Guard SNI usage better (client-side)

author Phil Pennock <pdp@exim.org>

Tue, 22 May 2012 01:58:00 +0000 (21:58 -0400)

committer Phil Pennock <pdp@exim.org>

Tue, 22 May 2012 01:58:00 +0000 (21:58 -0400)
author Phil Pennock <pdp@exim.org>
Tue, 22 May 2012 01:58:00 +0000 (21:58 -0400)
committer Phil Pennock <pdp@exim.org>
Tue, 22 May 2012 01:58:00 +0000 (21:58 -0400)
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c

index eeab9c1303bbb27d1f88d7e5f2e50d7499e28ceb..ebc5a62557a589c03ef6d2a1717ad756031042e3 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -46,7 +46,9 @@ static BOOL verify_callback_called = FALSE;
  static const uschar *sid_ctx = US"exim";
  
  static SSL_CTX *ctx = NULL;
+#ifdef EXIM_HAVE_OPENSSL_TLSEXT
  static SSL_CTX *ctx_sni = NULL;
+#endif
  static SSL *ssl = NULL;
  
  static char ssl_errstring[256];
@@ -1257,8 +1259,14 @@ if (sni)
      tls_sni = NULL;
    else
      {
+#ifdef EXIM_HAVE_OPENSSL_TLSEXT
      DEBUG(D_tls) debug_printf("Setting TLS SNI \"%s\"\n", tls_sni);
      SSL_set_tlsext_host_name(ssl, tls_sni);
+#else
+    DEBUG(D_tls)
+      debug_printf("OpenSSL at build-time lacked SNI support, ignoring \"%s\"\n",
+          tls_sni);
+#endif
      }
    }
author	Phil Pennock <pdp@exim.org>
	Tue, 22 May 2012 01:58:00 +0000 (21:58 -0400)
committer	Phil Pennock <pdp@exim.org>
	Tue, 22 May 2012 01:58:00 +0000 (21:58 -0400)