summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2019-01-16 16:52:33 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2019-01-16 16:52:33 +0000
commitf0be4dfa19120173aa76001d31b2cd90284ecd07 (patch)
tree0970b0d41e1a6c30d6db22036f8260ac8b56d2c7
parent72601be38a151beb33a6929bfa83a872e8786558 (diff)
Fix build with older TLS library versions
-rw-r--r--src/src/tls-gnu.c28
-rw-r--r--src/src/tls-openssl.c22
2 files changed, 37 insertions, 13 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 199b90d94..beb439eba 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -67,6 +67,12 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
#if GNUTLS_VERSION_NUMBER >= 0x030109
# define SUPPORT_CORK
#endif
+#if GNUTLS_VERSION_NUMBER >= 0x03010a
+# define SUPPORT_GNUTLS_SESS_DESC
+#endif
+#if GNUTLS_VERSION_NUMBER >= 0x030500
+# define SUPPORT_GNUTLS_KEYLOG
+#endif
#if GNUTLS_VERSION_NUMBER >= 0x030506 && !defined(DISABLE_OCSP)
# define SUPPORT_SRV_OCSP_STACK
#endif
@@ -2152,17 +2158,22 @@ if (rc != GNUTLS_E_SUCCESS)
DEBUG(D_tls)
{
- gnutls_datum_t c, s;
- gstring * gc, * gs;
debug_printf("gnutls_handshake was successful\n");
+#ifdef SUPPORT_GNUTLS_SESS_DESC
debug_printf("%s\n", gnutls_session_get_desc(state->session));
-
+#endif
+#ifdef SUPPORT_GNUTLS_KEYLOG
+ {
+ gnutls_datum_t c, s;
+ gstring * gc, * gs;
gnutls_session_get_random(state->session, &c, &s);
gnutls_session_get_master_secret(state->session, &s);
gc = ddump(&c);
gs = ddump(&s);
debug_printf("CLIENT_RANDOM %.*s %.*s\n", (int)gc->ptr, gc->s, (int)gs->ptr, gs->s);
}
+#endif
+ }
/* Verify after the fact */
@@ -2473,17 +2484,22 @@ if (rc != GNUTLS_E_SUCCESS)
DEBUG(D_tls)
{
- gnutls_datum_t c, s;
- gstring * gc, * gs;
debug_printf("gnutls_handshake was successful\n");
+#ifdef SUPPORT_GNUTLS_SESS_DESC
debug_printf("%s\n", gnutls_session_get_desc(state->session));
-
+#endif
+#ifdef SUPPORT_GNUTLS_KEYLOG
+ {
+ gnutls_datum_t c, s;
+ gstring * gc, * gs;
gnutls_session_get_random(state->session, &c, &s);
gnutls_session_get_master_secret(state->session, &s);
gc = ddump(&c);
gs = ddump(&s);
debug_printf("CLIENT_RANDOM %.*s %.*s\n", (int)gc->ptr, gc->s, (int)gs->ptr, gs->s);
}
+#endif
+ }
/* Verify late */
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 5353d2ce7..689af87b1 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -70,6 +70,7 @@ change this guard and punt the issue for a while longer. */
# define EXIM_HAVE_OPENSSL_CHECKHOST
# define EXIM_HAVE_OPENSSL_DH_BITS
# define EXIM_HAVE_OPENSSL_TLS_METHOD
+# define EXIM_HAVE_OPENSSL_KEYLOG
# else
# define EXIM_NEED_OPENSSL_INIT
# endif
@@ -2305,18 +2306,21 @@ peer_cert(server_ssl, &tls_in, peerdn, sizeof(peerdn));
DEBUG(D_tls)
{
uschar buf[2048];
- BIO * bp = BIO_new(BIO_s_mem());
- uschar * s;
- int len;
-
if (SSL_get_shared_ciphers(server_ssl, CS buf, sizeof(buf)) != NULL)
debug_printf("Shared ciphers: %s\n", buf);
+#ifdef EXIM_HAVE_OPENSSL_KEYLOG
+ {
+ BIO * bp = BIO_new(BIO_s_mem());
+ uschar * s;
+ int len;
SSL_SESSION_print_keylog(bp, SSL_get_session(server_ssl));
len = (int) BIO_get_mem_data(bp, CSS &s);
debug_printf("%.*s", len, s);
BIO_free(bp);
}
+#endif
+ }
construct_cipher_name(server_ssl, cipherbuf, sizeof(cipherbuf), &tls_in.bits);
tls_in.cipher = cipherbuf;
@@ -2689,15 +2693,19 @@ if (rc <= 0)
DEBUG(D_tls)
{
- BIO * bp = BIO_new_fp(debug_file, BIO_NOCLOSE);
+ debug_printf("SSL_connect succeeded\n");
+#ifdef EXIM_HAVE_OPENSSL_KEYLOG
+ {
+ BIO * bp = BIO_new(BIO_s_mem());
uschar * s;
int len;
- debug_printf("SSL_connect succeeded\n");
- SSL_SESSION_print_keylog(bp, SSL_get_session(exim_client_ctx->ssl));
+ SSL_SESSION_print_keylog(bp, SSL_get_session(server_ssl));
len = (int) BIO_get_mem_data(bp, CSS &s);
debug_printf("%.*s", len, s);
BIO_free(bp);
}
+#endif
+ }
peer_cert(exim_client_ctx->ssl, tlsp, peerdn, sizeof(peerdn));