Re: [exim-dev] CentOS 5's old openssl and TLS support

Góra strony
Delete this message
Reply to this message
Autor: Todd Lyons
Data:  
Dla: exim-dev, Jeremy Harris, Phil Pennock
Stare tematy: Re: [exim-dev] CentOS 5's old openssl and TLS support
Temat: Re: [exim-dev] CentOS 5's old openssl and TLS support
I am building master on a CentOS 5.8 machine, and it's having this sni
build error again. The following patch is in master and did fix it
for me originally, but I think some things have been added or changed
somewhere, so it's having the sni build problem again.

On Mon, May 21, 2012 at 6:57 PM, Phil Pennock <pdp@???> wrote:

> It's the client-side sending of SNI.
> Try this.
> diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
> index eeab9c1..ebc5a62 100644
> --- a/src/src/tls-openssl.c
> +++ b/src/src/tls-openssl.c
> @@ -46,7 +46,9 @@ static BOOL verify_callback_called = FALSE;
> static const uschar *sid_ctx = US"exim";
>
> static SSL_CTX *ctx = NULL;
> +#ifdef EXIM_HAVE_OPENSSL_TLSEXT
> static SSL_CTX *ctx_sni = NULL;
> +#endif
> static SSL *ssl = NULL;
>
>  static char ssl_errstring[256];
> @@ -1257,8 +1259,14 @@ if (sni)
>      tls_sni = NULL;
>    else
>      {
> +#ifdef EXIM_HAVE_OPENSSL_TLSEXT
>      DEBUG(D_tls) debug_printf("Setting TLS SNI \"%s\"\n", tls_sni);
>      SSL_set_tlsext_host_name(ssl, tls_sni);
> +#else
> +    DEBUG(D_tls)
> +      debug_printf("OpenSSL at build-time lacked SNI support, ignoring \"%s\"\n",
> +          tls_sni);
> +#endif


gcc tls.c
gcc -c -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I/usr/include
-I/usr/include -DSPF -DSRS -DSPF -I../src -I../../src
-I../src/srs/src -I../../src/srs/src -I../../src/srs -I.
-I/usr/kerberos/include tls.c
In file included from tls.c:97:
tls-openssl.c: In function ‘tls_client_start’:
tls-openssl.c:1375: error: ‘tls_sni’ undeclared (first use in this function)
tls-openssl.c:1375: error: (Each undeclared identifier is reported only once
tls-openssl.c:1375: error: for each function it appears in.)
make: *** [tls.o] Error 1

It's the last part of that patch above (the #else part), so the
variable tls_sni doesn't exist. Grepping through the code, I see
this:

expand.c:  { "tls_sni",             vtype_stringptr,   &tls_in.sni },


So it makes me think that line 1375 should be referencing tls_in.sni,
not tls_sni. Sound about right?

...Todd


--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine