From 4ed67f68df666fe38076e3bfd2183db71e742c7a Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Mon, 21 Oct 2019 17:18:28 +0100
Subject: [PATCH] Fix logging of DANE, client-side under LibreSSL

---
 src/src/tls-openssl.c | 8 ++++++--
 test/runtest          | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index bd9796971..e45ebd3be 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2347,7 +2347,11 @@ if (tlsp->peercert)
     for resumption next to the TLS session, and used here. */
 
     if (!tlsp->verify_override)
-      tlsp->certificate_verified = SSL_get_verify_result(ssl) == X509_V_OK;
+      tlsp->certificate_verified =
+#ifdef SUPPORT_DANE
+	tlsp->dane_verified ||
+#endif
+	SSL_get_verify_result(ssl) == X509_V_OK;
     }
 }
 
@@ -2720,7 +2724,7 @@ if (rc <= 0)
     case SSL_ERROR_SSL:
       {
       uschar * s = US"SSL_accept";
-      ulong e = ERR_peek_error();
+      unsigned long e = ERR_peek_error();
       if (ERR_GET_REASON(e) == SSL_R_WRONG_VERSION_NUMBER)
 	s = string_sprintf("%s (%s)", s, SSL_get_version(server_ssl));
       (void) tls_error(s, NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
diff --git a/test/runtest b/test/runtest
index 58a989fe5..fea40845c 100755
--- a/test/runtest
+++ b/test/runtest
@@ -1351,7 +1351,7 @@ RESET_AFTER_EXTRA_LINE_READ:
 
     # openssl version variances
     s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/;
-    s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/;
+    s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(?:(?i)ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/;
     s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:(?:(?i)int_rsa_verify|CRYPTO_internal):(?:bad signature|algorithm mismatch)$/$1Public key signature verification has failed./;
     s/ARC: AMS signing: privkey PEM-block import: error:\K[0-9A-F]{8}:(PEM routines):get_name:(no start line)/0906D06C:$1:PEM_read_bio:$2/;
 
-- 
2.25.1