summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-docbook/spec.xfpt4
-rw-r--r--src/src/expand.c18
-rw-r--r--test/stdout/00026
3 files changed, 16 insertions, 12 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index f3c7a060e..e3ac7f3b9 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17133,6 +17133,9 @@ use when sending messages as a client, you must set the &%tls_certificate%&
option in the relevant &(smtp)& transport.
.new
+&*Note*&: If you use filenames based on IP addresses, change the list
+separator in the usual way to avoid confusion under IPv6.
+
&*Note*&: Under current versions of OpenSSL, when a list of more than one
file is used, the &$tls_in_ourcert$& veriable is unreliable.
.wen
@@ -31327,6 +31330,7 @@ address and some time-based randomizing information. The &%prvs%& expansion
item creates a signed address, and the &%prvscheck%& expansion item checks one.
The syntax of these expansion items is described in section
&<<SECTexpansionitems>>&.
+The validity period on signed addresses is seven days.
As an example, suppose the secret per-address keys are stored in an MySQL
database. A query to look up the key for an address could be defined as a macro
diff --git a/src/src/expand.c b/src/src/expand.c
index f44ddf8b8..881c5fb2a 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -4494,25 +4494,25 @@ while (*s != 0)
if (skipping) continue;
/* sub_arg[0] is the address */
- domain = Ustrrchr(sub_arg[0],'@');
- if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
+ if ( !(domain = Ustrrchr(sub_arg[0],'@'))
+ || domain == sub_arg[0] || Ustrlen(domain) == 1)
{
expand_string_message = US"prvs first argument must be a qualified email address";
goto EXPAND_FAILED;
}
- /* Calculate the hash. The second argument must be a single-digit
+ /* Calculate the hash. The third argument must be a single-digit
key number, or unset. */
- if (sub_arg[2] != NULL &&
- (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
+ if ( sub_arg[2]
+ && (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
{
- expand_string_message = US"prvs second argument must be a single digit";
+ expand_string_message = US"prvs third argument must be a single digit";
goto EXPAND_FAILED;
}
- p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
- if (p == NULL)
+ p = prvs_hmac_sha1(sub_arg[0], sub_arg[1], sub_arg[2], prvs_daystamp(7));
+ if (!p)
{
expand_string_message = US"prvs hmac-sha1 conversion failed";
goto EXPAND_FAILED;
@@ -4628,7 +4628,7 @@ while (*s != 0)
prvscheck_result = US"1";
DEBUG(D_expand) debug_printf_indent("prvscheck: success, $pvrs_result set to 1\n");
}
- else
+ else
{
prvscheck_result = NULL;
DEBUG(D_expand) debug_printf_indent("prvscheck: signature expired, $pvrs_result unset\n");
diff --git a/test/stdout/0002 b/test/stdout/0002
index c7f8cce80..20f418360 100644
--- a/test/stdout/0002
+++ b/test/stdout/0002
@@ -736,9 +736,9 @@ xyz
>
> # Syntax errors
>
-> Failed: prvs second argument must be a single digit
-> Failed: prvs second argument must be a single digit
-> Failed: prvs second argument must be a single digit
+> Failed: prvs third argument must be a single digit
+> Failed: prvs third argument must be a single digit
+> Failed: prvs third argument must be a single digit
>
> # Correct checks; can't put explicit addresses in the tests, because they
> # will change over time.