From 1013a770f1be6eff05c4b835bb92b2c916fdd341 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Tue, 22 Jun 2021 23:42:24 +0100
Subject: [PATCH] GnuTLS: fix build with older GnuTLS

The ALPN handling we need requires later features than the basic functions.
Broken-byu: f50a063dc0
---
 src/src/tls-gnu.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 1affba366..2d7041f3e 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -120,7 +120,9 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
 #endif
 
 #if GNUTLS_VERSION_NUMBER >= 0x030200
-# define EXIM_HAVE_ALPN
+# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
+#  define EXIM_HAVE_ALPN
+# endif
 #endif
 
 #ifndef DISABLE_OCSP
@@ -1142,12 +1144,12 @@ tls_server_certstatus_cb(gnutls_session_t session, unsigned int htype,
   unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
 {
 DEBUG(D_tls) debug_printf("Sending certificate-status\n");		/*XXX we get this for tls1.2 but not for 1.3 */
-#ifdef SUPPORT_SRV_OCSP_STACK
+# ifdef SUPPORT_SRV_OCSP_STACK
 tls_in.ocsp = exim_testharness_disable_ocsp_validity_check
   ? OCSP_VFY_NOT_TRIED : OCSP_VFIED;	/* We know that GnuTLS verifies responses */
-#else
+# else
 tls_in.ocsp = OCSP_VFY_NOT_TRIED;
-#endif
+# endif
 return 0;
 }
 
-- 
2.30.2