summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/src/tls-openssl.c42
1 files changed, 20 insertions, 22 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index e072406fa..8e1f559af 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -46,6 +46,7 @@ functions from the OpenSSL library. */
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
# define EXIM_HAVE_OCSP_RESP_COUNT
+# define OPENSSL_AUTO_SHA256
#else
# define EXIM_HAVE_EPHEM_RSA_KEX
# define EXIM_HAVE_RAND_PSEUDO
@@ -1945,6 +1946,23 @@ return i;
* Initialize for TLS *
*************************************************/
+static void
+tls_openssl_init(void)
+{
+#ifdef EXIM_NEED_OPENSSL_INIT
+SSL_load_error_strings(); /* basic set up */
+OpenSSL_add_ssl_algorithms();
+#endif
+
+#if defined(EXIM_HAVE_SHA256) && !defined(OPENSSL_AUTO_SHA256)
+/* SHA256 is becoming ever more popular. This makes sure it gets added to the
+list of available digests. */
+EVP_add_digest(EVP_sha256());
+#endif
+}
+
+
+
/* Called from both server and client code, to do preliminary initialization
of the library. We allocate and return a context structure.
@@ -2000,16 +2018,7 @@ cbinfo->host = host;
cbinfo->event_action = NULL;
#endif
-#ifdef EXIM_NEED_OPENSSL_INIT
-SSL_load_error_strings(); /* basic set up */
-OpenSSL_add_ssl_algorithms();
-#endif
-
-#ifdef EXIM_HAVE_SHA256
-/* SHA256 is becoming ever more popular. This makes sure it gets added to the
-list of available digests. */
-EVP_add_digest(EVP_sha256());
-#endif
+tls_openssl_init();
/* Create a context.
The OpenSSL docs in 1.0.1b have not been updated to clarify TLS variant
@@ -3661,18 +3670,7 @@ tls_validate_require_cipher(void)
SSL_CTX *ctx;
uschar *s, *expciphers, *err;
-/* this duplicates from tls_init(), we need a better "init just global
-state, for no specific purpose" singleton function of our own */
-
-#ifdef EXIM_NEED_OPENSSL_INIT
-SSL_load_error_strings();
-OpenSSL_add_ssl_algorithms();
-#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
-/* SHA256 is becoming ever more popular. This makes sure it gets added to the
-list of available digests. */
-EVP_add_digest(EVP_sha256());
-#endif
+tls_openssl_init();
if (!(tls_require_ciphers && *tls_require_ciphers))
return NULL;