[exim-cvs] GnuTLS: when library too old for system CA bundle support, do not default options to using it

Συντάκτης: Exim Git Commits Mailing List
Ημερομηνία:
Προς: exim-cvs
Αντικείμενο: [exim-cvs] GnuTLS: when library too old for system CA bundle support, do not default options to using it

Gitweb: https://git.exim.org/exim.git/commitdiff/744170d4d3602fb5e1ade465d8da86b479b92f33

Commit:     744170d4d3602fb5e1ade465d8da86b479b92f33
Parent:     261fc93208fb853e3f1ef78dd90a0b3d261e002f
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Oct 4 23:08:45 2020 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Mon Oct 5 16:57:12 2020 +0100

    GnuTLS: when library too old for system CA bundle support, do not default options to using it
---
 src/src/globals.c         | 4 ++++
 src/src/transports/smtp.c | 2 ++
 test/runtest              | 3 ++-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/src/globals.c b/src/src/globals.c
index d029f75..b7e1178 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -141,7 +141,11 @@ uschar *tls_require_ciphers    = NULL;
 uschar *tls_resumption_hosts   = NULL;
 # endif
 uschar *tls_try_verify_hosts   = NULL;
+#if defined(SUPPORT_SYSDEFAULT_CABUNDLE) || !defined(USE_GNUTLS)
 uschar *tls_verify_certificates= US"system";
+#else
+uschar *tls_verify_certificates= NULL;
+#endif
 uschar *tls_verify_hosts       = NULL;
 int     tls_watch_fd           = -1;
 time_t  tls_watch_trigger_time = (time_t)0;
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 0a3d8f1..a319822 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -192,7 +192,9 @@ smtp_transport_options_block smtp_transport_option_defaults = {
   .keepalive =            TRUE,
   .retry_include_ip_address =    TRUE,
 #ifndef DISABLE_TLS
+# if defined(SUPPORT_SYSDEFAULT_CABUNDLE) || !defined(USE_GNUTLS)
   .tls_verify_certificates =    US"system",
+# endif
   .tls_dh_min_bits =        EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
   .tls_tempfail_tryclear =    TRUE,
   .tls_try_verify_hosts =    US"*",
diff --git a/test/runtest b/test/runtest
index 7e9b5d7..5918478 100755
--- a/test/runtest
+++ b/test/runtest
@@ -1075,7 +1075,8 @@ RESET_AFTER_EXTRA_LINE_READ:
     next if /^TLS: preloading DH params for server/;
     next if /^Diffie-Hellman initialized from default/;
     next if /^TLS: preloading ECDH curve for server/;
-    next if /^ECDH OpenSSL [\d.+]+ temp key parameter settings:/;
+    next if /^ECDH OpenSSL [< ]?[\d.+]+ temp key parameter settings:/;
+    next if /^ECDH: .'*prime256v1'/;
     next if /^watch dir/;

     # TLS preload

Αυτό το μήνυμα είναι μέρος του ακόλουθου νήματος:
	το πλήρες δέντρο νημάτων ταξινομημένο κατά ημερομηνία

[exim-cvs] GnuTLS: when library too old for system CA bundle…