Fix cert-try-verify when denied by event action

[exim.git] / src / src / verify.c

diff --git a/src/src/verify.c b/src/src/verify.c
index 29d7b13286d51c2c2971cdcfd3b641441d28b655..82dc5cc722f322a8e933b6470600ba22d9ec1b7b 100644 (file)
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -468,6 +468,7 @@ else
     deliver_host_address = host->address;
     deliver_host_port = host->port;
     deliver_domain = addr->domain;
+    transport_name = addr->transport->name;
 
     if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface,
             US"callout") ||
@@ -538,8 +539,8 @@ else
 
     inblock.sock = outblock.sock =
       smtp_connect(host, host_af, port, interface, callout_connect, TRUE, NULL
-#ifdef EXPERIMENTAL_TPDA
-    /*XXX tpda action? NULL for now. */
+#ifdef EXPERIMENTAL_EVENT
+    /*XXX event action? NULL for now. */
                  , NULL
 #endif
                  );
@@ -548,6 +549,7 @@ else
       {
       addr->message = string_sprintf("could not connect to %s [%s]: %s",
           host->name, host->address, strerror(errno));
+      transport_name = NULL;
       deliver_host = deliver_host_address = NULL;
       deliver_domain = save_deliver_domain;
       continue;
@@ -581,9 +583,9 @@ else
       if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout)))
         goto RESPONSE_FAILED;
 
-#ifdef EXPERIMENTAL_TPDA
-      if (tpda_raise_event(addr->transport->tpda_event_action,
-                           US"smtp:connect", responsebuffer) == DEFER)
+#ifdef EXPERIMENTAL_EVENT
+      if (event_raise(addr->transport->event_action,
+                           US"smtp:connect", responsebuffer))
        {
        /* Logging?  Debug? */
        goto RESPONSE_FAILED;
@@ -708,8 +710,8 @@ else
             )
            {
            (void)close(inblock.sock);
-#ifdef EXPERIMENTAL_TPDA
-           (void) tpda_raise_event(addr->transport->tpda_event_action,
+#ifdef EXPERIMENTAL_EVENT
+           (void) event_raise(addr->transport->event_action,
                                    US"tcp:close", NULL);
 #endif
            log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
@@ -748,9 +750,11 @@ else
         )
         {
         /*save_errno = ERRNO_TLSREQUIRED;*/
-        log_write(0, LOG_MAIN, "a TLS session is required for %s [%s], but %s",
+        log_write(0, LOG_MAIN,
+         "H=%s [%s]: a TLS session is required for this host, but %s",
           host->name, host->address,
-       tls_offered? "an attempt to start TLS failed" : "the server did not offer TLS support");
+         tls_offered ? "an attempt to start TLS failed"
+                     : "the server did not offer TLS support");
         done= FALSE;
         goto TLS_FAILED;
         }
@@ -877,9 +881,7 @@ else
         /* If accepted, we aren't going to do any further tests below. */
 
         if (random_ok)
-          {
           new_domain_record.random_result = ccache_accept;
-          }
 
         /* Otherwise, cache a real negative response, and get back to the right
         state to send RCPT. Unless there's some problem such as a dropped
@@ -1064,8 +1066,8 @@ else
       tls_close(FALSE, TRUE);
 #endif
       (void)close(inblock.sock);
-#ifdef EXPERIMENTAL_TPDA
-      (void) tpda_raise_event(addr->transport->tpda_event_action,
+#ifdef EXPERIMENTAL_EVENT
+      (void) event_raise(addr->transport->event_action,
                              US"tcp:close", NULL);
 #endif
       }
@@ -1850,8 +1852,10 @@ while (addr_new != NULL)
 #ifdef SUPPORT_TLS
          deliver_set_expansions(addr);
 #endif
+         verify_mode = is_recipient ? US"R" : US"S";
           rc = do_callout(addr, host_list, &tf, callout, callout_overall,
             callout_connect, options, se_mailfrom, pm_mailfrom);
+         verify_mode = NULL;
           }
         }
       else