git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Guard TLS SNI callback define better.
[exim.git]
/
src
/
src
/
tls-openssl.c
diff --git
a/src/src/tls-openssl.c
b/src/src/tls-openssl.c
index e485aa67d74e4fad0834ac405bd1498181863f95..de9c659a6ce8efdc67c682f38132b603efbf4afa 100644
(file)
--- a/
src/src/tls-openssl.c
+++ b/
src/src/tls-openssl.c
@@
-2,7
+2,7
@@
* Exim - an Internet mail transport agent *
*************************************************/
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 20
09
*/
+/* Copyright (c) University of Cambridge 1995 - 20
12
*/
/* See the file NOTICE for conditions of use and distribution. */
/* This module provides the TLS (aka SSL) support for Exim using the OpenSSL
/* See the file NOTICE for conditions of use and distribution. */
/* This module provides the TLS (aka SSL) support for Exim using the OpenSSL
@@
-29,6
+29,10
@@
functions from the OpenSSL library. */
#define EXIM_OCSP_MAX_AGE (-1L)
#endif
#define EXIM_OCSP_MAX_AGE (-1L)
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+#define EXIM_HAVE_OPENSSL_TLSEXT
+#endif
+
/* Structure for collecting random data for seeding. */
typedef struct randstuff {
/* Structure for collecting random data for seeding. */
typedef struct randstuff {
@@
-77,7
+81,9
@@
static int
setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional);
/* Callbacks */
setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional);
/* Callbacks */
+#ifdef EXIM_HAVE_OPENSSL_TLSEXT
static int tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg);
static int tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg);
+#endif
#ifdef EXPERIMENTAL_OCSP
static int tls_stapling_cb(SSL *s, void *arg);
#endif
#ifdef EXPERIMENTAL_OCSP
static int tls_stapling_cb(SSL *s, void *arg);
#endif
@@
-540,6
+546,7
@@
Arguments:
Returns: SSL_TLSEXT_ERR_{OK,ALERT_WARNING,ALERT_FATAL,NOACK}
*/
Returns: SSL_TLSEXT_ERR_{OK,ALERT_WARNING,ALERT_FATAL,NOACK}
*/
+#ifdef EXIM_HAVE_OPENSSL_TLSEXT
static int
tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg)
{
static int
tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg)
{
@@
-606,6
+613,7
@@
SSL_set_SSL_CTX(s, ctx_sni);
return SSL_TLSEXT_ERR_OK;
}
return SSL_TLSEXT_ERR_OK;
}
+#endif /* EXIM_HAVE_OPENSSL_TLSEXT */
@@
-768,7
+776,7
@@
rc = tls_expand_session_files(ctx, cbinfo);
if (rc != OK) return rc;
/* If we need to handle SNI, do so */
if (rc != OK) return rc;
/* If we need to handle SNI, do so */
-#if
OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+#if
def EXIM_HAVE_OPENSSL_TLSEXT
if (host == NULL)
{
#ifdef EXPERIMENTAL_OCSP
if (host == NULL)
{
#ifdef EXPERIMENTAL_OCSP
@@
-1751,7
+1759,7
@@
uschar keep_c;
BOOL adding, item_parsed;
result = 0L;
BOOL adding, item_parsed;
result = 0L;
-/* Prior to 4.
78
we or'd in SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; removed
+/* Prior to 4.
80
we or'd in SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; removed
* from default because it increases BEAST susceptibility. */
if (option_spec == NULL)
* from default because it increases BEAST susceptibility. */
if (option_spec == NULL)