X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/d7d7b7b91dd75cec636fc144da7e27eed860f971..184e88237dea64ce48076cdd0184612d057cbafd:/src/src/tls-openssl.c diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index f20c6f4f0..297b68b0d 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1,10 +1,10 @@ -/* $Cambridge: exim/src/src/tls-openssl.c,v 1.6 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/tls-openssl.c,v 1.9 2007/01/08 10:50:18 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2006 */ +/* Copyright (c) University of Cambridge 1995 - 2007 */ /* See the file NOTICE for conditions of use and distribution. */ /* This module provides the TLS (aka SSL) support for Exim using the OpenSSL @@ -290,8 +290,8 @@ Returns: OK/DEFER/FAIL */ static int -tls_init(host_item *host, uschar *dhparam, uschar *certificate, uschar *privatekey, - address_item *addr) +tls_init(host_item *host, uschar *dhparam, uschar *certificate, + uschar *privatekey, address_item *addr) { SSL_load_error_strings(); /* basic set up */ OpenSSL_add_ssl_algorithms(); @@ -386,7 +386,11 @@ if (certificate != NULL) !expand_check(privatekey, US"tls_privatekey", &expanded)) return DEFER; - if (expanded != NULL) + /* If expansion was forced to fail, key_expanded will be NULL. If the result + of the expansion is an empty string, ignore it also, and assume the private + key is in the same file as the certificate. */ + + if (expanded != NULL && *expanded != 0) { DEBUG(D_tls) debug_printf("tls_privatekey file %s\n", expanded); if (!SSL_CTX_use_PrivateKey_file(ctx, CS expanded, SSL_FILETYPE_PEM)) @@ -680,7 +684,8 @@ if (!tls_on_connect) /* Now negotiate the TLS session. We put our own timer on it, since it seems that the OpenSSL library doesn't. */ -SSL_set_fd(ssl, fileno(smtp_out)); +SSL_set_wfd(ssl, fileno(smtp_out)); +SSL_set_rfd(ssl, fileno(smtp_in)); SSL_set_accept_state(ssl); DEBUG(D_tls) debug_printf("Calling SSL_accept\n");