X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/a28050f855e0011e0b6f1b395d65e3cebcb277a2..1613fd68b5931757016c3c25fdc3b0f37827e7f1:/src/src/tls-openssl.c

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index bfdfe211f..db48c9451 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1000,7 +1000,7 @@ if (!EVP_PKEY_assign_RSA(pkey, rsa))
   goto err;
 
 X509_set_version(x509, 2);				/* N+1 - version 3 */
-ASN1_INTEGER_set(X509_get_serialNumber(x509), 0);
+ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
 X509_gmtime_adj(X509_get_notBefore(x509), 0);
 X509_gmtime_adj(X509_get_notAfter(x509), (long)60 * 60);	/* 1 hour */
 X509_set_pubkey(x509, pkey);
@@ -1752,6 +1752,7 @@ else
 *        Set up for verifying certificates       *
 *************************************************/
 
+#ifndef DISABLE_OCSP
 /* Load certs from file, return TRUE on success */
 
 static BOOL
@@ -1769,6 +1770,7 @@ while ((x = PEM_read_bio_X509(bp, NULL, 0, NULL)))
 BIO_free(bp);
 return TRUE;
 }
+#endif
 
 
 
@@ -2475,7 +2477,16 @@ if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
 inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer,
 		  MIN(ssl_xfer_buffer_size, lim));
 error = SSL_get_error(server_ssl, inbytes);
-alarm(0);
+if (smtp_receive_timeout > 0) alarm(0);
+
+if (had_command_timeout)		/* set by signal handler */
+  smtp_command_timeout_exit();		/* does not return */
+if (had_command_sigterm)
+  smtp_command_sigterm_exit();
+if (had_data_timeout)
+  smtp_data_timeout_exit();
+if (had_data_sigint)
+  smtp_data_sigint_exit();
 
 /* SSL_ERROR_ZERO_RETURN appears to mean that the SSL session has been
 closed down, not that the socket itself has been closed down. Revert to
@@ -2496,10 +2507,12 @@ if (error == SSL_ERROR_ZERO_RETURN)
   if (SSL_get_shutdown(server_ssl) == SSL_RECEIVED_SHUTDOWN)
  	SSL_shutdown(server_ssl);
 
+#ifndef DISABLE_OCSP
   sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free);
+  server_static_cbinfo->verify_stack = NULL;
+#endif
   SSL_free(server_ssl);
   SSL_CTX_free(server_ctx);
-  server_static_cbinfo->verify_stack = NULL;
   server_ctx = NULL;
   server_ssl = NULL;
   tls_in.active = -1;
@@ -2773,11 +2786,13 @@ if (shutdown)
     }
   }
 
+#ifndef DISABLE_OCSP
 if (is_server)
   {
   sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free);
   server_static_cbinfo->verify_stack = NULL;
   }
+#endif
 
 SSL_CTX_free(*ctxp);
 SSL_free(*sslp);