git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix build with older TLS library versions
[exim.git]
/
src
/
src
/
tls-gnu.c
diff --git
a/src/src/tls-gnu.c
b/src/src/tls-gnu.c
index 7b0f2f6adb01248dd0b4c273d2c6ba0a2104d459..34ebc0903114a5414ac8c0c48bc2a8b46cdf2a6c 100644
(file)
--- a/
src/src/tls-gnu.c
+++ b/
src/src/tls-gnu.c
@@
-74,6
+74,12
@@
require current GnuTLS, then we'll drop support for the ancient libraries).
# define GNUTLS_AUTO_GLOBAL_INIT
# define GNUTLS_AUTO_PKCS11_MANUAL
#endif
# define GNUTLS_AUTO_GLOBAL_INIT
# define GNUTLS_AUTO_PKCS11_MANUAL
#endif
+#if (GNUTLS_VERSION_NUMBER >= 0x030404) \
+ || (GNUTLS_VERSION_NUMBER >= 0x030311) && (GNUTLS_VERSION_NUMBER & 0xffff00 == 0x030300)
+# ifndef DISABLE_OCSP
+# define EXIM_HAVE_OCSP
+# endif
+#endif
#if GNUTLS_VERSION_NUMBER >= 0x030500
# define SUPPORT_GNUTLS_KEYLOG
#endif
#if GNUTLS_VERSION_NUMBER >= 0x030500
# define SUPPORT_GNUTLS_KEYLOG
#endif
@@
-127,6
+133,12
@@
builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );
# ifdef EXIM_HAVE_TLS1_3
builtin_macro_create(US"_HAVE_TLS1_3");
# endif
# ifdef EXIM_HAVE_TLS1_3
builtin_macro_create(US"_HAVE_TLS1_3");
# endif
+# ifdef EXIM_HAVE_OCSP
+builtin_macro_create(US"_HAVE_TLS_OCSP");
+# endif
+# ifdef SUPPORT_SRV_OCSP_STACK
+builtin_macro_create(US"_HAVE_TLS_OCSP_LIST");
+# endif
}
#else
}
#else
@@
-2271,17
+2283,17
@@
post_handshake_debug(exim_gnutls_state_st * state)
#ifdef SUPPORT_GNUTLS_SESS_DESC
debug_printf("%s\n", gnutls_session_get_desc(state->session));
#endif
#ifdef SUPPORT_GNUTLS_SESS_DESC
debug_printf("%s\n", gnutls_session_get_desc(state->session));
#endif
-#ifdef SUPPORT_GNUTLS_KEYLOG
+#ifdef SUPPORT_GNUTLS_KEYLOG
# ifdef EXIM_HAVE_TLS1_3
if (gnutls_protocol_get_version(state->session) < GNUTLS_TLS1_3)
# ifdef EXIM_HAVE_TLS1_3
if (gnutls_protocol_get_version(state->session) < GNUTLS_TLS1_3)
-#else
+#
else
if (TRUE)
if (TRUE)
-#endif
+#
endif
{
gnutls_datum_t c, s;
gstring * gc, * gs;
{
gnutls_datum_t c, s;
gstring * gc, * gs;
- /* we only want the client random and the master secret */
+ /*
For TLS1.2
we only want the client random and the master secret */
gnutls_session_get_random(state->session, &c, &s);
gnutls_session_get_master_secret(state->session, &s);
gc = ddump(&c);
gnutls_session_get_random(state->session, &c, &s);
gnutls_session_get_master_secret(state->session, &s);
gc = ddump(&c);
@@
-2294,7
+2306,8
@@
else
" add SSLKEYLOGFILE to keep_environment in the exim config\n"
" run exim as root\n"
" if using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n"
" add SSLKEYLOGFILE to keep_environment in the exim config\n"
" run exim as root\n"
" if using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n"
- " (works for TLS1.2 also, and saves cut-paste into file)\n");
+ " (works for TLS1.2 also, and saves cut-paste into file)"
+ " Trying to use add_environment for this will not work\n");
#endif
}
#endif
}
@@
-2516,6
+2529,11
@@
if (rc != GNUTLS_E_SUCCESS)
return FAIL;
}
return FAIL;
}
+#ifdef GNUTLS_SFLAGS_EXT_MASTER_SECRET
+if (gnutls_session_get_flags(state->session) & GNUTLS_SFLAGS_EXT_MASTER_SECRET)
+ tls_in.ext_master_secret = TRUE;
+#endif
+
#ifdef EXPERIMENTAL_TLS_RESUME
tls_server_resume_posthandshake(state);
#endif
#ifdef EXPERIMENTAL_TLS_RESUME
tls_server_resume_posthandshake(state);
#endif
@@
-2985,6
+3003,11
@@
if (!verify_certificate(state, errstr))
return FALSE;
}
return FALSE;
}
+#ifdef GNUTLS_SFLAGS_EXT_MASTER_SECRET
+if (gnutls_session_get_flags(state->session) & GNUTLS_SFLAGS_EXT_MASTER_SECRET)
+ tlsp->ext_master_secret = TRUE;
+#endif
+
#ifndef DISABLE_OCSP
if (request_ocsp)
{
#ifndef DISABLE_OCSP
if (request_ocsp)
{