diff options
author | Phil Pennock <pdp@exim.org> | 2012-05-20 19:35:34 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-05-20 19:35:34 -0400 |
commit | 3bcbbbe2697819d248259b1938ffd52d2bf4090b (patch) | |
tree | 294cbaf4460eb9e3ef152bb79090ce9b2801e43e /src | |
parent | 5779e6aa2e83b7e60d0c20e873de922b88e35be4 (diff) |
Guard TLS SNI callback define better.
Guarded the callback invocation on OpenSSL having TLS extension support.
Failed to guard the callback definition. Fixed.
Problem spotted by Todd Lyons.
Diffstat (limited to 'src')
-rw-r--r-- | src/src/tls-openssl.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 1938d2fb7..de9c659a6 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -29,6 +29,10 @@ functions from the OpenSSL library. */ #define EXIM_OCSP_MAX_AGE (-1L) #endif +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) +#define EXIM_HAVE_OPENSSL_TLSEXT +#endif + /* Structure for collecting random data for seeding. */ typedef struct randstuff { @@ -77,7 +81,9 @@ static int setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional); /* Callbacks */ +#ifdef EXIM_HAVE_OPENSSL_TLSEXT static int tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg); +#endif #ifdef EXPERIMENTAL_OCSP static int tls_stapling_cb(SSL *s, void *arg); #endif @@ -540,6 +546,7 @@ Arguments: Returns: SSL_TLSEXT_ERR_{OK,ALERT_WARNING,ALERT_FATAL,NOACK} */ +#ifdef EXIM_HAVE_OPENSSL_TLSEXT static int tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg) { @@ -606,6 +613,7 @@ SSL_set_SSL_CTX(s, ctx_sni); return SSL_TLSEXT_ERR_OK; } +#endif /* EXIM_HAVE_OPENSSL_TLSEXT */ @@ -768,7 +776,7 @@ rc = tls_expand_session_files(ctx, cbinfo); if (rc != OK) return rc; /* If we need to handle SNI, do so */ -#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) +#ifdef EXIM_HAVE_OPENSSL_TLSEXT if (host == NULL) { #ifdef EXPERIMENTAL_OCSP |