X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Ftls.c;h=55295108c1315038968945d09e6a2c871f8b82d2;hb=93a680e4c9c899d86ff3fde0933fb5367b34af50;hp=b3d088df3479fd691b63ba762c2be8ff6a6e93be;hpb=bfbad1dddf8b26ef0e14e48a36edc4a8bf1425e4;p=exim.git diff --git a/src/src/tls.c b/src/src/tls.c index b3d088df3..55295108c 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2012 */ +/* Copyright (c) University of Cambridge 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is @@ -87,19 +87,20 @@ return TRUE; static uschar * to_tz(uschar * tz) { - uschar * old = US getenv("TZ"); - setenv("TZ", CS tz, 1); - tzset(); - return old; +uschar * old = US getenv("TZ"); +(void) setenv("TZ", CCS tz, 1); +tzset(); +return old; } + static void restore_tz(uschar * tz) { - if (tz) - setenv("TZ", CS tz, 1); - else - unsetenv("TZ"); - tzset(); +if (tz) + (void) setenv("TZ", CCS tz, 1); +else + (void) os_unsetenv(US"TZ"); +tzset(); } /************************************************* @@ -107,18 +108,18 @@ restore_tz(uschar * tz) *************************************************/ #ifdef USE_GNUTLS -#include "tls-gnu.c" -#include "tlscert-gnu.c" +# include "tls-gnu.c" +# include "tlscert-gnu.c" -#define ssl_xfer_buffer (state_server.xfer_buffer) -#define ssl_xfer_buffer_lwm (state_server.xfer_buffer_lwm) -#define ssl_xfer_buffer_hwm (state_server.xfer_buffer_hwm) -#define ssl_xfer_eof (state_server.xfer_eof) -#define ssl_xfer_error (state_server.xfer_error) +# define ssl_xfer_buffer (state_server.xfer_buffer) +# define ssl_xfer_buffer_lwm (state_server.xfer_buffer_lwm) +# define ssl_xfer_buffer_hwm (state_server.xfer_buffer_hwm) +# define ssl_xfer_eof (state_server.xfer_eof) +# define ssl_xfer_error (state_server.xfer_error) #else -#include "tls-openssl.c" -#include "tlscert-openssl.c" +# include "tls-openssl.c" +# include "tlscert-openssl.c" #endif @@ -254,7 +255,7 @@ Return: */ uschar * -tls_field_from_dn(uschar * dn, uschar * mod) +tls_field_from_dn(uschar * dn, const uschar * mod) { int insep = ','; uschar outsep = '\n'; @@ -272,7 +273,7 @@ while ((ele = string_nextinlist(&mod, &insep, NULL, 0))) dn_to_list(dn); insep = ','; len = match ? Ustrlen(match) : -1; -while ((ele = string_nextinlist(&dn, &insep, NULL, 0))) +while ((ele = string_nextinlist(CUSS &dn, &insep, NULL, 0))) if ( !match || Ustrncmp(ele, match, len) == 0 && ele[len] == '=' ) @@ -281,7 +282,6 @@ return list; } -# ifdef EXPERIMENTAL_CERTNAMES /* Compare a domain name with a possibly-wildcarded name. Wildcards are restricted to a single one, as the first element of patterns having at least three dot-separated elements. Case-independent. @@ -314,7 +314,7 @@ Returns: */ BOOL -tls_is_name_for_cert(uschar * namelist, void * cert) +tls_is_name_for_cert(const uschar * namelist, void * cert) { uschar * altnames = tls_cert_subject_altname(cert, US"dns"); uschar * subjdn; @@ -327,7 +327,7 @@ if ((altnames = tls_cert_subject_altname(cert, US"dns"))) int alt_sep = '\n'; while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0))) { - uschar * an = altnames; + const uschar * an = altnames; while ((certname = string_nextinlist(&an, &alt_sep, NULL, 0))) if (is_name_match(cmpname, certname)) return TRUE; @@ -341,7 +341,7 @@ else if ((subjdn = tls_cert_subject(cert, NULL))) dn_to_list(subjdn); while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0))) { - uschar * sn = subjdn; + const uschar * sn = subjdn; while ((certname = string_nextinlist(&sn, &sn_sep, NULL, 0))) if ( *certname++ == 'C' && *certname++ == 'N' @@ -353,7 +353,6 @@ else if ((subjdn = tls_cert_subject(cert, NULL))) } return FALSE; } -# endif /*EXPERIMENTAL_CERTNAMES*/ #endif /*SUPPORT_TLS*/ /* vi: aw ai sw=2