From 012dd02e8436a8451afc4a8f69e128e257566c80 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 29 Sep 2019 15:20:31 +0100
Subject: OpenSSL: fix build on earlier library versions

---
 src/src/tls-openssl.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src')

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 057a0e006..d165eb2c0 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -74,6 +74,7 @@ change this guard and punt the issue for a while longer. */
 #  define EXIM_HAVE_OPENSSL_CIPHER_GET_ID
 #  define EXIM_HAVE_SESSION_TICKET
 #  define EXIM_HAVE_OPESSL_TRACE
+#  define EXIM_HAVE_OPESSL_GET0_SERIAL
 # else
 #  define EXIM_NEED_OPENSSL_INIT
 # endif
@@ -1714,6 +1715,7 @@ tls_in.ocsp = OCSP_NOT_RESP;
 if (!olist)
   return SSL_TLSEXT_ERR_NOACK;
 
+#ifdef EXIM_HAVE_OPESSL_GET0_SERIAL
  {
   const X509 * cert_sent = SSL_get_certificate(s);
   const ASN1_INTEGER * cert_serial = X509_get0_serialNumber(cert_sent);
@@ -1761,6 +1763,13 @@ if (!olist)
     return SSL_TLSEXT_ERR_NOACK;
     }
  }
+#else
+if (olist->next)
+  {
+  DEBUG(D_tls) debug_printf("OpenSSL version too early to support multi-leaf OCSP\n");
+  return SSL_TLSEXT_ERR_NOACK;
+  }
+#endif
 
 /*XXX could we do the i2d earlier, rather than during the callback? */
 response_der = NULL;
-- 
cgit v1.2.3