Introduce EXPERIMENTAL_DANE feature

[exim.git] / src / src / globals.h

diff --git a/src/src/globals.h b/src/src/globals.h
index 73793aa2ee24bd00d072fc1a435639a15637d9d3..800ec9c31d0df905fdff2288fa905db6a52c327b 100644 (file)
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -82,6 +82,10 @@ typedef struct {
   int     active;             /* fd/socket when in a TLS session */
   int     bits;               /* bits used in TLS session */
   BOOL    certificate_verified; /* Client certificate verified */
+#ifdef EXPERIMENTAL_DANE
+  BOOL    dane_verified;        /* ... via DANE */
+  int     tlsa_usage;         /* TLSA record(s) usage */
+#endif
   uschar *cipher;             /* Cipher used */
   BOOL    on_connect;         /* For older MTAs that don't STARTTLS */
   uschar *on_connect_ports;   /* Ports always tls-on-connect */
@@ -386,6 +390,9 @@ extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */
 extern int     dns_csa_search_limit;   /* How deep to search for CSA SRV records */
 extern BOOL    dns_csa_use_reverse;    /* Check CSA in reverse DNS? (non-standard) */
 extern uschar *dns_ipv4_lookup;        /* For these domains, don't look for AAAA (or A6) */
+#ifdef EXPERIMENTAL_DANE
+extern int     dns_dane_ok;            /* Ok to use DANE when checking TLS authenticity */
+#endif
 extern int     dns_retrans;            /* Retransmission time setting */
 extern int     dns_retry;              /* Number of retries */
 extern int     dns_dnssec_ok;          /* When constructing DNS query, set DO flag */