diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/exim_monitor/em_menu.c | 4 | ||||
-rw-r--r-- | src/src/tls-gnu.c | 61 |
2 files changed, 31 insertions, 34 deletions
diff --git a/src/exim_monitor/em_menu.c b/src/exim_monitor/em_menu.c index 92e0b351b..33b3e0c94 100644 --- a/src/exim_monitor/em_menu.c +++ b/src/exim_monitor/em_menu.c @@ -669,8 +669,8 @@ if (spool_read_header(buffer, TRUE, FALSE) != spool_read_OK) struct stat statbuf; sprintf(CS big_buffer, "%s/input/%s", spool_directory, buffer); if (Ustat(big_buffer, &statbuf) == 0) - text_showf(text, "Format error in spool file %s: size=%d\n", buffer, - statbuf.st_size); + text_showf(text, "Format error in spool file %s: size=%lu\n", buffer, + (ulong)statbuf.st_size); else text_showf(text, "Format error in spool file %s\n", buffer); } else text_showf(text, "Read error for spool file %s\n", buffer); diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 52128b940..22f7fe548 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -296,11 +296,6 @@ static void exim_gnutls_logger_cb(int level, const char *message); static int exim_sni_handling_cb(gnutls_session_t session); -#if !defined(DISABLE_OCSP) -static int server_ocsp_stapling_cb(gnutls_session_t session, void * ptr, - gnutls_datum_t * ocsp_response); -#endif - #ifdef EXPERIMENTAL_TLS_RESUME static int tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when, @@ -882,6 +877,32 @@ return -rc; } +#if !defined(DISABLE_OCSP) && !defined(SUPPORT_GNUTLS_EXT_RAW_PARSE) +/* Load an OCSP proof from file for sending by the server. Called +on getting a status-request handshake message, for earlier versions +of GnuTLS. */ + +static int +server_ocsp_stapling_cb(gnutls_session_t session, void * ptr, + gnutls_datum_t * ocsp_response) +{ +int ret; +DEBUG(D_tls) debug_printf("OCSP stapling callback: %s\n", US ptr); + +if ((ret = gnutls_load_file(ptr, ocsp_response)) < 0) + { + DEBUG(D_tls) debug_printf("Failed to load ocsp stapling file %s\n", + CS ptr); + tls_in.ocsp = OCSP_NOT_RESP; + return GNUTLS_E_NO_CERTIFICATE_STATUS; + } + +tls_in.ocsp = OCSP_VFY_NOT_TRIED; +return 0; +} +#endif + + #ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE /* Make a note that we saw a status-request */ static int @@ -1209,8 +1230,8 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) debug_printf("oops; multiple OCSP files not supported\n"); break; } - gnutls_certificate_set_ocsp_status_request_function( - state->x509_cred, server_ocsp_stapling_cb, ofile); + gnutls_certificate_set_ocsp_status_request_function( + state->x509_cred, server_ocsp_stapling_cb, ofile); } # endif /* SUPPORT_GNUTLS_EXT_RAW_PARSE */ } @@ -1273,7 +1294,7 @@ else { if (Ustat(state->exp_tls_verify_certificates, &statbuf) < 0) { - log_write(0, LOG_MAIN|LOG_PANIC, "could not stat %s " + log_write(0, LOG_MAIN|LOG_PANIC, "could not stat '%s' " "(tls_verify_certificates): %s", state->exp_tls_verify_certificates, strerror(errno)); return DEFER; @@ -2158,30 +2179,6 @@ return 0; -#if !defined(DISABLE_OCSP) - -static int -server_ocsp_stapling_cb(gnutls_session_t session, void * ptr, - gnutls_datum_t * ocsp_response) -{ -int ret; -DEBUG(D_tls) debug_printf("OCSP stapling callback: %s\n", US ptr); - -if ((ret = gnutls_load_file(ptr, ocsp_response)) < 0) - { - DEBUG(D_tls) debug_printf("Failed to load ocsp stapling file %s\n", - CS ptr); - tls_in.ocsp = OCSP_NOT_RESP; - return GNUTLS_E_NO_CERTIFICATE_STATUS; - } - -tls_in.ocsp = OCSP_VFY_NOT_TRIED; -return 0; -} - -#endif - - #ifndef DISABLE_EVENT /* We use this callback to get observability and detail-level control |