Moved dkimtester into the main repo

[citadel.git] / citadel / server / modules / smtp / dkim.c

diff --git a/citadel/server/modules/smtp/dkim.c b/citadel/server/modules/smtp/dkim.c
index 589332ea44f85b59659b75b76db420b3e5b7f571..248a89564182c8a0fb81fdd6a7b7debbbf032c2d 100644 (file)
--- a/citadel/server/modules/smtp/dkim.c
+++ b/citadel/server/modules/smtp/dkim.c
@@ -469,7 +469,9 @@ void dkim_sign(StrBuf *email, char *pkey_in, char *domain, char *selector) {
        }
        EVP_MD_CTX_free(mdctx);
 
-       // THIS IS OPTIONAL.  Do it a second time, but verify the signature instead of signing.
+       // This is an optional routine to verify our own signature.
+       // The test program in tests/dkimtester enables it.  It is not enabled during server operation.
+#ifdef DKIM_VERIFY_SIGNATURE
        mdctx = EVP_MD_CTX_new();
        if (mdctx) {
                assert(EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pkey) == 1);
@@ -477,7 +479,7 @@ void dkim_sign(StrBuf *email, char *pkey_in, char *domain, char *selector) {
                assert(EVP_DigestVerifyFinal(mdctx, sig, signature_len) == 1);
                EVP_MD_CTX_free(mdctx);
        }
-       // End verify
+#endif
 
        // With the signature complete, we no longer need the private key or the unfolded headers.
        EVP_PKEY_free(pkey);