GnuTLS: when library too old for system CA bundle support, do not default options to using it

author: Jeremy Harris <jgh146exb@wizmail.org> 2020-10-04 23:08:45 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2020-10-05 16:57:12 +0100
commit: 744170d4d3602fb5e1ade465d8da86b479b92f33 (patch)
tree: def1ee0c32a9270398cebe28e1d8c9b6d40c4a91 /src
parent: 261fc93208fb853e3f1ef78dd90a0b3d261e002f (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/src/src/globals.c b/src/src/globals.c
index d029f7540..b7e117868 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -141,7 +141,11 @@ uschar *tls_require_ciphers    = NULL;
 uschar *tls_resumption_hosts   = NULL;
 # endif
 uschar *tls_try_verify_hosts   = NULL;
+#if defined(SUPPORT_SYSDEFAULT_CABUNDLE) || !defined(USE_GNUTLS)
 uschar *tls_verify_certificates= US"system";
+#else
+uschar *tls_verify_certificates= NULL;
+#endif
 uschar *tls_verify_hosts       = NULL;
 int     tls_watch_fd	       = -1;
 time_t  tls_watch_trigger_time = (time_t)0;
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 0a3d8f1e9..a31982223 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -192,7 +192,9 @@ smtp_transport_options_block smtp_transport_option_defaults = {
   .keepalive =			TRUE,
   .retry_include_ip_address =	TRUE,
 #ifndef DISABLE_TLS
+# if defined(SUPPORT_SYSDEFAULT_CABUNDLE) || !defined(USE_GNUTLS)
   .tls_verify_certificates =	US"system",
+# endif
   .tls_dh_min_bits =		EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
   .tls_tempfail_tryclear =	TRUE,
   .tls_try_verify_hosts =	US"*",
author	Jeremy Harris <jgh146exb@wizmail.org>	2020-10-04 23:08:45 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2020-10-05 16:57:12 +0100
commit	744170d4d3602fb5e1ade465d8da86b479b92f33 (patch)
tree	def1ee0c32a9270398cebe28e1d8c9b6d40c4a91 /src
parent	261fc93208fb853e3f1ef78dd90a0b3d261e002f (diff)