X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=src%2Fsrc%2Ftransports%2Fsmtp.c;h=48bab9599e90638eea213a8b4c5ac4aecd511918;hp=477e7b3bf4ce0492a1dc2fd271ebfec876131f04;hb=038597d295fa0ebd48ed4c00a6dfff0f30a2353a;hpb=4cea764f3d43217b9b7046310fc1567c4d63c01e diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 477e7b3bf..48bab9599 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -241,8 +241,7 @@ smtp_transport_options_block smtp_transport_option_defaults = { FALSE, /* gethostbyname */ TRUE, /* dns_qualify_single */ FALSE, /* dns_search_parents */ - NULL, /* dnssec_request_domains */ - NULL, /* dnssec_require_domains */ + { NULL, NULL }, /* dnssec_domains {request,require} */ TRUE, /* delay_after_cutoff */ FALSE, /* hosts_override */ FALSE, /* hosts_randomize */ @@ -1198,10 +1197,7 @@ switch (dns_lookup(dnsa, buffer, T_TLSA, &fullname)) default: case DNS_FAIL: if (dane_required) - { - log_write(0, LOG_MAIN, "DANE error: TLSA lookup failed"); return FAIL; - } break; case DNS_SUCCEED: @@ -1372,7 +1368,7 @@ BOOL utf8_offered = FALSE; BOOL dsn_all_lasthop = TRUE; #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) BOOL dane = FALSE; -BOOL dane_required; +BOOL dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK; dns_answer tlsa_dnsa; #endif smtp_inblock inblock; @@ -1459,21 +1455,20 @@ if (continue_hostname == NULL) tls_out.dane_verified = FALSE; tls_out.tlsa_usage = 0; - dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK; - if (host->dnssec == DS_YES) { if( ( dane_required || verify_check_given_host(&ob->hosts_try_dane, host) == OK ) && (rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK + && dane_required /* do not error on only dane-requested */ ) { set_errno(addrlist, ERRNO_DNSDEFER, string_sprintf("DANE error: tlsa lookup %s", rc == DEFER ? "DEFER" : "FAIL"), rc, FALSE, NULL); - return rc; + return rc; } } else if (dane_required)