ARC: better diagnostics for keyfile issues

[exim.git] / src / src / dkim.c

diff --git a/src/src/dkim.c b/src/src/dkim.c
index 043fcc6dc790e55d0d02195b3e70a0a61c1ec084..317f6e50dd2460551386528998f9c613e81f8cf9 100644 (file)
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -30,10 +30,11 @@ pdkim_ctx dkim_sign_ctx;
 
 int dkim_verify_oldpool;
 pdkim_ctx *dkim_verify_ctx = NULL;
-pdkim_signature *dkim_signatures = NULL;
 pdkim_signature *dkim_cur_sig = NULL;
 static const uschar * dkim_collect_error = NULL;
 
+#define DKIM_MAX_SIGNATURES 20
+
 
 
 /*XXX the caller only uses the first record if we return multiple.
@@ -115,7 +116,7 @@ if (dkim_verify_ctx)
 /* Create new context */
 
 dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing);
-dkim_collect_input = !!dkim_verify_ctx;
+dkim_collect_input = dkim_verify_ctx ? DKIM_MAX_SIGNATURES : 0;
 dkim_collect_error = NULL;
 
 /* Start feed up with any cached data */
@@ -137,7 +138,7 @@ if (  dkim_collect_input
   dkim_collect_error = pdkim_errstr(rc);
   log_write(0, LOG_MAIN,
             "DKIM: validation error: %.100s", dkim_collect_error);
-  dkim_collect_input = FALSE;
+  dkim_collect_input = 0;
   }
 store_pool = dkim_verify_oldpool;
 }
@@ -309,11 +310,12 @@ if (dkim_collect_error)
   goto out;
   }
 
-dkim_collect_input = FALSE;
+dkim_collect_input = 0;
 
 /* Finish DKIM operation and fetch link to signatures chain */
 
-rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures, &errstr);
+rc = pdkim_feed_finish(dkim_verify_ctx, (pdkim_signature **)&dkim_signatures,
+                       &errstr);
 if (rc != PDKIM_OK && errstr)
   log_write(0, LOG_MAIN, "DKIM: validation error: %s", errstr);
 
@@ -395,7 +397,7 @@ for (sig = dkim_signatures; sig; sig = sig->next)
     them here. This is easy since a domain and selector is guaranteed
     to be in a signature. The other dkim_* expansion items are
     dynamically fetched from dkim_cur_sig at expansion time (see
-    function below). */
+    dkim_exim_expand_query() below). */
 
     dkim_cur_sig = sig;
     dkim_signing_domain = US sig->domain;
@@ -632,7 +634,6 @@ if (dkim_domain)
   for this domain. */
 
   if (!(dkim_sel = expand_string(dkim->dkim_selector)))
-  if (!(dkim_signing_selector = expand_string(dkim->dkim_selector)))
     { errwhen = US"dkim_selector"; goto expand_bad; }
 
   while ((dkim_signing_selector = string_nextinlist(&dkim_sel, &sel_sep,
@@ -814,7 +815,7 @@ for (sig = dkim_signatures; sig; sig = sig->next)
           g = string_cat(g, US"permerror (overlong public key record)\n\t\t"); break;
         case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD:
         case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT:
-          g = string_cat(g, US"neutral (syntax error in public key record)\n\t\t");
+          g = string_cat(g, US"neutral (public key record import problem)\n\t\t");
           break;
         case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR:
           g = string_cat(g, US"neutral (signature tag missing or invalid)\n\t\t");