GnuTLS control constants exposed to Makefile.

[exim.git] / src / src / tls-gnu.c

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index a0a35b447c833acef6d24e37ffed0dabf99876e2..4e1e5104ba034eb379662f0204be25799886814f 100644 (file)
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -148,14 +148,20 @@ static BOOL exim_gnutls_base_init_done = FALSE;
 /* Set this to control gnutls_global_set_log_level(); values 0 to 9 will setup
 the library logging; a value less than 0 disables the calls to set up logging
 callbacks. */
+#ifndef EXIM_GNUTLS_LIBRARY_LOG_LEVEL
 #define EXIM_GNUTLS_LIBRARY_LOG_LEVEL -1
+#endif
 
+#ifndef EXIM_CLIENT_DH_MIN_BITS
 #define EXIM_CLIENT_DH_MIN_BITS 1024
+#endif
 
 /* With GnuTLS 2.12.x+ we have gnutls_sec_param_to_pk_bits() with which we
 can ask for a bit-strength.  Without that, we stick to the constant we had
 before, for now. */
+#ifndef EXIM_SERVER_DH_BITS_PRE2_12
 #define EXIM_SERVER_DH_BITS_PRE2_12 1024
+#endif
 
 #define exim_gnutls_err_check(Label) do { \
   if (rc != GNUTLS_E_SUCCESS) { return tls_error((Label), gnutls_strerror(rc), host); } } while (0)
@@ -698,6 +704,12 @@ if (state->tls_verify_certificates && *state->tls_verify_certificates)
     return OK;
     }
   }
+else
+  {
+  DEBUG(D_tls)
+    debug_printf("TLS: tls_verify_certificates not set or empty, ignoring\n");
+  return OK;
+  }
 
 if (Ustat(state->exp_tls_verify_certificates, &statbuf) < 0)
   {
@@ -939,6 +951,9 @@ if (state->tls_require_ciphers && *state->tls_require_ciphers)
   }
 if (want_default_priorities)
   {
+  DEBUG(D_tls)
+    debug_printf("GnuTLS using default session cipher/priority \"%s\"\n",
+        exim_default_gnutls_priority);
   rc = gnutls_priority_init(&state->priority_cache,
       exim_default_gnutls_priority, &errpos);
   p = US exim_default_gnutls_priority;