OpenSSL fix empty tls_verify_certificates.

[exim.git] / src / src / tls-openssl.c

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 08b92bae56f9e3023ed88f804a71d4a97704b6a0..42afd3949ec343caa29d5f26e7508114f6b0ddd8 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -689,7 +689,7 @@ if (cbinfo->server_cipher_list)
 if (cbinfo->ocsp_file)
   {
   SSL_CTX_set_tlsext_status_cb(server_sni, tls_stapling_cb);
-  SSL_CTX_set_tlsext_status_arg(server_ctx, cbinfo);
+  SSL_CTX_set_tlsext_status_arg(server_sni, cbinfo);
   }
 #endif
 
@@ -788,6 +788,8 @@ cbinfo->certificate = certificate;
 cbinfo->privatekey = privatekey;
 #ifdef EXPERIMENTAL_OCSP
 cbinfo->ocsp_file = ocsp_file;
+cbinfo->ocsp_file_expanded = NULL;
+cbinfo->ocsp_response = NULL;
 #endif
 cbinfo->dhparam = dhparam;
 cbinfo->host = host;
@@ -1006,7 +1008,7 @@ uschar *expcerts, *expcrl;
 if (!expand_check(certs, US"tls_verify_certificates", &expcerts))
   return DEFER;
 
-if (expcerts != NULL)
+if (expcerts != NULL && *expcerts != '\0')
   {
   struct stat statbuf;
   if (!SSL_CTX_set_default_verify_paths(sctx))
@@ -1370,7 +1372,7 @@ if (sni)
 #else
     DEBUG(D_tls)
       debug_printf("OpenSSL at build-time lacked SNI support, ignoring \"%s\"\n",
-          tls_sni);
+          tls_out.sni);
 #endif
     }
   }