OpenSSL 1.0.0 const fix for SSL_get_current_cipher

[exim.git] / src / src / tls-openssl.c

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index e01edc0085361e41c7a460689d52be6dfbbb992f..b6a8dcb8c74e085ca4f17f0378665e43c1d79f1e 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/tls-openssl.c,v 1.27 2010/06/07 00:12:42 pdp Exp $ */
+/* $Cambridge: exim/src/src/tls-openssl.c,v 1.28 2010/06/12 17:56:32 jetmore Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -438,7 +438,10 @@ static void
 construct_cipher_name(SSL *ssl)
 {
 static uschar cipherbuf[256];
-SSL_CIPHER *c;
+/* With OpenSSL 1.0.0a, this needs to be const but the documentation doesn't
+yet reflect that.  It should be a safe change anyway, even 0.9.8 versions have
+the accessor functions use const in the prototype. */
+const SSL_CIPHER *c;
 uschar *ver;
 int bits;
 
@@ -460,7 +463,7 @@ switch (ssl->session->ssl_version)
   ver = US"UNKNOWN";
   }
 
-c = SSL_get_current_cipher(ssl);
+c = (const SSL_CIPHER *) SSL_get_current_cipher(ssl);
 SSL_CIPHER_get_bits(c, &bits);
 
 string_format(cipherbuf, sizeof(cipherbuf), "%s:%s:%u", ver,
@@ -714,7 +717,7 @@ if (rc <= 0)
   tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL);
   if (ERR_get_error() == 0)
     log_write(0, LOG_MAIN,
-        "  => client disconnected cleanly (rejected our certificate?)\n");
+        "TLS client disconnected cleanly (rejected our certificate?)");
   return FAIL;
   }