X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/1d717e1c110562fd6bf28478c79f180cafeba776..870ce70e11912e8858ef4c071f2778b93a4b2ac9:/src/src/tls-openssl.c

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index a236bc0c6..c97dc1bff 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2784,6 +2784,9 @@ if (SSL_session_reused(server_ssl))
 /* TLS has been set up. Record data for the connection,
 adjust the input functions to read via TLS, and initialize things. */
 
+#ifdef SSL_get_extms_support
+tls_in.ext_master_secret = SSL_get_extms_support(server_ssl) == 1;
+#endif
 peer_cert(server_ssl, &tls_in, peerdn, sizeof(peerdn));
 
 tls_in.ver = tlsver_name(server_ssl);
@@ -2831,7 +2834,7 @@ See description in https://paquier.xyz/postgresql-2/channel-binding-openssl/ */
   store_pool = POOL_PERM;
     tls_in.channelbinding = b64encode_taint(CUS s, (int)len, FALSE);
   store_pool = old_pool;
-  DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n");
+  DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage %p\n", tls_in.channelbinding);
   }
 
 /* Only used by the server-side tls (tls_in), including tls_getc.
@@ -3384,6 +3387,9 @@ DEBUG(D_tls)
 tls_client_resume_posthandshake(exim_client_ctx, tlsp);
 #endif
 
+#ifdef SSL_get_extms_support
+tlsp->ext_master_secret = SSL_get_extms_support(exim_client_ctx->ssl) == 1;
+#endif
 peer_cert(exim_client_ctx->ssl, tlsp, peerdn, sizeof(peerdn));
 
 tlsp->ver = tlsver_name(exim_client_ctx->ssl);
@@ -3407,7 +3413,7 @@ tlsp->cipher_stdname = cipher_stdname_ssl(exim_client_ctx->ssl);
   store_pool = POOL_PERM;
     tlsp->channelbinding = b64encode_taint(CUS s, (int)len, TRUE);
   store_pool = old_pool;
-  DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n");
+  DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage %p %p\n", tlsp->channelbinding, tlsp);
   }
 
 tlsp->active.sock = cctx->sock;