be set to point to content in one of these instances, as appropriate for
the stage of the process lifetime.
-Not handled here: global tls_channelbinding_b64. /*XXX JGH */
+Not handled here: global tls_channelbinding_b64.
*/
typedef struct exim_gnutls_state {
uschar *exp_tls_crl;
uschar *exp_tls_require_ciphers;
- tls_support *tlsp;
+ tls_support *tlsp; /* set in tls_init() */
uschar *xfer_buffer;
int xfer_buffer_lwm;
{
if (!state->received_sni)
{
- if (state->tls_certificate && Ustrstr(state->tls_certificate, US"tls_sni"))
+ if (state->tls_certificate &&
+ (Ustrstr(state->tls_certificate, US"tls_sni") ||
+ Ustrstr(state->tls_certificate, US"tls_in_sni") ||
+ Ustrstr(state->tls_certificate, US"tls_out_sni")
+ ))
{
DEBUG(D_tls) debug_printf("We will re-expand TLS session files if we receive SNI.\n");
state->trigger_sni_changes = TRUE;
/* set SNI in client, only */
if (host)
{
- if (!expand_check_tlsvar(state->tlsp->sni))
+ if (!expand_check(state->tlsp->sni, "tls_out_sni", &state->exp_tls_sni))
return DEFER;
if (state->exp_tls_sni && *state->exp_tls_sni)
{
{
exim_gnutls_state_st *state = is_server ? &state_server : &state_client;
-if (state->tlsp->active < 0) return; /* TLS was not active */
+if (!state->tlsp || state->tlsp->active < 0) return; /* TLS was not active */
if (shutdown)
{
gnutls_deinit(state->session);
+state->tlsp->active = -1;
memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
if ((state_server.session == NULL) && (state_client.session == NULL))
exim_gnutls_base_init_done = FALSE;
}
-state->tlsp->active = -1;
}