X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/10ca4f1ca3116f346dcc19645b59c443e57d26a8..8c5d388a6e12d1a8bd4aa565920238f8a921414a:/src/src/tls-openssl.c

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index e1dcd77bc..704522b50 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -388,7 +388,7 @@ else if (depth != 0)
     {	/* client, wanting stapling  */
     /* Add the server cert's signing chain as the one
     for the verification of the OCSP stapled information. */
-  
+
     if (!X509_STORE_add_cert(client_static_cbinfo->u_ocsp.client.verify_store,
                              cert))
       ERR_clear_error();
@@ -659,15 +659,15 @@ Returns:    TRUE if OK (nothing to set up, or setup worked)
 static BOOL
 init_ecdh(SSL_CTX * sctx, host_item * host)
 {
+#ifdef OPENSSL_NO_ECDH
+return TRUE;
+#else
+
 EC_KEY * ecdh;
 uschar * exp_curve;
 int nid;
 BOOL rv;
 
-#ifdef OPENSSL_NO_ECDH
-return TRUE;
-#else
-
 if (host)	/* No ECDH setup for clients, only for servers */
   return TRUE;
 
@@ -708,7 +708,7 @@ if (  (nid = OBJ_sn2nid       (CCS exp_curve)) == NID_undef
 
 if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
   {
-  tls_error("Unable to create ec curve", host, NULL);
+  tls_error(US"Unable to create ec curve", host, NULL);
   return FALSE;
   }
 
@@ -1111,8 +1111,7 @@ len = SSL_get_tlsext_status_ocsp_resp(s, &p);
 if(!p)
  {
   /* Expect this when we requested ocsp but got none */
-  if (  cbinfo->u_ocsp.client.verify_required
-     && log_extra_selector & LX_tls_cipher)
+  if (cbinfo->u_ocsp.client.verify_required && LOGGING(tls_cipher))
     log_write(0, LOG_MAIN, "Received TLS status callback, null content");
   else
     DEBUG(D_tls) debug_printf(" null\n");
@@ -1122,7 +1121,7 @@ if(!p)
 if(!(rsp = d2i_OCSP_RESPONSE(NULL, &p, len)))
  {
   tls_out.ocsp = OCSP_FAILED;
-  if (log_extra_selector & LX_tls_cipher)
+  if (LOGGING(tls_cipher))
     log_write(0, LOG_MAIN, "Received TLS cert status response, parse error");
   else
     DEBUG(D_tls) debug_printf(" parse error\n");
@@ -1132,7 +1131,7 @@ if(!(rsp = d2i_OCSP_RESPONSE(NULL, &p, len)))
 if(!(bs = OCSP_response_get1_basic(rsp)))
   {
   tls_out.ocsp = OCSP_FAILED;
-  if (log_extra_selector & LX_tls_cipher)
+  if (LOGGING(tls_cipher))
     log_write(0, LOG_MAIN, "Received TLS cert status response, error parsing response");
   else
     DEBUG(D_tls) debug_printf(" error parsing response\n");
@@ -1163,7 +1162,7 @@ if(!(bs = OCSP_response_get1_basic(rsp)))
 	      cbinfo->u_ocsp.client.verify_store, 0)) <= 0)
       {
       tls_out.ocsp = OCSP_FAILED;
-      if (log_extra_selector & LX_tls_cipher)
+      if (LOGGING(tls_cipher))
 	log_write(0, LOG_MAIN, "Received TLS cert status response, itself unverifiable");
       BIO_printf(bp, "OCSP response verify failure\n");
       ERR_print_errors(bp);
@@ -1839,7 +1838,7 @@ tls_client_basic_ctx_init(SSL_CTX * ctx,
 			  )
 {
 int rc;
-/* stick to the old behaviour for compatibility if tls_verify_certificates is 
+/* stick to the old behaviour for compatibility if tls_verify_certificates is
    set but both tls_verify_hosts and tls_try_verify_hosts is not set. Check only
    the specified host patterns if one of them is defined */
 
@@ -1861,7 +1860,7 @@ if ((rc = setup_certs(ctx, ob->tls_verify_certificates,
 if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
   {
   cbinfo->verify_cert_hostnames =
-#ifdef EXPERIMENTAL_INTERNATIONAL
+#ifdef SUPPORT_I18N
     string_domain_utf8_to_alabel(host->name, NULL);
 #else
     host->name;