Gitweb:
http://git.exim.org/exim.git/commitdiff/5e55c7a9d988e1feac17015d4428b723f6ebe3e1
Commit: 5e55c7a9d988e1feac17015d4428b723f6ebe3e1
Parent: ec4b68e5d820109e5954329013a911d4032bc4dc
Author: Phil Pennock <pdp@???>
AuthorDate: Thu Jun 7 13:08:05 2012 -0400
Committer: Phil Pennock <pdp@???>
CommitDate: Thu Jun 7 13:08:05 2012 -0400
Unbreak EXPERIMENTAL_OCSP after TLS cutthrough
---
src/src/tls-openssl.c | 9 ++++-----
1 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 64aa689..ae009c0 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -52,7 +52,6 @@ static SSL *client_ssl = NULL;
static SSL *server_ssl = NULL;
#ifdef EXIM_HAVE_OPENSSL_TLSEXT
-static SSL_CTX *client_sni = NULL;
static SSL_CTX *server_sni = NULL;
#endif
@@ -671,7 +670,7 @@ if (cbinfo->server_cipher_list)
if (cbinfo->ocsp_file)
{
SSL_CTX_set_tlsext_status_cb(server_sni, tls_stapling_cb);
- SSL_CTX_set_tlsext_status_arg(ctx, cbinfo);
+ SSL_CTX_set_tlsext_status_arg(server_ctx, cbinfo);
}
#endif
@@ -726,7 +725,7 @@ response_der_len = i2d_OCSP_RESPONSE(cbinfo->ocsp_response, &response_der);
if (response_der_len <= 0)
return SSL_TLSEXT_ERR_NOACK;
-SSL_set_tlsext_status_ocsp_resp(ssl, response_der, response_der_len);
+SSL_set_tlsext_status_ocsp_resp(server_ssl, response_der, response_der_len);
return SSL_TLSEXT_ERR_OK;
}
@@ -870,8 +869,8 @@ if (host == NULL)
callback is invoked. */
if (cbinfo->ocsp_file)
{
- SSL_CTX_set_tlsext_status_cb(ctx, tls_stapling_cb);
- SSL_CTX_set_tlsext_status_arg(ctx, cbinfo);
+ SSL_CTX_set_tlsext_status_cb(server_ctx, tls_stapling_cb);
+ SSL_CTX_set_tlsext_status_arg(server_ctx, cbinfo);
}
#endif
/* We always do this, so that $tls_sni is available even if not used in