Gitweb:
https://git.exim.org/exim.git/commitdiff/9138b6973b7908852a5910ee8f4adf10d737cf0f
Commit: 9138b6973b7908852a5910ee8f4adf10d737cf0f
Parent: 32c45e8380682c9b60a2f8a36a97049ec679bde4
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Jul 18 19:23:52 2021 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sun Jul 18 19:23:52 2021 +0100
ALPN: not supported under LibreSSL
---
src/src/tls-openssl.c | 10 +++++-----
test/scripts/1190-TLS-ALPN/1190 | 8 ++------
test/scripts/2090-GnuTLS-ALPN/2090 | 4 +---
test/scripts/2190-OpenSSL-ALPN/2190 | 4 +---
4 files changed, 9 insertions(+), 17 deletions(-)
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 5bf6a60..26b5cf5 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -48,7 +48,6 @@ functions from the OpenSSL library. */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
# define EXIM_HAVE_OCSP_RESP_COUNT
# define OPENSSL_AUTO_SHA256
-# define EXIM_HAVE_ALPN
#else
# define EXIM_HAVE_EPHEM_RSA_KEX
# define EXIM_HAVE_RAND_PSEUDO
@@ -81,6 +80,7 @@ change this guard and punt the issue for a while longer. */
# ifndef DISABLE_OCSP
# define EXIM_HAVE_OCSP
# endif
+# define EXIM_HAVE_ALPN /* fail ret from hshake-cb is ignored by LibreSSL */
# else
# define EXIM_NEED_OPENSSL_INIT
# endif
@@ -2154,8 +2154,6 @@ static int
tls_server_alpn_cb(SSL *ssl, const uschar ** out, uschar * outlen,
const uschar * in, unsigned int inlen, void * arg)
{
-const exim_openssl_state_st * state = arg;
-
server_seen_alpn = TRUE;
DEBUG(D_tls)
{
@@ -2840,7 +2838,6 @@ chain_from_pem_file(const uschar * file, STACK_OF(X509) ** vp)
{
BIO * bp;
STACK_OF(X509) * verify_stack = *vp;
-X509 * x;
if (verify_stack)
while (sk_X509_num(verify_stack) > 0)
@@ -3273,7 +3270,10 @@ else DEBUG(D_tls)
const uschar * name;
unsigned len;
SSL_get0_alpn_selected(ssl, &name, &len);
- debug_printf("ALPN negotiated: '%.*s'\n", (int)*name, name+1);
+ if (len && name)
+ debug_printf("ALPN negotiated: '%.*s'\n", (int)*name, name+1);
+ else
+ debug_printf(ALPN: no protocol negotiated\n);
}
#endif
diff --git a/test/scripts/1190-TLS-ALPN/1190 b/test/scripts/1190-TLS-ALPN/1190
index d74caca..3a85116 100644
--- a/test/scripts/1190-TLS-ALPN/1190
+++ b/test/scripts/1190-TLS-ALPN/1190
@@ -11,16 +11,12 @@ Test message.
# Bad ALPN rejected
exim -DCONTROL=http -odf b@???
****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
#
# Multiple ALPN rejected
exim -DCONTROL=smtp:smtp -odf c@???
****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
#
# Empty client option is ok
exim -DCONTROL="" -odf d@???
diff --git a/test/scripts/2090-GnuTLS-ALPN/2090 b/test/scripts/2090-GnuTLS-ALPN/2090
index 227af84..621d8a9 100644
--- a/test/scripts/2090-GnuTLS-ALPN/2090
+++ b/test/scripts/2090-GnuTLS-ALPN/2090
@@ -15,9 +15,7 @@ exim -DSERVER=server -DSTRICT="" -bd -oX PORT_D
# Client requires ALPN (fail)
exim -DCONTROL=http -DREQUIRE=y -odf client_require_fail@???
****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
killdaemon
#
#
diff --git a/test/scripts/2190-OpenSSL-ALPN/2190 b/test/scripts/2190-OpenSSL-ALPN/2190
index 7dadb30..d615e1b 100644
--- a/test/scripts/2190-OpenSSL-ALPN/2190
+++ b/test/scripts/2190-OpenSSL-ALPN/2190
@@ -14,9 +14,7 @@ exim -DSERVER=server -DSTRICT="" -bd -oX PORT_D
# Client requires ALPN (fail)
exim -DCONTROL=http -DREQUIRE=y -odf client_require_fail@???
****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
killdaemon
#
#
