From 8768e274c2470c6b7b99cffac768436557e5f52d Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Fri, 13 Apr 2018 18:51:23 -0400 Subject: [PATCH] DKIM downgrade example again; this time debugged As well as previous commit's `len_3` -> `length_3`, we were missing braces around the expansion operator, resulting in trying to dereference an unknown variable `$length_3`, and we were missing the outer braces from the `or` expansion condition. We really need a better way to test ACL expansion without a full harness. :( This bug-fixed version is now running on my system. --- doc/doc-docbook/spec.xfpt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index dfe84c33d..2de41c606 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -39221,13 +39221,13 @@ This variable can be overwritten using an ACL 'set' modifier. This might, for instance, be done to enforce a policy restriction on hash-method or key-size: .code - warn condition = ${if eq {$dkim_verify_status}{pass}} - condition = ${if eq {$length_3:$dkim_algo}{rsa}} - condition = ${if or {eq {$dkim_algo}{rsa-sha1}} \ - {< {$dkim_key_length}{1024}} } - logwrite = NOTE: forcing dkim verify fail (was pass) - set dkim_verify_status = fail - set dkim_verify_reason = hash too weak or key too short + warn condition = ${if eq {$dkim_verify_status}{pass}} + condition = ${if eq {${length_3:$dkim_algo}}{rsa}} + condition = ${if or {{eq {$dkim_algo}{rsa-sha1}} \ + {< {$dkim_key_length}{1024}}}} + logwrite = NOTE: forcing DKIM verify fail (was pass) + set dkim_verify_status = fail + set dkim_verify_reason = hash too weak or key too short .endd After all the DKIM ACL runs have completed, the value becomes a -- 2.25.1