goto err;
X509_set_version(x509, 2); /* N+1 - version 3 */
-ASN1_INTEGER_set(X509_get_serialNumber(x509), 0);
+ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
X509_gmtime_adj(X509_get_notBefore(x509), 0);
X509_gmtime_adj(X509_get_notAfter(x509), (long)60 * 60); /* 1 hour */
X509_set_pubkey(x509, pkey);
else
DEBUG(D_tls) debug_printf("no SSL CTX options to set\n");
-/* Disable session cache unconditionally */
-
+/* We'd like to disable session cache unconditionally, but foolish Outlook
+Express clients then give up the first TLS connection and make a second one
+(which works). Only when there is an IMAP service on the same machine.
+Presumably OE is trying to use the cache for A on B. Leave it enabled for
+now, until we work out a decent way of presenting control to the config. It
+will never be used because we use a new context every time. */
+#ifdef notdef
(void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+#endif
/* Initialize with DH parameters if supplied */
/* Initialize ECDH temp key parameter selection */
* Set up for verifying certificates *
*************************************************/
+#ifndef DISABLE_OCSP
/* Load certs from file, return TRUE on success */
static BOOL
BIO_free(bp);
return TRUE;
}
+#endif
if (SSL_get_shutdown(server_ssl) == SSL_RECEIVED_SHUTDOWN)
SSL_shutdown(server_ssl);
+#ifndef DISABLE_OCSP
sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free);
+ server_static_cbinfo->verify_stack = NULL;
+#endif
SSL_free(server_ssl);
SSL_CTX_free(server_ctx);
- server_static_cbinfo->verify_stack = NULL;
server_ctx = NULL;
server_ssl = NULL;
tls_in.active = -1;
}
}
+#ifndef DISABLE_OCSP
if (is_server)
{
sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free);
server_static_cbinfo->verify_stack = NULL;
}
+#endif
SSL_CTX_free(*ctxp);
SSL_free(*sslp);