OpenSSSL: support write-with-more-intent in client

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 4566baa366897dab87df16a671d8eb9c4033a06d..8f888824f3b1f7195670eb4deffdf83afb8ec1ef 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2898,6 +2898,7 @@ Used by both server-side and client-side TLS.
 int
 tls_write(void * ct_ctx, const uschar *buff, size_t len, BOOL more)
 {
+size_t olen = len;
 int outbytes, error;
 SSL * ssl = ct_ctx ? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl : server_ssl;
 static gstring * corked = NULL;
@@ -2909,10 +2910,11 @@ DEBUG(D_tls) debug_printf("%s(%p, %lu%s)\n", __FUNCTION__,
 "more" is notified.  This hack is only ok if small amounts are involved AND only
 one stream does it, in one context (i.e. no store reset).  Currently it is used
 for the responses to the received SMTP MAIL , RCPT, DATA sequence, only. */
-/*XXX + if PIPE_COMMAND, banner & ehlo-resp for smmtp-on-connect. Suspect there's
-a store reset there. */
+/* + if PIPE_COMMAND, banner & ehlo-resp for smmtp-on-connect. Suspect there's
+a store reset there, so use POOL_PERM. */
+/* + if CHUNKING, cmds EHLO,MAIL,RCPT(s),BDAT */
 
-if (!ct_ctx && (more || corked))
+if ((more || corked))
   {
 #ifdef EXPERIMENTAL_PIPE_CONNECT
   int save_pool = store_pool;
@@ -2965,7 +2967,7 @@ for (int left = len; left > 0;)
       return -1;
     }
   }
-return len;
+return olen;
 }
 
 

diff --git a/test/confs/4060 b/test/confs/4060
index 935d49fe189f62453ab4547c2f659ee8e578e659..a87c3d6b276e13891bc541d6e31308702d85c918 100644 (file)
--- a/test/confs/4060
+++ b/test/confs/4060
@@ -25,6 +25,8 @@ tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
 # Avoid ECDHE key-exchange so that we can wireshark-decode
 .ifdef _HAVE_GNUTLS
 tls_require_ciphers = NORMAL:-KX-ALL:+RSA
+.else
+tls_require_ciphers = DEFAULT:!kECDHE
 .endif
 
 pipelining_connect_advertise_hosts = *