# warning "GnuTLS library version too old; TPDA tls:cert event unsupported"
# undef EXPERIMENTAL_TPDA
#endif
+#if GNUTLS_VERSION_NUMBER >= 0x030306
+# define SUPPORT_CA_DIR
+#else
+# undef SUPPORT_CA_DIR
+#endif
#ifndef DISABLE_OCSP
# include <gnutls/ocsp.h>
return DEFER;
}
+#ifndef SUPPORT_CA_DIR
/* The test suite passes in /dev/null; we could check for that path explicitly,
but who knows if someone has some weird FIFO which always dumps some certs, or
other weirdness. The thing we really want to check is that it's not a
state->exp_tls_verify_certificates);
return DEFER;
}
+#endif
DEBUG(D_tls) debug_printf("verify certificates = %s size=" OFF_T_FMT "\n",
state->exp_tls_verify_certificates, statbuf.st_size);
return OK;
}
-cert_count = gnutls_certificate_set_x509_trust_file(state->x509_cred,
+cert_count =
+
+#ifdef SUPPORT_CA_DIR
+ (statbuf.st_mode & S_IFMT) == S_IFDIR
+ ?
+ gnutls_certificate_set_x509_trust_dir(state->x509_cred,
+ CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM)
+ :
+#endif
+ gnutls_certificate_set_x509_trust_file(state->x509_cred,
CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM);
+
if (cert_count < 0)
{
rc = cert_count;
int
tls_client_start(int fd, host_item *host,
address_item *addr ARG_UNUSED,
- transport_instance *tb)
+ transport_instance *tb
+#ifdef EXPERIMENTAL_DANE
+ , dne_answer * unused_tlsa_dnsa
+#endif
+ )
{
smtp_transport_options_block *ob =
(smtp_transport_options_block *)tb->options_block;
git://git.exim.org / exim.git / blobdiff