tidying

4 files changed, 23 insertions, 20 deletions

diff --git a/src/src/lookups/lf_check_file.c b/src/src/lookups/lf_check_file.c
index 5c74816ef..c4c05e44d 100644
--- a/src/src/lookups/lf_check_file.c
+++ b/src/src/lookups/lf_check_file.c
@@ -45,8 +45,7 @@ lf_check_file(int fd, const uschar * filename, int s_type, int modemask,
 {
 struct stat statbuf;
 
-if ((fd >= 0 && fstat(fd, &statbuf) != 0) ||
-    (fd  < 0 && Ustat(filename, &statbuf) != 0))
+if ((fd  < 0 ? Ustat(filename, &statbuf) : fstat(fd, &statbuf)) != 0)
   {
   int save_errno = errno;
   *errmsg = string_sprintf("%s: stat failed", filename);
@@ -80,7 +79,7 @@ if ((statbuf.st_mode & modemask) != 0)
   return +1;
   }
 
-if (owners != NULL)
+if (owners)
   {
   BOOL uid_ok = FALSE;
   for (int i = 1; i <= (int)owners[0]; i++)
@@ -94,7 +93,7 @@ if (owners != NULL)
     }
   }
 
-if (owngroups != NULL)
+if (owngroups)
   {
   BOOL gid_ok = FALSE;
   for (int i = 1; i <= (int)owngroups[0]; i++)
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 703a0a4ca..69387a3a7 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -2743,25 +2743,25 @@ exim_gnutls_state_st * state = gnutls_session_get_ptr(session);
 
 if ((cert_list = gnutls_certificate_get_peers(session, &cert_list_size)))
   while (cert_list_size--)
-  {
-  if ((rc = import_cert(&cert_list[cert_list_size], &crt)) != GNUTLS_E_SUCCESS)
     {
-    DEBUG(D_tls) debug_printf("TLS: peer cert problem: depth %d: %s\n",
-      cert_list_size, gnutls_strerror(rc));
-    break;
-    }
+    if ((rc = import_cert(&cert_list[cert_list_size], &crt)) != GNUTLS_E_SUCCESS)
+      {
+      DEBUG(D_tls) debug_printf("TLS: peer cert problem: depth %d: %s\n",
+	cert_list_size, gnutls_strerror(rc));
+      break;
+      }
 
-  state->tlsp->peercert = crt;
-  if ((yield = event_raise(state->event_action,
-	      US"tls:cert", string_sprintf("%d", cert_list_size), &errno)))
-    {
-    log_write(0, LOG_MAIN,
-	      "SSL verify denied by event-action: depth=%d: %s",
-	      cert_list_size, yield);
-    return 1;                     /* reject */
+    state->tlsp->peercert = crt;
+    if ((yield = event_raise(state->event_action,
+		US"tls:cert", string_sprintf("%d", cert_list_size), &errno)))
+      {
+      log_write(0, LOG_MAIN,
+		"SSL verify denied by event-action: depth=%d: %s",
+		cert_list_size, yield);
+      return 1;                     /* reject */
+      }
+    state->tlsp->peercert = NULL;
     }
-  state->tlsp->peercert = NULL;
-  }
 
 return 0;
 }
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 2b3f02712..eabe34f31 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2530,6 +2530,8 @@ if (!(bs = OCSP_response_get1_basic(rsp)))
     DEBUG(D_tls) bp = BIO_new(BIO_s_mem());
 
     /* Use the CA & chain that verified the server cert to verify the stapled info */
+    /*XXX could we do an event here, for observability of ocsp?  What reasonable data could we give access to? */
+    /* Dates would be a start. Do we need another opaque variable type, as for certs, plus an extract expansion? */
 
    {
     /* If this routine is not available, we've avoided [in tls_client_start()]
diff --git a/src/src/verify.c b/src/src/verify.c
index 0ca096130..125df8d91 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -1056,6 +1056,8 @@ no_conn:
         HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
         }
 #ifndef DISABLE_DKIM
+      /* DKIM signing needs to add a header after seeing the whole body, so we cannot just copy
+      body bytes to the outbound as they are received, which is the intent of cutthrough. */
       if (ob->dkim.dkim_domain)
         {
         cutthrough.delivery= FALSE;