From dc8380bb68f615c89345eff1855a1a2e6f8cbf8a Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 7 Oct 2019 13:32:44 +0100 Subject: [PATCH] tidying --- src/src/configure.default | 3 -- src/src/dane-openssl.c | 82 +++++++++++++++++++-------------------- src/src/expand.c | 7 ++-- test/runtest | 2 +- 4 files changed, 46 insertions(+), 48 deletions(-) diff --git a/src/src/configure.default b/src/src/configure.default index 424c8df6b..d23ca3c66 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -663,9 +663,6 @@ smarthost: transport = smarthost_smtp route_data = ROUTER_SMARTHOST ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1 -.ifdef _HAVE_DNSSEC - dnssec_request_domains = * -.endif no_more .else diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c index 9b86a488b..6ed352929 100644 --- a/src/src/dane-openssl.c +++ b/src/src/dane-openssl.c @@ -1085,52 +1085,52 @@ if (dane->selectors[DANESSL_USAGE_DANE_EE]) } } - if (dane->selectors[DANESSL_USAGE_DANE_TA]) +if (dane->selectors[DANESSL_USAGE_DANE_TA]) + { + if ((matched = set_trust_anchor(ctx, dane, cert)) < 0) { - if ((matched = set_trust_anchor(ctx, dane, cert)) < 0) - { - X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM); - return -1; - } - if (matched) - { - /* - * Check that setting the untrusted chain updates the expected - * structure member at the expected offset. - */ - X509_STORE_CTX_trusted_stack(ctx, dane->roots); - X509_STORE_CTX_set_chain(ctx, dane->chain); - OPENSSL_assert(dane->chain == X509_STORE_CTX_get0_untrusted(ctx)); - } + X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM); + return -1; } + if (matched) + { + /* + * Check that setting the untrusted chain updates the expected + * structure member at the expected offset. + */ + X509_STORE_CTX_trusted_stack(ctx, dane->roots); + X509_STORE_CTX_set_chain(ctx, dane->chain); + OPENSSL_assert(dane->chain == X509_STORE_CTX_get0_untrusted(ctx)); + } + } - /* - * Name checks and usage 0/1 constraint enforcement are delayed until - * X509_verify_cert() builds the full chain and calls our verify_chain() - * wrapper. - */ - dane->verify = X509_STORE_CTX_get_verify(ctx); - X509_STORE_CTX_set_verify(ctx, verify_chain); +/* + * Name checks and usage 0/1 constraint enforcement are delayed until + * X509_verify_cert() builds the full chain and calls our verify_chain() + * wrapper. + */ +dane->verify = X509_STORE_CTX_get_verify(ctx); +X509_STORE_CTX_set_verify(ctx, verify_chain); - if (X509_verify_cert(ctx)) - return 1; +if (X509_verify_cert(ctx)) + return 1; - /* - * If the chain is invalid, clear any matching cert or hostname, to - * protect callers that might erroneously rely on these alone without - * checking the validation status. - */ - if (dane->match) - { - X509_free(dane->match); - dane->match = 0; - } - if (dane->mhost) - { - OPENSSL_free(dane->mhost); - dane->mhost = 0; - } - return 0; +/* + * If the chain is invalid, clear any matching cert or hostname, to + * protect callers that might erroneously rely on these alone without + * checking the validation status. + */ +if (dane->match) + { + X509_free(dane->match); + dane->match = 0; + } +if (dane->mhost) + { + OPENSSL_free(dane->mhost); + dane->mhost = 0; + } + return 0; } static dane_list diff --git a/src/src/expand.c b/src/src/expand.c index 8be10c14f..9706f2a6b 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -3516,7 +3516,7 @@ Returns: nothing */ static void -chash_start(int type, void *base) +chash_start(int type, void * base) { if (type == HMAC_MD5) md5_start((md5 *)base); @@ -3525,7 +3525,7 @@ else } static void -chash_mid(int type, void *base, uschar *string) +chash_mid(int type, void * base, const uschar * string) { if (type == HMAC_MD5) md5_mid((md5 *)base, string); @@ -3534,7 +3534,8 @@ else } static void -chash_end(int type, void *base, uschar *string, int length, uschar *digest) +chash_end(int type, void * base, const uschar * string, int length, + uschar * digest) { if (type == HMAC_MD5) md5_end((md5 *)base, string, length, digest); diff --git a/test/runtest b/test/runtest index 6319f5b81..095106b3a 100755 --- a/test/runtest +++ b/test/runtest @@ -3410,7 +3410,7 @@ while (not ($parm_ipv4 and $parm_ipv6) and defined($_ = )) if (not $parm_ipv4 and /^\s*inet(?:\saddr)?:?\s?(\d+\.\d+\.\d+\.\d+)(?:\/\d+)?\s/i) { - # It would ne nice to be able to vary the /16 used for manyhome; we could take + # It would be nice to be able to vary the /16 used for manyhome; we could take # an option to runtest used here - but we'd also have to pass it on to fakens. # Possibly an environment variable? next if $1 eq '0.0.0.0' or $1 =~ /^(?:127|10\.250)\./; -- 2.25.1