From: Jeremy Harris Date: Sat, 20 Jan 2024 12:38:15 +0000 (+0000) Subject: TLS: fix startup after forced-fail X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/fe105877d57ac7e05a4333e0d072f232d212b9fe TLS: fix startup after forced-fail Broken-by: cf0c61644d7d, ce93c6d840d5, 520ef00f56ce --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 40e8a9e7e..14cd45d85 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -86,6 +86,13 @@ JH/17 Bug 3064: Fix combination of "-q -R ". Introduction of JH/18 Bug 3068: Log a warning for use of deprecated syntax in query-style lookups. +JH/19 Fix TLS startup. When the last expansion done before the initiation of a + TLS session resulted in a forced-fail, a misleading error was logged for + the expansino of tls_certificates. This would affect the common case of + that option being set (main-section options) but not having any vriable + parts. It could also potentially affect tls_privatekeys. The underlyding + coding errors go back to 4.90 but were only exposed in 4.97. + Exim version 4.97 ----------------- diff --git a/src/src/expand.c b/src/src/expand.c index 9a88d38ca..f9813133d 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -8558,13 +8558,12 @@ Returns: the expanded string, or NULL if expansion failed; if failure was const uschar * expand_string_2(const uschar * string, BOOL * textonly_p) { +f.expand_string_forcedfail = f.search_find_defer = malformed_header = FALSE; if (Ustrpbrk(string, "$\\") != NULL) { int old_pool = store_pool; uschar * s; - f.search_find_defer = FALSE; - malformed_header = FALSE; store_pool = POOL_MAIN; s = expand_string_internal(string, ESI_HONOR_DOLLAR, NULL, NULL, textonly_p); store_pool = old_pool; diff --git a/src/src/tls.c b/src/src/tls.c index b6c5d70e1..e6203b768 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -105,7 +105,10 @@ expand_check(const uschar * s, const uschar * name, uschar ** result, uschar ** errstr) { if (!s) + { + f.expand_string_forcedfail = FALSE; *result = NULL; + } else if ( !(*result = expand_string(US s)) /* need to clean up const more */ && !f.expand_string_forcedfail )