Fix non-OCSP OpenSSL build

Issue found by: Frank Elsner

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 9816f734f3018a0bcf0638139c759a9dc144d7fa..b225eb7624f7d0b15a86cc8c5efc246d6ae9e563 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -94,6 +94,10 @@ functions from the OpenSSL library. */
 # define DISABLE_OCSP
 #endif
 
+#ifdef EXIM_HAVE_OPENSSL_CHECKHOST
+# include <openssl/x509v3.h>
+#endif
+
 /* Structure for collecting random data for seeding. */
 
 typedef struct randstuff {
@@ -147,8 +151,8 @@ static BOOL reexpand_tls_files_for_sni = FALSE;
 typedef struct tls_ext_ctx_cb {
   uschar *certificate;
   uschar *privatekey;
-#ifndef DISABLE_OCSP
   BOOL is_server;
+#ifndef DISABLE_OCSP
   STACK_OF(X509) *verify_stack;                /* chain for verifying the proof */
   union {
     struct {
@@ -1483,9 +1487,10 @@ tls_ext_ctx_cb * cbinfo;
 cbinfo = store_malloc(sizeof(tls_ext_ctx_cb));
 cbinfo->certificate = certificate;
 cbinfo->privatekey = privatekey;
+cbinfo->is_server = host==NULL;
 #ifndef DISABLE_OCSP
 cbinfo->verify_stack = NULL;
-if ((cbinfo->is_server = host==NULL))
+if (!host)
   {
   cbinfo->u_ocsp.server.file = ocsp_file;
   cbinfo->u_ocsp.server.file_expanded = NULL;

diff --git a/test/confs/5860 b/test/confs/5860
index 94436c3449b08b9d64a7c052fb138289228b2a5c..81eb5a16da9eee01b159da6ade7caa8f93551bd5 100644 (file)
--- a/test/confs/5860
+++ b/test/confs/5860
@@ -74,9 +74,11 @@ send_to_server:
 
 #  hosts_try_dane = *
   hosts_require_dane = *
+.ifdef _HAVE_OCSP
   hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \
                                 {= {0}{$tls_out_tlsa_usage}} } \
                         {*}{}}
+.endif
 
   event_action =   ${acl {logger}}