DANE: current src version

[exim.git] / src / src / tls-openssl.c

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 73ac80734ca8dca50e86c434b289aca194195537..49347a2aefe9d4ec1b8f82289f8bb681c8e07ddc 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -152,7 +152,7 @@ typedef struct tls_ext_ctx_cb {
   /* only passed down to tls_error: */
   host_item *host;
   const uschar * verify_cert_hostnames;
-#ifdef EXPERIMENTAL_EVENT
+#ifndef DISABLE_EVENT
   uschar * event_action;
 #endif
 } tls_ext_ctx_cb;
@@ -282,7 +282,7 @@ for(i= 0; i<sk_X509_OBJECT_num(roots); i++)
 */
 
 
-#ifdef EXPERIMENTAL_EVENT
+#ifndef DISABLE_EVENT
 static int
 verify_event(tls_support * tlsp, X509 * cert, int depth, const uschar * dn,
   BOOL *calledp, const BOOL *optionalp, const uschar * what)
@@ -294,6 +294,7 @@ X509 * old_cert;
 ev = tlsp == &tls_out ? client_static_cbinfo->event_action : event_action;
 if (ev)
   {
+  DEBUG(D_tls) debug_printf("verify_event: %s %d\n", what, depth);
   old_cert = tlsp->peercert;
   tlsp->peercert = X509_dup(cert);
   /* NB we do not bother setting peerdn */
@@ -388,13 +389,13 @@ else if (depth != 0)
     {  /* client, wanting stapling  */
     /* Add the server cert's signing chain as the one
     for the verification of the OCSP stapled information. */
-  
+
     if (!X509_STORE_add_cert(client_static_cbinfo->u_ocsp.client.verify_store,
                              cert))
       ERR_clear_error();
     }
 #endif
-#ifdef EXPERIMENTAL_EVENT
+#ifndef DISABLE_EVENT
     if (verify_event(tlsp, cert, depth, dn, calledp, optionalp, US"SSL"))
       return 0;                                /* reject, with peercert set */
 #endif
@@ -454,7 +455,7 @@ else
       }
     }
 
-#ifdef EXPERIMENTAL_EVENT
+#ifndef DISABLE_EVENT
   if (verify_event(tlsp, cert, depth, dn, calledp, optionalp, US"SSL"))
     return 0;                          /* reject, with peercert set */
 #endif
@@ -491,7 +492,7 @@ verify_callback_client_dane(int state, X509_STORE_CTX * x509ctx)
 {
 X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
 uschar dn[256];
-#ifdef EXPERIMENTAL_EVENT
+#ifndef DISABLE_EVENT
 int depth = X509_STORE_CTX_get_error_depth(x509ctx);
 BOOL dummy_called, optional = FALSE;
 #endif
@@ -501,7 +502,7 @@ dn[sizeof(dn)-1] = '\0';
 
 DEBUG(D_tls) debug_printf("verify_callback_client_dane: %s\n", dn);
 
-#ifdef EXPERIMENTAL_EVENT
+#ifndef DISABLE_EVENT
   if (verify_event(&tls_out, cert, depth, dn,
          &dummy_called, &optional, US"DANE"))
     return 0;                          /* reject, with peercert set */
@@ -1284,7 +1285,7 @@ else
 cbinfo->dhparam = dhparam;
 cbinfo->server_cipher_list = NULL;
 cbinfo->host = host;
-#ifdef EXPERIMENTAL_EVENT
+#ifndef DISABLE_EVENT
 cbinfo->event_action = NULL;
 #endif
 
@@ -1838,7 +1839,7 @@ tls_client_basic_ctx_init(SSL_CTX * ctx,
                          )
 {
 int rc;
-/* stick to the old behaviour for compatibility if tls_verify_certificates is 
+/* stick to the old behaviour for compatibility if tls_verify_certificates is
    set but both tls_verify_hosts and tls_try_verify_hosts is not set. Check only
    the specified host patterns if one of them is defined */
 
@@ -1860,7 +1861,7 @@ if ((rc = setup_certs(ctx, ob->tls_verify_certificates,
 if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
   {
   cbinfo->verify_cert_hostnames =
-#ifdef EXPERIMENTAL_INTERNATIONAL
+#ifdef SUPPORT_I18N
     string_domain_utf8_to_alabel(host->name, NULL);
 #else
     host->name;
@@ -2112,7 +2113,7 @@ if (request_ocsp)
   }
 #endif
 
-#ifdef EXPERIMENTAL_EVENT
+#ifndef DISABLE_EVENT
 client_static_cbinfo->event_action = tb->event_action;
 #endif