From 6742503035564e057edc7d3eba88b108f7d3d74c Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 26 Aug 2020 23:59:28 +0100 Subject: [PATCH] Fix non-DANE build (cherry picked from commit 651946cbf8e3849687332049730e5fa23d42b4b7) --- src/src/smtp_out.c | 2 +- src/src/transport.c | 6 +++++- src/src/transports/smtp.c | 15 ++++++++++----- test/stderr/2013 | 4 ---- test/stderr/2113 | 4 ---- test/stderr/2135 | 1 - 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c index 86c3e4127..c4c409677 100644 --- a/src/src/smtp_out.c +++ b/src/src/smtp_out.c @@ -375,7 +375,7 @@ smtp_port_for_connect(host_item * host, int port) { if (host->port != PORT_NONE) { - HDEBUG(D_transport|D_acl|D_v) + HDEBUG(D_transport|D_acl|D_v) if (port != host->port) debug_printf_indent("Transport port=%d replaced by host-specific port=%d\n", port, host->port); port = host->port; diff --git a/src/src/transport.c b/src/src/transport.c index b1cda55fd..609fd128c 100644 --- a/src/src/transport.c +++ b/src/src/transport.c @@ -1907,7 +1907,11 @@ if (smtp_peer_options & OPTION_TLS) if (tls_out.sni) { - argv[i++] = tls_out.dane_verified ? US"-MCr" : US"-MCs"; + argv[i++] = +#ifdef SUPPORT_DANE + tls_out.dane_verified ? US"-MCr" : +#endif + US"-MCs"; argv[i++] = tls_out.sni; } } diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 7fc2a48bb..77335af09 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -1991,7 +1991,6 @@ if (sx->smtps) } #endif -#ifdef SUPPORT_DANE /* If we have a proxied TLS connection, check usability for this message */ if (continue_hostname && continue_proxy_cipher) @@ -1999,8 +1998,10 @@ if (continue_hostname && continue_proxy_cipher) int rc; const uschar * sni = US""; +#ifdef SUPPORT_DANE /* Check if the message will be DANE-verified; if so force its SNI */ + tls_out.dane_verified = FALSE; smtp_port_for_connect(sx->conn_args.host, sx->port); if ( sx->conn_args.host->dnssec == DS_YES && ( sx->dane_required @@ -2024,15 +2025,17 @@ if (continue_hostname && continue_proxy_cipher) # endif return rc; } +#endif - /* If the SNI required for the new message differs from the existing conn - drop the connection to force a new one. */ + /* If the SNI or the DANE status required for the new message differs from the + existing conn drop the connection to force a new one. */ if (ob->tls_sni && !(sni = expand_cstring(ob->tls_sni))) log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's tls_sni value: %s", sx->addrlist->address, expand_string_message); +#ifdef SUPPORT_DANE if ( (continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni) && continue_proxy_dane == sx->conn_args.dane) { @@ -2040,6 +2043,10 @@ if (continue_hostname && continue_proxy_cipher) if ((tls_out.dane_verified = continue_proxy_dane)) sx->conn_args.host->dnssec = DS_YES; } +#else + if ((continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni)) + tls_out.sni = US sni; +#endif else { DEBUG(D_transport) @@ -2048,7 +2055,6 @@ if (continue_hostname && continue_proxy_cipher) HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> QUIT\n"); write(0, "QUIT\r\n", 6); close(0); - tls_out.dane_verified = FALSE; continue_hostname = continue_proxy_cipher = NULL; f.continue_more = FALSE; continue_sequence = 1; /* Unfortunately, this process cannot affect success log @@ -2056,7 +2062,6 @@ if (continue_hostname && continue_proxy_cipher) back through reporting pipe. */ } } -#endif /* Make a connection to the host if this isn't a continued delivery, and handle diff --git a/test/stderr/2013 b/test/stderr/2013 index 682b53efc..f3c5421e3 100644 --- a/test/stderr/2013 +++ b/test/stderr/2013 @@ -45,7 +45,6 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid -Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM: SIZE=ssss SMTP>> RCPT TO: SMTP>> DATA @@ -65,7 +64,6 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid -Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM: SIZE=ssss SMTP>> RCPT TO: SMTP>> DATA @@ -133,7 +131,6 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid -Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM: SIZE=ssss SMTP>> RCPT TO: SMTP>> DATA @@ -153,7 +150,6 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid -Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM: SIZE=ssss SMTP>> RCPT TO: SMTP>> DATA diff --git a/test/stderr/2113 b/test/stderr/2113 index 6ccdea8c7..9541b65a2 100644 --- a/test/stderr/2113 +++ b/test/stderr/2113 @@ -45,7 +45,6 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid -Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM: SIZE=ssss SMTP>> RCPT TO: SMTP>> DATA @@ -65,7 +64,6 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid -Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM: SIZE=ssss SMTP>> RCPT TO: SMTP>> DATA @@ -133,7 +131,6 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid -Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM: SIZE=ssss SMTP>> RCPT TO: SMTP>> DATA @@ -153,7 +150,6 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid -Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM: SIZE=ssss SMTP>> RCPT TO: SMTP>> DATA diff --git a/test/stderr/2135 b/test/stderr/2135 index 7187d0d3e..70759060f 100644 --- a/test/stderr/2135 +++ b/test/stderr/2135 @@ -54,7 +54,6 @@ checking status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userb@test.ex) Transport port=25 replaced by host-specific port=1225 -Transport port=25 replaced by host-specific port=1225 continued connection, proxied TLS SMTP>> DATA cmd buf flush ddd bytes -- 2.30.2