Added tls_dh_max_bits & check tls_require_ciphers early.

[exim.git] / src / src / globals.h

diff --git a/src/src/globals.h b/src/src/globals.h
index d267a52b7651ea2b6db857f3a73b64dbb86bc2db..fbbec3230bb8efde8b236b65899d162ef6737fd8 100644 (file)
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2009 */
+/* Copyright (c) University of Cambridge 1995 - 2012 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Almost all the global variables are defined together in this one header, so
@@ -93,14 +93,16 @@ extern uschar *tls_advertise_hosts;    /* host for which TLS is advertised */
 extern uschar *tls_certificate;        /* Certificate file */
 extern uschar *tls_channelbinding_b64; /* string of base64 channel binding */
 extern uschar *tls_crl;                /* CRL File */
+extern int     tls_dh_max_bits;        /* don't accept higher lib suggestions */
 extern uschar *tls_dhparam;            /* DH param file */
+#if defined(EXPERIMENTAL_OCSP) && !defined(USE_GNUTLS)
+extern uschar *tls_ocsp_file;          /* OCSP stapling proof file */
+#endif
 extern BOOL    tls_offered;            /* Server offered TLS */
 extern uschar *tls_privatekey;         /* Private key file */
 extern BOOL    tls_remember_esmtp;     /* For YAEB */
 extern uschar *tls_require_ciphers;    /* So some can be avoided */
-#ifndef USE_GNUTLS
 extern uschar *tls_sni;                /* Server Name Indication */
-#endif
 extern uschar *tls_try_verify_hosts;   /* Optional client verification */
 extern uschar *tls_verify_certificates;/* Path for certificates to check */
 extern uschar *tls_verify_hosts;       /* Mandatory client verification */