /* reject */
+ if (!*optionalp)
+ return 0; /* reject */
+ DEBUG(D_tls) debug_printf("Event-action verify failure overridden "
+ "(host in tls_try_verify_hosts)\n");
}
#endif
}
#endif