Make smtp transport try server cert verify by default

[exim.git] / src / src / tls.c

diff --git a/src/src/tls.c b/src/src/tls.c
index cb7efffe9b4ccff06fcd386e28f6707e3f908c8c..1c631272050025a370219e597b130507b0dc8fbf 100644 (file)
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -80,6 +80,28 @@ return TRUE;
 }
 
 
+/*************************************************
+*        Timezone environment flipping           *
+*************************************************/
+
+static uschar *
+to_tz(uschar * tz)
+{
+  uschar * old = US getenv("TZ");
+  setenv("TZ", CS tz, 1);
+  tzset(); 
+  return old;
+}
+static void
+restore_tz(uschar * tz)
+{
+  if (tz)
+    setenv("TZ", CS tz, 1);
+  else
+    unsetenv("TZ");
+  tzset(); 
+}
+
 /*************************************************
 *        Many functions are package-specific     *
 *************************************************/
@@ -257,7 +279,6 @@ return list;
 }
 
 
-# ifdef EXPERIMENTAL_CERTNAMES
 /* Compare a domain name with a possibly-wildcarded name. Wildcards
 are restricted to a single one, as the first element of patterns
 having at least three dot-separated elements.  Case-independent.
@@ -313,10 +334,9 @@ if ((altnames = tls_cert_subject_altname(cert, US"dns")))
 else if ((subjdn = tls_cert_subject(cert, NULL)))
   {
   int sn_sep = ',';
-  uschar * sn;
 
   dn_to_list(subjdn);
-  while (cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0))
+  while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0)))
     {
     uschar * sn = subjdn;
     while ((certname = string_nextinlist(&sn, &sn_sep, NULL, 0)))
@@ -330,7 +350,6 @@ else if ((subjdn = tls_cert_subject(cert, NULL)))
   }
 return FALSE;
 }
-# endif        /*EXPERIMENTAL_CERTNAMES*/
 #endif /*SUPPORT_TLS*/
 
 /* vi: aw ai sw=2