X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fverify.c;h=ea733b60596dae968d61efdd382853cff059ad10;hb=65867078f62db450bd8f91100600f6de559e7590;hp=f799ff1debc620e18115fa7ff2547da566417a40;hpb=8c51eead714a52b81651352b5db4b985d17c3148;p=exim.git

diff --git a/src/src/verify.c b/src/src/verify.c
index f799ff1de..ea733b605 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -379,7 +379,7 @@ else if (Ustrcmp(addr->transport->driver_name, "smtp") != 0)
 else
   {
   smtp_transport_options_block *ob =
-    (smtp_transport_options_block *)(addr->transport->options_block);
+    (smtp_transport_options_block *)addr->transport->options_block;
 
   /* The information wasn't available in the cache, so we have to do a real
   callout and save the result in the cache for next time, unless no_cache is set,
@@ -636,16 +636,12 @@ else
        /* STARTTLS accepted or ssl-on-connect: try to negotiate a TLS session. */
       else
         {
-        int rc = tls_client_start(inblock.sock, host, addr,
-  	 ob->tls_certificate, ob->tls_privatekey,
-  	 ob->tls_sni,
-  	 ob->tls_verify_certificates, ob->tls_crl,
-  	 ob->tls_require_ciphers,
-#ifdef EXPERIMENTAL_OCSP
-  	 ob->hosts_require_ocsp,
-#endif
-	 ob->tls_dh_min_bits, callout,
-         ob->tls_verify_hosts, ob->tls_try_verify_hosts);
+	int oldtimeout = ob->command_timeout;
+	int rc;
+
+	ob->command_timeout = callout;
+        rc = tls_client_start(inblock.sock, host, addr, ob);
+	ob->command_timeout = oldtimeout;
 
         /* TLS negotiation failed; give an error.  Try in clear on a new connection,
            if the options permit it for this host. */
@@ -1749,9 +1745,20 @@ while (addr_new != NULL)
                   string_is_ip_address(host->name, NULL) != 0)
                 (void)host_find_byname(host, NULL, flags, &canonical_name, TRUE);
               else
+		{
+		uschar * d_request = NULL, * d_require = NULL;
+		if (Ustrcmp(addr->transport->driver_name, "smtp") == 0)
+		  {
+		  smtp_transport_options_block * ob =
+		      (smtp_transport_options_block *)
+			addr->transport->options_block;
+		  d_request = ob->dnssec_request_domains;
+		  d_require = ob->dnssec_require_domains;
+		  }
+
                 (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
-		  NULL, NULL,	/*XXX todo: dnssec */
-                  &canonical_name, NULL);
+		  d_request, d_require, &canonical_name, NULL);
+		}
               }
             }
           }