#endif
#ifndef DISABLE_TLS_RESUME
-# if GNUTLS_VERSION_NUMBER < 0x030603
-# error GNUTLS version too early for session-resumption
+# if GNUTLS_VERSION_NUMBER >= 0x030603
+# define EXIM_HAVE_TLS_RESUME
+# else
+# warning "GnuTLS library version too old; resumption unsupported"
# endif
#endif
static BOOL exim_testharness_disable_ocsp_validity_check = FALSE;
#endif
-#ifndef DISABLE_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
static gnutls_datum_t server_sessticket_key;
#endif
static int exim_sni_handling_cb(gnutls_session_t session);
-#ifndef DISABLE_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
static int
tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
unsigned incoming, const gnutls_datum_t * msg);
void
tls_daemon_init(void)
{
-#ifndef DISABLE_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
/* We are dependent on the GnuTLS implementation of the Session Ticket
encryption; both the strength and the key rotation period. We hope that
the strength at least matches that of the ciphersuite (but GnuTLS does not
"Handshake Protocol: Certificate" record.
So we need to spot the Certificate handshake message, parse it and spot any status_request extension(s)
-This is different to tls1.2 - where it is a separate record (wireshake term) / handshake message (gnutls term).
+This is different to tls1.2 - where it is a separate record (wireshark term) / handshake message (gnutls term).
*/
-#if !defined(DISABLE_TLS_RESUME) || defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
+#if defined(EXIM_HAVE_TLS_RESUME) || defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
/* Callback for certificate-status, on server. We sent stapled OCSP. */
static int
tls_server_certstatus_cb(gnutls_session_t session, unsigned int htype,
# endif
case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
return tls_server_certstatus_cb(sess, htype, when, incoming, msg);
-# ifndef DISABLE_TLS_RESUME
+# ifdef EXIM_HAVE_TLS_RESUME
case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
return tls_server_ticket_cb(sess, htype, when, incoming, msg);
# endif
}
-#ifndef DISABLE_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
static int
tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
unsigned incoming, const gnutls_datum_t * msg)
#endif
}
-#ifndef DISABLE_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
tls_server_resume_prehandshake(state);
#endif
tls_in.ext_master_secret = TRUE;
#endif
-#ifndef DISABLE_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
tls_server_resume_posthandshake(state);
#endif
-#ifndef DISABLE_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
/* On the client, get any stashed session for the given IP from hints db
and apply it to the ssl-connection for attempted resumption. Although
there is a gnutls_session_ticket_enable_client() interface it is
}
#endif
-#ifndef DISABLE_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
tls_client_resume_prehandshake(state, tlsp, host, ob);
#endif
}
#endif
-#ifndef DISABLE_TLS_RESUME
+#ifdef EXIM_HAVE_TLS_RESUME
tls_client_resume_posthandshake(state, tlsp, host);
#endif
git://git.exim.org / exim.git / blobdiff