Add event for inbound cert visibility

[exim.git] / src / src / tls-openssl.c
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c

index 43ea8a0d2ec31a42b550b538ea8d574fa461a6af..4de3cad513428b1951e160b1b0a56d057d7fd257 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -120,7 +120,7 @@ typedef struct tls_ext_ctx_cb {
  #ifdef EXPERIMENTAL_CERTNAMES
    uschar * verify_cert_hostnames;
  #endif
-#ifdef EXPERIMENTAL_TPDA
+#ifdef EXPERIMENTAL_EVENT
    uschar * event_action;
  #endif
  } tls_ext_ctx_cb;
@@ -287,6 +287,7 @@ verify_callback(int state, X509_STORE_CTX *x509ctx,
  {
  X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
  int depth = X509_STORE_CTX_get_error_depth(x509ctx);
+uschar * ev;
  static uschar txt[256];
  
  X509_NAME_oneline(X509_get_subject_name(cert), CS txt, sizeof(txt));
@@ -322,12 +323,12 @@ else if (depth != 0)
        ERR_clear_error();
      }
  #endif
-#ifdef EXPERIMENTAL_TPDA
-  if (tlsp == &tls_out && client_static_cbinfo->event_action)
+#ifdef EXPERIMENTAL_EVENT
+  ev = tlsp == &tls_out ? client_static_cbinfo->event_action : event_action;
+  if (ev)
      {
      tlsp->peercert = X509_dup(cert);
-    if (tpda_raise_event(client_static_cbinfo->event_action,
-                   US"tls:cert", string_sprintf("%d", depth)) == DEFER)
+    if (event_raise(ev, US"tls:cert", string_sprintf("%d", depth)) == DEFER)
        {
        log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
                               "depth=%d cert=%s", depth, txt);
@@ -391,11 +392,10 @@ else
  # endif
  #endif /*EXPERIMENTAL_CERTNAMES*/
  
-#ifdef EXPERIMENTAL_TPDA
-  if (tlsp == &tls_out)
-    {
-    if (tpda_raise_event(client_static_cbinfo->event_action,
-                   US"tls:cert", US"0") == DEFER)
+#ifdef EXPERIMENTAL_EVENT
+  ev = tlsp == &tls_out ? client_static_cbinfo->event_action : event_action;
+  if (ev)
+    if (event_raise(ev, US"tls:cert", US"0") == DEFER)
        {
        log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
                               "depth=0 cert=%s", txt);
@@ -403,7 +403,6 @@ else
        *calledp = TRUE;
        return 0;                            /* reject */
        }
-    }
  #endif
  
    DEBUG(D_tls) debug_printf("SSL%s verify ok: depth=0 SN=%s\n",
@@ -438,7 +437,7 @@ verify_callback_client_dane(int state, X509_STORE_CTX * x509ctx)
  {
  X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
  static uschar txt[256];
-#ifdef EXPERIMENTAL_TPDA
+#ifdef EXPERIMENTAL_EVENT
  int depth = X509_STORE_CTX_get_error_depth(x509ctx);
  #endif
  
@@ -448,10 +447,10 @@ DEBUG(D_tls) debug_printf("verify_callback_client_dane: %s\n", txt);
  tls_out.peerdn = txt;
  tls_out.peercert = X509_dup(cert);
  
-#ifdef EXPERIMENTAL_TPDA
+#ifdef EXPERIMENTAL_EVENT
    if (client_static_cbinfo->event_action)
      {
-    if (tpda_raise_event(client_static_cbinfo->event_action,
+    if (event_raise(client_static_cbinfo->event_action,
                     US"tls:cert", string_sprintf("%d", depth)) == DEFER)
        {
        log_write(0, LOG_MAIN, "DANE verify denied by event-action: "
@@ -1140,7 +1139,7 @@ else
  cbinfo->dhparam = dhparam;
  cbinfo->server_cipher_list = NULL;
  cbinfo->host = host;
-#ifdef EXPERIMENTAL_TPDA
+#ifdef EXPERIMENTAL_EVENT
  cbinfo->event_action = NULL;
  #endif
  
@@ -1935,8 +1934,8 @@ if (request_ocsp)
    }
  #endif
  
-#ifdef EXPERIMENTAL_TPDA
-client_static_cbinfo->event_action = tb->tpda_event_action;
+#ifdef EXPERIMENTAL_EVENT
+client_static_cbinfo->event_action = tb->event_action;
  #endif
  
  /* There doesn't seem to be a built-in timeout on connection. */