/* These variables are outside the #ifdef because it keeps the code less
cluttered in several places (e.g. during logging) if we can always refer to
-them. Also, the tls_ variables are now always visible. */
+them. Also, the tls_ variables are now always visible. Note that these are
+only used for smtp connections, not for service-daemon access. */
tls_support tls_in = {
- .active = -1,
+ .active = {.sock = -1},
.bits = 0,
.certificate_verified = FALSE,
#ifdef SUPPORT_DANE
.ocsp = OCSP_NOT_REQ
};
tls_support tls_out = {
- .active = -1,
+ .active = {.sock = -1},
.bits = 0,
.certificate_verified = FALSE,
#ifdef SUPPORT_DANE
uschar *tls_privatekey = NULL;
BOOL tls_remember_esmtp = FALSE;
uschar *tls_require_ciphers = NULL;
+# ifdef EXPERIMENTAL_REQUIRETLS
+uschar tls_requiretls = 0; /* REQUIRETLS_MSG etc. bit #defines */
+uschar *tls_advertise_requiretls = US"*";
+const pcre *regex_REQUIRETLS = NULL;
+# endif
uschar *tls_try_verify_hosts = NULL;
uschar *tls_verify_certificates= US"system";
uschar *tls_verify_hosts = NULL;
.delivery = FALSE, /* when to attempt */
.defer_pass = FALSE, /* on defer: spool locally */
.is_tls = FALSE, /* not a TLS conn yet */
- .fd = -1, /* open connection */
+ .cctx = {.sock = -1}, /* open connection */
.nrcpt = 0, /* number of addresses */
};
BOOL disable_logging = FALSE;
#ifndef DISABLE_DKIM
-BOOL dkim_collect_input = FALSE;
+unsigned dkim_collect_input = 0;
uschar *dkim_cur_signer = NULL;
BOOL dkim_disable_verify = FALSE;
int dkim_key_length = 0;
uschar *dns_again_means_nonexist = NULL;
int dns_csa_search_limit = 5;
BOOL dns_csa_use_reverse = TRUE;
+int dns_cname_loops = 1;
#ifdef SUPPORT_DANE
int dns_dane_ok = -1;
#endif
#endif
BOOL split_spool_directory = FALSE;
+FILE *spool_data_file = NULL;
uschar *spool_directory = US SPOOL_DIRECTORY
"\0<--------------Space to patch spool_directory->";
BOOL spool_file_wireformat = FALSE;