Add perl_taintmode option

[exim.git] / src / src / readconf.c

diff --git a/src/src/readconf.c b/src/src/readconf.c
index 328d4955841d6515919a332d7987b0c5725f604b..ba4cb668b51d1db832bb8da05238e8b5a7c7eb83 100644 (file)
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) University of Cambridge 1995 - 2016 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Functions for reading the configuration file, and for displaying
@@ -349,6 +349,7 @@ static optionlist optionlist_config[] = {
 #ifdef EXIM_PERL
   { "perl_at_start",            opt_bool,        &opt_perl_at_start },
   { "perl_startup",             opt_stringptr,   &opt_perl_startup },
+  { "perl_taintmode",           opt_bool,        &opt_perl_taintmode },
 #endif
 #ifdef LOOKUP_PGSQL
   { "pgsql_servers",            opt_stringptr,   &pgsql_servers },
@@ -2947,7 +2948,7 @@ Returns:  bool for "okay"; false will cause caller to immediately exit.
 
 #ifdef SUPPORT_TLS
 static BOOL
-tls_dropprivs_validate_require_cipher(void)
+tls_dropprivs_validate_require_cipher(BOOL nowarn)
 {
 const uschar *errmsg;
 pid_t pid;
@@ -2961,7 +2962,7 @@ if (  !tls_advertise_hosts
    || Ustrcmp(tls_advertise_hosts, ":") == 0
    )
   return TRUE;
-else if (!tls_certificate)
+else if (!nowarn && !tls_certificate)
   log_write(0, LOG_MAIN|LOG_PANIC,
     "Warning: No server certificate defined; TLS connections will fail.\n"
     " Suggested action: either install a certificate or change tls_advertise_hosts option");
@@ -3035,7 +3036,7 @@ systems. Therefore they are available only when requested by compile-time
 options. */
 
 void
-readconf_main(void)
+readconf_main(BOOL nowarn)
 {
 int sep = 0;
 struct stat statbuf;
@@ -3473,7 +3474,7 @@ if ((tls_verify_hosts != NULL || tls_try_verify_hosts != NULL) &&
 
 /* This also checks that the library linkage is working and we can call
 routines in it, so call even if tls_require_ciphers is unset */
-if (!tls_dropprivs_validate_require_cipher())
+if (!tls_dropprivs_validate_require_cipher(nowarn))
   exit(1);
 
 /* Magic number: at time of writing, 1024 has been the long-standing value
@@ -3497,16 +3498,16 @@ if (openssl_options != NULL)
 # endif
   }
 
-if (gnutls_require_kx || gnutls_require_mac || gnutls_require_proto)
+if (!nowarn && (gnutls_require_kx || gnutls_require_mac || gnutls_require_proto))
   log_write(0, LOG_MAIN, "WARNING: main options"
       " gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols"
       " are obsolete\n");
 #endif /*SUPPORT_TLS*/
 
-if ((!add_environment || *add_environment == '\0') && !keep_environment)
+if (!nowarn && !keep_environment && environ && *environ)
   log_write(0, LOG_MAIN,
-      "WARNING: purging the environment.\n"
-      " Suggested action: use keep_environment and add_environment.");
+      "Warning: purging the environment.\n"
+      " Suggested action: use keep_environment.");
 }