/* TLS support can be optionally included, either for OpenSSL or GnuTLS. The
latter needs a whole pile of tables. */
-
#ifdef HAVE_OPENSSL
# define HAVE_TLS
# include <openssl/crypto.h>
# include <openssl/ssl.h>
# include <openssl/err.h>
# include <openssl/rand.h>
-# include <openssl/ocsp.h>
+
+# if OPENSSL_VERSION_NUMBER < 0x0090806fL && !defined(DISABLE_OCSP) && !defined(OPENSSL_NO_TLSEXT)
+# warning "OpenSSL library version too old; define DISABLE_OCSP in Makefile"
+# define DISABLE_OCSP
+# endif
+# ifndef DISABLE_OCSP
+# include <openssl/ocsp.h>
+# endif
#endif
}
+#ifndef DISABLE_OCSP
static int
tls_client_stapling_cb(SSL *s, void *arg)
{
X509_STORE_free(store);
return ret;
}
+#endif
/*************************************************
tls_start(int sock, SSL **ssl, SSL_CTX *ctx)
{
int rc;
-static const char *sid_ctx = "exim";
+static const unsigned char *sid_ctx = US"exim";
RAND_load_file("client.c", -1); /* Not *very* random! */
*ssl = SSL_new (ctx);
-SSL_set_session_id_context(*ssl, sid_ctx, strlen(sid_ctx));
+SSL_set_session_id_context(*ssl, sid_ctx, strlen(CS sid_ctx));
SSL_set_fd (*ssl, sock);
SSL_set_connect_state(*ssl);
+#ifndef DISABLE_OCSP
if (ocsp_stapling)
{
SSL_CTX_set_tlsext_status_cb(ctx, tls_client_stapling_cb);
SSL_CTX_set_tlsext_status_arg(ctx, BIO_new_fp(stdout, BIO_NOCLOSE));
SSL_set_tlsext_status_type(*ssl, TLSEXT_STATUSTYPE_ocsp);
}
+#endif
signal(SIGALRM, sigalrm_handler_flag);
sigalrm_seen = 0;
if (rc < 0)
{
close(sock);
- printf("failed: %s\n", strerror(save_errno));
+ printf("connect failed: %s\n", strerror(save_errno));
exit(85);
}
}
#endif
-while (fgets(outbuffer, sizeof(outbuffer), stdin) != NULL)
+while (fgets(CS outbuffer, sizeof(outbuffer), stdin) != NULL)
{
- int n = (int)strlen(outbuffer);
+ int n = (int)strlen(CS outbuffer);
while (n > 0 && isspace(outbuffer[n-1])) n--;
outbuffer[n] = 0;
/* Expect incoming */
- if (strncmp(outbuffer, "??? ", 4) == 0)
+ if (strncmp(CS outbuffer, "??? ", 4) == 0)
{
unsigned char *lineptr;
printf("%s\n", outbuffer);
}
printf("<<< %s\n", lineptr);
- if (strncmp(lineptr, outbuffer + 4, (int)strlen(outbuffer) - 4) != 0)
+ if (strncmp(CS lineptr, CS outbuffer + 4, (int)strlen(CS outbuffer) - 4) != 0)
{
printf("\n******** Input mismatch ********\n");
exit(79);
/* Wait for a bit before proceeding */
- else if (strncmp(outbuffer, "+++ ", 4) == 0)
+ else if (strncmp(CS outbuffer, "+++ ", 4) == 0)
{
printf("%s\n", outbuffer);
- sleep(atoi(outbuffer + 4));
+ sleep(atoi(CS outbuffer + 4));
}
/* Send outgoing, but barf if unconsumed incoming */
/* Shutdown TLS */
- if (strcmp(outbuffer, "stoptls") == 0 ||
- strcmp(outbuffer, "STOPTLS") == 0)
+ if (strcmp(CS outbuffer, "stoptls") == 0 ||
+ strcmp(CS outbuffer, "STOPTLS") == 0)
{
if (!tls_active)
{
/* Remember that we sent STARTTLS */
- sent_starttls = (strcmp(outbuffer, "starttls") == 0 ||
- strcmp(outbuffer, "STARTTLS") == 0);
+ sent_starttls = (strcmp(CS outbuffer, "starttls") == 0 ||
+ strcmp(CS outbuffer, "STARTTLS") == 0);
/* Fudge: if the command is "starttls_wait", we send the starttls bit,
but we haven't set the flag, so that there is no negotiation. This is for
testing the server's timeout. */
- if (strcmp(outbuffer, "starttls_wait") == 0)
+ if (strcmp(CS outbuffer, "starttls_wait") == 0)
{
outbuffer[8] = 0;
n = 8;
#endif
printf(">>> %s\n", outbuffer);
- strcpy(outbuffer + n, "\r\n");
+ strcpy(CS outbuffer + n, "\r\n");
/* Turn "\n" and "\r" into the relevant characters. This is a hack. */
- while ((escape = strstr(outbuffer, "\\r")) != NULL)
+ while ((escape = US strstr(CS outbuffer, "\\r")) != NULL)
{
*escape = '\r';
memmove(escape + 1, escape + 2, (n + 2) - (escape - outbuffer) - 2);
n--;
}
- while ((escape = strstr(outbuffer, "\\n")) != NULL)
+ while ((escape = US strstr(CS outbuffer, "\\n")) != NULL)
{
*escape = '\n';
memmove(escape + 1, escape + 2, (n + 2) - (escape - outbuffer) - 2);