# include <gnutls/gnutls.h>
# include <gnutls/x509.h>
# if GNUTLS_VERSION_NUMBER >= 0x030103
-# define HAVE_OCSP
+# define HAVE_GNUTLS_OCSP
# include <gnutls/ocsp.h>
# endif
# ifndef GNUTLS_NO_EXTENSIONS
if (*inptr != 0)
goto nextinput;
- #ifdef HAVE_TLS
+#ifdef HAVE_TLS
if (srv->sent_starttls)
{
if (lineptr[0] == '2')
printf("Attempting to start TLS\n");
fflush(stdout);
- #ifdef HAVE_OPENSSL
+# ifdef HAVE_OPENSSL
srv->tls_active = tls_start(srv->sock, &srv->ssl, srv->ctx);
- #endif
+# endif
- #ifdef HAVE_GNUTLS
+# ifdef HAVE_GNUTLS
{
int rc;
fd_set rfd;
DEBUG { printf("gnutls_record_recv: %d\n", rc); fflush(stdout); }
}
}
- #endif
+# endif /*HAVE_GNUTLS*/
if (!srv->tls_active)
{
printf("Failed to start TLS\n");
fflush(stdout);
}
- #ifdef HAVE_GNUTLS
+
+# ifdef HAVE_OPENSSL
+ else if (ocsp_stapling)
+ printf("Succeeded in starting TLS (with OCSP)\n");
+# endif
+
+# ifdef HAVE_GNUTLS
else if (ocsp_stapling)
{
if ((rc= gnutls_certificate_verify_peers2(tls_session, &verify)) < 0)
printf("Bad certificate\n");
fflush(stdout);
}
- #ifdef HAVE_OCSP
+# ifdef HAVE_GNUTLS_OCSP
else if (gnutls_ocsp_status_request_is_checked(tls_session, 0) == 0)
{
printf("Failed to verify certificate status\n");
fflush(stdout);
}
else
+ {
+ printf("OCSP status response: good signature\n");
printf("Succeeded in starting TLS (with OCSP)\n");
- #endif
+ }
+# endif /*HAVE_GNUTLS_OCSP*/
}
- #endif
+# endif /*HAVE_GNUTLS*/
+
else
printf("Succeeded in starting TLS\n");
}
- else printf("Abandoning TLS start attempt\n");
+ else
+ printf("Abandoning TLS start attempt\n");
}
srv->sent_starttls = 0;
#endif
if (keyfile != NULL) printf("Key file = %s\n", keyfile);
tls_init(US certfile, US keyfile);
tls_session = tls_session_init();
-#ifdef HAVE_OCSP
+#ifdef HAVE_GNUTLS_OCSP
if (ocsp_stapling)
gnutls_ocsp_status_request_enable_client(tls_session, NULL, 0, NULL);
#endif
if (!srv.tls_active)
printf("Failed to start TLS\n");
-#if defined(HAVE_GNUTLS) && defined(HAVE_OCSP)
+#if defined(HAVE_GNUTLS) && defined(HAVE_GNUTLS_OCSP)
else if ( ocsp_stapling
&& gnutls_ocsp_status_request_is_checked(tls_session, 0) == 0)
printf("Failed to verify certificate status\n");
<<< 220 TLS go ahead
Attempting to start TLS
OCSP status response: good signature
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
>>> helo test
??? 250
<<< 250 server1.example.com Hello test [ip4.ip4.ip4.ip4]
<<< 220 TLS go ahead
Attempting to start TLS
no OCSP response received
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
End of script
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/cert2
<<< 220 TLS go ahead
Attempting to start TLS
no OCSP response received
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
End of script
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/cert2
<<< 220 TLS go ahead
Attempting to start TLS
OCSP status response: good signature
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
>>> helo test
??? 250
<<< 250 server1.example.com Hello test [ip4.ip4.ip4.ip4]
<<< 220 TLS go ahead
Attempting to start TLS
no OCSP response received
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
End of script
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/cert2
<<< 220 TLS go ahead
Attempting to start TLS
no OCSP response received
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
End of script
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/cert2