tidying

diff --git a/src/src/configure.default b/src/src/configure.default
index 424c8df6b0ae5f4fc04babe17067a372782d3666..d23ca3c66ea3b0d7d53fc0e44a1580cbe39338e2 100644 (file)
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -663,9 +663,6 @@ smarthost:
   transport = smarthost_smtp
   route_data = ROUTER_SMARTHOST
   ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
   transport = smarthost_smtp
   route_data = ROUTER_SMARTHOST
   ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1

-.ifdef _HAVE_DNSSEC
-  dnssec_request_domains = *
-.endif

   no_more
 
 .else
   no_more
 
 .else

diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index 9b86a488b5cc3c20d47cd673dc4a43af2aa3f663..6ed3529293257d73f432540eda4497654ccd40ab 100644 (file)
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -1085,52 +1085,52 @@ if (dane->selectors[DANESSL_USAGE_DANE_EE])
     }
   }
 
     }
   }
 

-  if (dane->selectors[DANESSL_USAGE_DANE_TA])
+if (dane->selectors[DANESSL_USAGE_DANE_TA])
+  {
+  if ((matched = set_trust_anchor(ctx, dane, cert)) < 0)

     {
     {

-    if ((matched = set_trust_anchor(ctx, dane, cert)) < 0)
-      {
-      X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM);
-      return -1;
-      }
-    if (matched)
-      {
-      /*
-       * Check that setting the untrusted chain updates the expected
-       * structure member at the expected offset.
-       */
-      X509_STORE_CTX_trusted_stack(ctx, dane->roots);
-      X509_STORE_CTX_set_chain(ctx, dane->chain);
-      OPENSSL_assert(dane->chain == X509_STORE_CTX_get0_untrusted(ctx));
-      }
+    X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM);
+    return -1;

     }
     }

+  if (matched)
+    {
+    /*
+     * Check that setting the untrusted chain updates the expected
+     * structure member at the expected offset.
+     */
+    X509_STORE_CTX_trusted_stack(ctx, dane->roots);
+    X509_STORE_CTX_set_chain(ctx, dane->chain);
+    OPENSSL_assert(dane->chain == X509_STORE_CTX_get0_untrusted(ctx));
+    }
+  }

 
 

-  /*
-   * Name checks and usage 0/1 constraint enforcement are delayed until
-   * X509_verify_cert() builds the full chain and calls our verify_chain()
-   * wrapper.
-   */
-  dane->verify = X509_STORE_CTX_get_verify(ctx);
-  X509_STORE_CTX_set_verify(ctx, verify_chain);
+/*
+ * Name checks and usage 0/1 constraint enforcement are delayed until
+ * X509_verify_cert() builds the full chain and calls our verify_chain()
+ * wrapper.
+ */
+dane->verify = X509_STORE_CTX_get_verify(ctx);
+X509_STORE_CTX_set_verify(ctx, verify_chain);

 
 

-  if (X509_verify_cert(ctx))
-    return 1;
+if (X509_verify_cert(ctx))
+  return 1;

 
 

-  /*
-   * If the chain is invalid, clear any matching cert or hostname, to
-   * protect callers that might erroneously rely on these alone without
-   * checking the validation status.
-   */
-  if (dane->match)
-    {
-    X509_free(dane->match);
-    dane->match = 0;
-    }
-  if (dane->mhost)
-    {
-    OPENSSL_free(dane->mhost);
-    dane->mhost = 0;
-    }
-   return 0;
+/*
+ * If the chain is invalid, clear any matching cert or hostname, to
+ * protect callers that might erroneously rely on these alone without
+ * checking the validation status.
+ */
+if (dane->match)
+  {
+  X509_free(dane->match);
+  dane->match = 0;
+  }
+if (dane->mhost)
+  {
+  OPENSSL_free(dane->mhost);
+  dane->mhost = 0;
+  }
+ return 0;

 }
 
 static dane_list
 }
 
 static dane_list

diff --git a/src/src/expand.c b/src/src/expand.c
index 8be10c14f4bc4645693ffbddeaa59ba87c1d6bee..9706f2a6be3b4c50ea5b5e827ed4f6b59f21b513 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -3516,7 +3516,7 @@ Returns:       nothing
 */
 
 static void
 */
 
 static void

-chash_start(int type, void *base)
+chash_start(int type, void * base)

 {
 if (type == HMAC_MD5)
   md5_start((md5 *)base);
 {
 if (type == HMAC_MD5)
   md5_start((md5 *)base);


@@ -3525,7 +3525,7 @@ else
 }
 
 static void
 }
 
 static void

-chash_mid(int type, void *base, uschar *string)
+chash_mid(int type, void * base, const uschar * string)

 {
 if (type == HMAC_MD5)
   md5_mid((md5 *)base, string);
 {
 if (type == HMAC_MD5)
   md5_mid((md5 *)base, string);


@@ -3534,7 +3534,8 @@ else
 }
 
 static void
 }
 
 static void

-chash_end(int type, void *base, uschar *string, int length, uschar *digest)
+chash_end(int type, void * base, const uschar * string, int length,
+  uschar * digest)

 {
 if (type == HMAC_MD5)
   md5_end((md5 *)base, string, length, digest);
 {
 if (type == HMAC_MD5)
   md5_end((md5 *)base, string, length, digest);

diff --git a/test/runtest b/test/runtest
index 6319f5b8163a03da8257e3ac107de3068edde037..095106b3a6d03c9626c4c861790331305081ccca 100755 (executable)
--- a/test/runtest
+++ b/test/runtest
@@ -3410,7 +3410,7 @@ while (not ($parm_ipv4 and $parm_ipv6) and defined($_ = <IFCONFIG>))
 
   if (not $parm_ipv4 and /^\s*inet(?:\saddr)?:?\s?(\d+\.\d+\.\d+\.\d+)(?:\/\d+)?\s/i)
     {
 
   if (not $parm_ipv4 and /^\s*inet(?:\saddr)?:?\s?(\d+\.\d+\.\d+\.\d+)(?:\/\d+)?\s/i)
     {

-    # It would ne nice to be able to vary the /16 used for manyhome; we could take
+    # It would be nice to be able to vary the /16 used for manyhome; we could take

     # an option to runtest used here - but we'd also have to pass it on to fakens.
     # Possibly an environment variable?
     next if $1 eq '0.0.0.0' or $1 =~ /^(?:127|10\.250)\./;
     # an option to runtest used here - but we'd also have to pass it on to fakens.
     # Possibly an environment variable?
     next if $1 eq '0.0.0.0' or $1 =~ /^(?:127|10\.250)\./;