#if GNUTLS_VERSION_NUMBER >= 0x020c00
# include <gnutls/pkcs11.h>
#endif
-#ifdef EXPERIMENTAL_OCSP
+#ifndef DISABLE_OCSP
# include <gnutls/ocsp.h>
#endif
static int exim_sni_handling_cb(gnutls_session_t session);
-#ifdef EXPERIMENTAL_OCSP
+#ifndef DISABLE_OCSP
static int server_ocsp_stapling_cb(gnutls_session_t session, void * ptr,
gnutls_datum_t * ocsp_response);
#endif
/* Set the OCSP stapling server info */
-#ifdef EXPERIMENTAL_OCSP
+#ifndef DISABLE_OCSP
if ( !host /* server */
&& tls_ocsp_file
)
-#ifdef EXPERIMENTAL_OCSP
+#ifndef DISABLE_OCSP
static int
server_ocsp_stapling_cb(gnutls_session_t session, void * ptr,
int rc;
const char *error;
exim_gnutls_state_st *state = NULL;
-#ifdef EXPERIMENTAL_OCSP
+#ifndef DISABLE_OCSP
BOOL require_ocsp = verify_check_this_host(&ob->hosts_require_ocsp,
NULL, host->name, host->address, NULL) == OK;
BOOL request_ocsp = require_ocsp ? TRUE
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_IGNORE);
}
-#ifdef EXPERIMENTAL_OCSP /* since GnuTLS 3.1.3 */
+#ifndef DISABLE_OCSP
+ /* supported since GnuTLS 3.1.3 */
if (request_ocsp)
{
DEBUG(D_tls) debug_printf("TLS: will request OCSP stapling\n");
!verify_certificate(state, &error))
return tls_error(US"certificate verification failed", error, state->host);
-#ifdef EXPERIMENTAL_OCSP
+#ifndef DISABLE_OCSP
if (require_ocsp)
{
DEBUG(D_tls)