git://git.exim.org / exim.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 261fc93)
GnuTLS: when library too old for system CA bundle support, do not default options...
authorJeremy Harris <jgh146exb@wizmail.org>
Sun, 4 Oct 2020 22:08:45 +0000 (23:08 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Mon, 5 Oct 2020 15:57:12 +0000 (16:57 +0100)
src/src/globals.c patch | blob | history
src/src/transports/smtp.c patch | blob | history
test/runtest patch | blob | history

diff --git a/src/src/globals.c b/src/src/globals.c
index d029f7540b4923b629f4ab410137d9869d23a333..b7e117868100d8136e37a3e08127fe33d29e050d 100644 (file)
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -141,7 +141,11 @@ uschar *tls_require_ciphers    = NULL;
 uschar *tls_resumption_hosts   = NULL;
 # endif
 uschar *tls_try_verify_hosts   = NULL;
+#if defined(SUPPORT_SYSDEFAULT_CABUNDLE) || !defined(USE_GNUTLS)
 uschar *tls_verify_certificates= US"system";
+#else
+uschar *tls_verify_certificates= NULL;
+#endif
 uschar *tls_verify_hosts       = NULL;
 int     tls_watch_fd          = -1;
 time_t  tls_watch_trigger_time = (time_t)0;
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 0a3d8f1e9721e265d0622dbeaac20baad924ba09..a31982223452e21d68568ae336ac5203a2f73483 100644 (file)
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -192,7 +192,9 @@ smtp_transport_options_block smtp_transport_option_defaults = {
   .keepalive =                 TRUE,
   .retry_include_ip_address =  TRUE,
 #ifndef DISABLE_TLS
+# if defined(SUPPORT_SYSDEFAULT_CABUNDLE) || !defined(USE_GNUTLS)
   .tls_verify_certificates =   US"system",
+# endif
   .tls_dh_min_bits =           EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
   .tls_tempfail_tryclear =     TRUE,
   .tls_try_verify_hosts =      US"*",
diff --git a/test/runtest b/test/runtest
index 7e9b5d74c0fe1a3c4413b7ee8299a9ec85396f39..59184786b4a2e49ef0f98e7c039d67a1760a3c33 100755 (executable)
--- a/test/runtest
+++ b/test/runtest
@@ -1075,7 +1075,8 @@ RESET_AFTER_EXTRA_LINE_READ:
     next if /^TLS: preloading DH params for server/;
     next if /^Diffie-Hellman initialized from default/;
     next if /^TLS: preloading ECDH curve for server/;
-    next if /^ECDH OpenSSL [\d.+]+ temp key parameter settings:/;
+    next if /^ECDH OpenSSL [< ]?[\d.+]+ temp key parameter settings:/;
+    next if /^ECDH: .'*prime256v1'/;
     next if /^watch dir/;
 
     # TLS preload
Master Exim source repository