X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Ftls.c;h=6b1a189a98dfaa5b87caccdabb3e2dceff9dedc5;hb=7da3cb7c81fbe0ae154b2b5f89f79dc80264f699;hp=f2ab56706201a8bbc267ea0a031b71366438604a;hpb=d502442ac32f8964f6cf86469869cecb035d12c0;p=exim.git diff --git a/src/src/tls.c b/src/src/tls.c index f2ab56706..6b1a189a9 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2012 */ +/* Copyright (c) University of Cambridge 1995 - 2015 */ /* See the file NOTICE for conditions of use and distribution. */ /* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is @@ -80,6 +80,28 @@ return TRUE; } +/************************************************* +* Timezone environment flipping * +*************************************************/ + +static uschar * +to_tz(uschar * tz) +{ + uschar * old = US getenv("TZ"); + setenv("TZ", CS tz, 1); + tzset(); + return old; +} +static void +restore_tz(uschar * tz) +{ + if (tz) + setenv("TZ", CS tz, 1); + else + unsetenv("TZ"); + tzset(); +} + /************************************************* * Many functions are package-specific * *************************************************/ @@ -224,7 +246,7 @@ NOTE: We modify the supplied dn string during operation. Arguments: dn Distinguished Name string - mod string containing optional list-sep and + mod list containing optional output list-sep and field selector match, comma-separated Return: allocated string with list of matching fields, @@ -232,7 +254,7 @@ Return: */ uschar * -tls_field_from_dn(uschar * dn, uschar * mod) +tls_field_from_dn(uschar * dn, const uschar * mod) { int insep = ','; uschar outsep = '\n'; @@ -245,19 +267,20 @@ while ((ele = string_nextinlist(&mod, &insep, NULL, 0))) if (ele[0] != '>') match = ele; /* field tag to match */ else if (ele[1]) - outsep = ele[1]; /* nondefault separator */ + outsep = ele[1]; /* nondefault output separator */ dn_to_list(dn); insep = ','; -len = Ustrlen(match); -while ((ele = string_nextinlist(&dn, &insep, NULL, 0))) - if (Ustrncmp(ele, match, len) == 0 && ele[len] == '=') +len = match ? Ustrlen(match) : -1; +while ((ele = string_nextinlist(CUSS &dn, &insep, NULL, 0))) + if ( !match + || Ustrncmp(ele, match, len) == 0 && ele[len] == '=' + ) list = string_append_listele(list, outsep, ele+len+1); return list; } -# ifdef EXPERIMENTAL_CERTNAMES /* Compare a domain name with a possibly-wildcarded name. Wildcards are restricted to a single one, as the first element of patterns having at least three dot-separated elements. Case-independent. @@ -290,7 +313,7 @@ Returns: */ BOOL -tls_is_name_for_cert(uschar * namelist, void * cert) +tls_is_name_for_cert(const uschar * namelist, void * cert) { uschar * altnames = tls_cert_subject_altname(cert, US"dns"); uschar * subjdn; @@ -303,7 +326,7 @@ if ((altnames = tls_cert_subject_altname(cert, US"dns"))) int alt_sep = '\n'; while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0))) { - uschar * an = altnames; + const uschar * an = altnames; while ((certname = string_nextinlist(&an, &alt_sep, NULL, 0))) if (is_name_match(cmpname, certname)) return TRUE; @@ -317,7 +340,7 @@ else if ((subjdn = tls_cert_subject(cert, NULL))) dn_to_list(subjdn); while ((cmpname = string_nextinlist(&namelist, &cmp_sep, NULL, 0))) { - uschar * sn = subjdn; + const uschar * sn = subjdn; while ((certname = string_nextinlist(&sn, &sn_sep, NULL, 0))) if ( *certname++ == 'C' && *certname++ == 'N' @@ -329,7 +352,6 @@ else if ((subjdn = tls_cert_subject(cert, NULL))) } return FALSE; } -# endif /*EXPERIMENTAL_CERTNAMES*/ #endif /*SUPPORT_TLS*/ /* vi: aw ai sw=2