[exim-cvs] Guard TLS SNI callback define better.

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Exim Git Commits Mailing List
Datum:  
To: exim-cvs
Betreff: [exim-cvs] Guard TLS SNI callback define better.
Gitweb: http://git.exim.org/exim.git/commitdiff/3bcbbbe2697819d248259b1938ffd52d2bf4090b
Commit:     3bcbbbe2697819d248259b1938ffd52d2bf4090b
Parent:     5779e6aa2e83b7e60d0c20e873de922b88e35be4
Author:     Phil Pennock <pdp@???>
AuthorDate: Sun May 20 19:35:34 2012 -0400
Committer:  Phil Pennock <pdp@???>
CommitDate: Sun May 20 19:35:34 2012 -0400


    Guard TLS SNI callback define better.


    Guarded the callback invocation on OpenSSL having TLS extension support.
    Failed to guard the callback definition.  Fixed.
    Problem spotted by Todd Lyons.
---
 src/src/tls-openssl.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)


diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 1938d2f..de9c659 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -29,6 +29,10 @@ functions from the OpenSSL library. */
#define EXIM_OCSP_MAX_AGE (-1L)
#endif

+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+#define EXIM_HAVE_OPENSSL_TLSEXT
+#endif
+
/* Structure for collecting random data for seeding. */

typedef struct randstuff {
@@ -77,7 +81,9 @@ static int
setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional);

 /* Callbacks */
+#ifdef EXIM_HAVE_OPENSSL_TLSEXT
 static int tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg);
+#endif
 #ifdef EXPERIMENTAL_OCSP
 static int tls_stapling_cb(SSL *s, void *arg);
 #endif
@@ -540,6 +546,7 @@ Arguments:
 Returns:          SSL_TLSEXT_ERR_{OK,ALERT_WARNING,ALERT_FATAL,NOACK}
 */


+#ifdef EXIM_HAVE_OPENSSL_TLSEXT
static int
tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg)
{
@@ -606,6 +613,7 @@ SSL_set_SSL_CTX(s, ctx_sni);

return SSL_TLSEXT_ERR_OK;
}
+#endif /* EXIM_HAVE_OPENSSL_TLSEXT */



@@ -768,7 +776,7 @@ rc = tls_expand_session_files(ctx, cbinfo);
if (rc != OK) return rc;

/* If we need to handle SNI, do so */
-#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+#ifdef EXIM_HAVE_OPENSSL_TLSEXT
if (host == NULL)
{
#ifdef EXPERIMENTAL_OCSP