TLS resumption: support Outlook hosts-behind-loadbalancer

[exim.git] / src / src / tls.c

diff --git a/src/src/tls.c b/src/src/tls.c
index a988c750562e82498ca2f40542397694da8280c5..e80dd9aaf299e9fff2f713d7e9b25362d6b8fc2e 100644 (file)
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -804,28 +804,27 @@ hctx * h = &tlsp->resume_hctx;
 blob b;
 gstring * g;
 
+DEBUG(D_tls) if (conn_args->host_lbserver)
+  debug_printf("TLS: lbserver '%s'\n", conn_args->host_lbserver);
+
 #ifdef EXIM_HAVE_SHA2
 exim_sha_init(h, HASH_SHA2_256);
 #else
 exim_sha_init(h, HASH_SHA1);
 #endif
-
-//  TODO: word from server EHLO resp           /* how, fer gossakes?  Add item to conn_args or tls_support? */
-
+exim_sha_update_string(h, conn_args->host_lbserver);
+#ifdef SUPPORT_DANE
 if (conn_args->dane)
-  exim_sha_update(h, CUS &conn_args->tlsa_dnsa, sizeof(dns_answer));
-exim_sha_update(h,   conn_args->host->address, Ustrlen(conn_args->host->address));
+  exim_sha_update(h,  CUS &conn_args->tlsa_dnsa, sizeof(dns_answer));
+#endif
+exim_sha_update_string(h, conn_args->host->address);
 exim_sha_update(h,   CUS &conn_args->host->port, sizeof(conn_args->host->port));
-exim_sha_update(h,   conn_args->sending_ip_address, Ustrlen(conn_args->sending_ip_address));
-if (openssl_options)
-  exim_sha_update(h, openssl_options,          Ustrlen(openssl_options));
-if (ob->tls_require_ciphers)
-  exim_sha_update(h, ob->tls_require_ciphers,  Ustrlen(ob->tls_require_ciphers));
-if (tlsp->sni)
-  exim_sha_update(h, tlsp->sni,                        Ustrlen(tlsp->sni));
+exim_sha_update_string(h, conn_args->sending_ip_address);
+exim_sha_update_string(h, openssl_options);
+exim_sha_update_string(h, ob->tls_require_ciphers);
+exim_sha_update_string(h, tlsp->sni);
 #ifdef EXIM_HAVE_ALPN
-if (ob->tls_alpn)
-  exim_sha_update(h, ob->tls_alpn,             Ustrlen(ob->tls_alpn));
+exim_sha_update_string(h, ob->tls_alpn);
 #endif
 exim_sha_finish(h, &b);
 for (g = string_get(b.len*2+1); b.len-- > 0; )