{
dane_mtype_list m;
unsigned char mdbuf[EVP_MAX_MD_SIZE];
- unsigned char *buf;
+ unsigned char *buf = NULL;
unsigned char *buf2;
- unsigned int len;
+ unsigned int len = 0;
/*
* Extract ASN.1 DER form of certificate or public key.
matched = match(dane->selectors[SSL_DANE_USAGE_FIXED_LEAF], cert, 0);
if(matched > 0)
if(!ctx->chain)
+ {
if( (ctx->chain = sk_X509_new_null())
&& sk_X509_push(ctx->chain, cert))
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
DANEerr(DANE_F_CHECK_END_ENTITY, ERR_R_MALLOC_FAILURE);
return -1;
}
+ }
return matched;
}
* Sub-domain match: certid is any sub-domain of hostname.
*/
if(match_subdomain)
+ {
if( (idlen = strlen(certid)) > (domlen = strlen(domain)) + 1
&& certid[idlen - domlen - 1] == '.'
&& !strcasecmp(certid + (idlen - domlen), domain))
return 1;
else
continue;
+ }
/*
* Exact match and initial "*" match. The initial "*" in a certid
{
struct stat statbuf;
if (fstat(deliver_datafile, &statbuf) == 0 && statbuf.st_size > max)
+ {
if (emf_text)
fprintf(f, "%s", CS emf_text);
else
fprintf(f,
"------ The body of the message is " OFF_T_FMT " characters long; only the first\n"
"------ %d or so are included here.\n", statbuf.st_size, max);
+ }
}
fputc('\n', f);
case EOP_UTF8CLEAN:
{
- int seq_len, index = 0;
+ int seq_len = 0, index = 0;
int bytes_left = 0;
uschar seq_buff[4]; /* accumulate utf-8 here */
while (*sub != 0)
{
int complete;
- long codepoint;
+ long codepoint = 0;
uschar c;
complete = 0;
-1, /* tls_active */
0, /* tls_bits */
FALSE,/* tls_certificate_verified */
+#ifdef EXPERIMENTAL_DANE
+ FALSE,/* dane_verified */
+#endif
NULL, /* tls_cipher */
FALSE,/* tls_on_connect */
NULL, /* tls_on_connect_ports */
-1, /* tls_active */
0, /* tls_bits */
FALSE,/* tls_certificate_verified */
+#ifdef EXPERIMENTAL_DANE
+ FALSE,/* dane_verified */
+#endif
NULL, /* tls_cipher */
FALSE,/* tls_on_connect */
NULL, /* tls_on_connect_ports */
if (Ustrncmp(p, "rozen", 5) == 0)
{
deliver_freeze = TRUE;
- sscanf(big_buffer+7, TIME_T_FMT, &deliver_frozen_at);
+ sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at);
}
break;
#ifndef DISABLE_OCSP
# include <openssl/ocsp.h>
#endif
+#ifdef EXPERIMENTAL_DANE
+# include <danessl.h>
+#endif
+
#ifndef DISABLE_OCSP
# define EXIM_OCSP_SKEW_SECONDS (300L)
{
dns_record * rr;
dns_scan dnss;
- uschar * hostnames[2] = { host->name, NULL };
+ const char * hostnames[2] = { CS host->name, NULL };
int found = 0;
if (DANESSL_init(client_ssl, NULL, hostnames) != 1)