X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Ftls-gnu.c;h=a6eaa88b91373421669c8d02857aafebdd22247b;hb=1ddb1855402d48ad735e46abaf0d662e45600ecd;hp=7b67bb7933ef94f013d1302a5d4e67bf098a5503;hpb=6db92eab5917e515c83fd773dad6111177a0207f;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 7b67bb793..a6eaa88b9 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -2721,7 +2721,7 @@ if ((cert_list = gnutls_certificate_get_peers(session, &cert_list_size)))
 
   state->tlsp->peercert = crt;
   if ((yield = event_raise(state->event_action,
-	      US"tls:cert", string_sprintf("%d", cert_list_size))))
+	      US"tls:cert", string_sprintf("%d", cert_list_size), &errno)))
     {
     log_write(0, LOG_MAIN,
 	      "SSL verify denied by event-action: depth=%d: %s",
@@ -3043,6 +3043,9 @@ ALARM_CLR(0);
 
 if (rc != GNUTLS_E_SUCCESS)
   {
+  DEBUG(D_tls) debug_printf(" error %d from gnutls_handshake: %s\n",
+    rc, gnutls_strerror(rc));
+
   /* It seems that, except in the case of a timeout, we have to close the
   connection right here; otherwise if the other end is running OpenSSL it hangs
   until the server times out. */
@@ -3050,11 +3053,13 @@ if (rc != GNUTLS_E_SUCCESS)
   if (sigalrm_seen)
     {
     tls_error(US"gnutls_handshake", US"timed out", NULL, errstr);
+    (void) event_raise(event_action, US"tls:fail:connect", *errstr, NULL);
     gnutls_db_remove_session(state->session);
     }
   else
     {
     tls_error_gnu(state, US"gnutls_handshake", rc, errstr);
+    (void) event_raise(event_action, US"tls:fail:connect", *errstr, NULL);
     (void) gnutls_alert_send_appropriate(state->session, rc);
     gnutls_deinit(state->session);
     gnutls_certificate_free_credentials(state->lib_state.x509_cred);
@@ -3138,7 +3143,6 @@ receive_hasc = tls_hasc;
 receive_ungetc = tls_ungetc;
 receive_feof = tls_feof;
 receive_ferror = tls_ferror;
-receive_smtp_buffered = tls_smtp_buffered;
 
 return OK;
 }
@@ -3727,6 +3731,11 @@ if (do_shutdown)
 
   tls_write(ct_ctx, NULL, 0, FALSE);	/* flush write buffer */
 
+#ifdef EXIM_TCP_CORK
+  if (do_shutdown > 1)
+    (void) setsockopt(tlsp->active.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &off, sizeof(off));
+#endif
+
   ALARM(2);
   gnutls_bye(state->session, do_shutdown > 1 ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
   ALARM_CLR(0);
@@ -3741,7 +3750,6 @@ if (!ct_ctx)	/* server */
   receive_ungetc =	smtp_ungetc;
   receive_feof =	smtp_feof;
   receive_ferror =	smtp_ferror;
-  receive_smtp_buffered = smtp_buffered;
   }
 
 gnutls_deinit(state->session);
@@ -3899,7 +3907,7 @@ if (n > 0)
 
 
 BOOL
-tls_could_read(void)
+tls_could_getc(void)
 {
 return state_server.xfer_buffer_lwm < state_server.xfer_buffer_hwm
  || gnutls_record_check_pending(state_server.session) > 0;
@@ -4226,17 +4234,18 @@ return NULL;
 
 /* See a description in tls-openssl.c for an explanation of why this exists.
 
-Arguments:   a FILE* to print the results to
-Returns:     nothing
+Arguments:   string to append to
+Returns:     string
 */
 
-void
-tls_version_report(FILE *f)
+gstring *
+tls_version_report(gstring * g)
 {
-fprintf(f, "Library version: GnuTLS: Compile: %s\n"
-           "                         Runtime: %s\n",
-           LIBGNUTLS_VERSION,
-           gnutls_check_version(NULL));
+return string_fmt_append(g,
+    "Library version: GnuTLS: Compile: %s\n"
+    "                         Runtime: %s\n",
+	     LIBGNUTLS_VERSION,
+	     gnutls_check_version(NULL));
 }
 
 #endif	/*!MACRO_PREDEF*/