Do not treat ar_h_errno == NO_DATA as error OpenBSD's asr returns ar_h_errno == NO_DATA when it had a fallback from UDP to TCP, so I should tolerate it as well.

Save DNS lookup for failed signatures

Abort unfinished DNS query inside free

DKIM follow CNAME and improve logging. RFC 6376 doesn't care about CNAME, anyway it exists in real world.

Remove useless auth_commit

System level errors should be fatal

Add first up to 8 character of used hedaer.b into AR

prevent dkim_ar_cat from lose last character It losed the last character when the length resulted string was multiple of 256

Never swallow an email with malformed AR header

Avoid implicit = in AR parser

Simplified parser of AR header which should improve it's stability on edge cases as well.

Improve serialization of AR header Here two fixes: (1) avoid loop when checkpoint starts from whitespace, and (2) avoid infintity loop on very long last field.

Fix memory leak

Never use duplicated header multiple times

Revert previous. It's too early to remove the guards just yet.

Remove HAVE_ED25519 now that we have ED25519 in LibreSSL

Handle spaces in key-p-tag correctly. Reported by Mischa Peters.

Make sure osmtpd_ltok_skip_hexdig doesn't derefences NULL

opensmtpd.h should be taken from standard include path

Remove assert. Shouldn't be in production code

Put pklen and tmp in #ifdef HAVE_ED25519

pkrawlen should only be used to test the length, not if the tag might be there or not

Apparently I broke RSA in previous commit

Add support for ed25519

Domains are case insensitive. Keep that in mind when comparing i- and d-tag