DKIM: support timestamp and expiry tags in signing. Bug 2260
[users/jgh/exim.git] / src / src / transports / smtp.c
index bd1e20d7fc3a35667af2e79d9a71a71fc09ac1a2..6d7085881d76c88fe8d6fb681ebaf5f1f7da0130 100644 (file)
@@ -63,6 +63,8 @@ optionlist smtp_transport_options[] = {
       (void *)offsetof(smtp_transport_options_block, dkim.dkim_sign_headers) },
   { "dkim_strict", opt_stringptr,
       (void *)offsetof(smtp_transport_options_block, dkim.dkim_strict) },
+  { "dkim_timestamps", opt_stringptr,
+      (void *)offsetof(smtp_transport_options_block, dkim.dkim_timestamps) },
 #endif
   { "dns_qualify_single",   opt_bool,
       (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
@@ -295,6 +297,7 @@ smtp_transport_options_block smtp_transport_option_defaults = {
     .dkim_sign_headers =       NULL,
     .dkim_strict =             NULL,
     .dkim_hash =               US"sha256",
+    .dkim_timestamps =         NULL,
     .dot_stuffed =             FALSE,
     .force_bodyhash =          FALSE,
 # ifdef EXPERIMENTAL_ARC
@@ -3004,15 +3007,21 @@ else
     uschar * s = sx.ob->arc_sign;
     if (s)
       {
-      if (!(sx.ob->dkim.arc_signspec = expand_string(s)))
+      if (!(sx.ob->dkim.arc_signspec = s = expand_string(s)))
        {
-       message = US"failed to expand arc_sign";
-       sx.ok = FALSE;
-       goto SEND_FAILED;
+       if (!expand_string_forcedfail)
+         {
+         message = US"failed to expand arc_sign";
+         sx.ok = FALSE;
+         goto SEND_FAILED;
+         }
+       }
+      else if (*s)
+       {
+       /* Ask dkim code to hash the body for ARC */
+       (void) arc_ams_setup_sign_bodyhash();
+       sx.ob->dkim.force_bodyhash = TRUE;
        }
-      /* Ask dkim code to hash the body for ARC */
-      (void) arc_ams_setup_sign_bodyhash();
-      sx.ob->dkim.force_bodyhash = TRUE;
       }
     }
 # endif