}
EVP_MD_CTX_free(mdctx);
- // THIS IS OPTIONAL. Do it a second time, but verify the signature instead of signing.
+ // This is an optional routine to verify our own signature.
+ // The test program in tests/dkimtester enables it. It is not enabled during server operation.
+#ifdef DKIM_VERIFY_SIGNATURE
mdctx = EVP_MD_CTX_new();
if (mdctx) {
assert(EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pkey) == 1);
assert(EVP_DigestVerifyFinal(mdctx, sig, signature_len) == 1);
EVP_MD_CTX_free(mdctx);
}
- // End verify
+#endif
// With the signature complete, we no longer need the private key or the unfolded headers.
EVP_PKEY_free(pkey);