projects
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Support certificates in base64 expansion operator. Bug 1762
[exim.git]
/
src
/
src
/
tls-gnu.c
diff --git
a/src/src/tls-gnu.c
b/src/src/tls-gnu.c
index c316d0a2454a68b67d9a0d42d4501e407ee42706..601197475c71ca424f372f7e236ba3a29529779b 100644
(file)
--- a/
src/src/tls-gnu.c
+++ b/
src/src/tls-gnu.c
@@
-47,9
+47,9
@@
require current GnuTLS, then we'll drop support for the ancient libraries).
# warning "GnuTLS library version too old; define DISABLE_OCSP in Makefile"
# define DISABLE_OCSP
#endif
# warning "GnuTLS library version too old; define DISABLE_OCSP in Makefile"
# define DISABLE_OCSP
#endif
-#if GNUTLS_VERSION_NUMBER < 0x020a00 &&
defined(EXPERIMENTAL
_EVENT)
+#if GNUTLS_VERSION_NUMBER < 0x020a00 &&
!defined(DISABLE
_EVENT)
# warning "GnuTLS library version too old; tls:cert event unsupported"
# warning "GnuTLS library version too old; tls:cert event unsupported"
-#
undef EXPERIMENTAL
_EVENT
+#
define DISABLE
_EVENT
#endif
#if GNUTLS_VERSION_NUMBER >= 0x030306
# define SUPPORT_CA_DIR
#endif
#if GNUTLS_VERSION_NUMBER >= 0x030306
# define SUPPORT_CA_DIR
@@
-121,7
+121,7
@@
typedef struct exim_gnutls_state {
uschar *exp_tls_require_ciphers;
uschar *exp_tls_ocsp_file;
const uschar *exp_tls_verify_cert_hostnames;
uschar *exp_tls_require_ciphers;
uschar *exp_tls_ocsp_file;
const uschar *exp_tls_verify_cert_hostnames;
-#if
def EXPERIMENTAL
_EVENT
+#if
ndef DISABLE
_EVENT
uschar *event_action;
#endif
uschar *event_action;
#endif
@@
-140,7
+140,7
@@
static const exim_gnutls_state_st exim_gnutls_state_init = {
NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL,
NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL,
-#if
def EXPERIMENTAL
_EVENT
+#if
ndef DISABLE
_EVENT
NULL,
#endif
NULL,
NULL,
#endif
NULL,
@@
-339,7
+339,7
@@
tls_error(when, msg, state->host);
} while (0)
static int
} while (0)
static int
-import_cert(const gnutls_datum * cert, gnutls_x509_crt_t * crtp)
+import_cert(const gnutls_datum
_t
* cert, gnutls_x509_crt_t * crtp)
{
int rc;
{
int rc;
@@
-413,7
+413,7
@@
if (rc) {
} else {
old_pool = store_pool;
store_pool = POOL_PERM;
} else {
old_pool = store_pool;
store_pool = POOL_PERM;
- tls_channelbinding_b64 =
auth_
b64encode(channel.data, (int)channel.size);
+ tls_channelbinding_b64 = b64encode(channel.data, (int)channel.size);
store_pool = old_pool;
DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage.\n");
}
store_pool = old_pool;
DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage.\n");
}
@@
-425,7
+425,7
@@
tlsp->sni = state->received_sni;
/* record our certificate */
{
/* record our certificate */
{
- const gnutls_datum * cert = gnutls_certificate_get_ours(state->session);
+ const gnutls_datum
_t
* cert = gnutls_certificate_get_ours(state->session);
gnutls_x509_crt_t crt;
tlsp->ourcert = cert && import_cert(cert, &crt)==0 ? crt : NULL;
gnutls_x509_crt_t crt;
tlsp->ourcert = cert && import_cert(cert, &crt)==0 ? crt : NULL;
@@
-457,7
+457,7
@@
init_server_dh(void)
{
int fd, rc;
unsigned int dh_bits;
{
int fd, rc;
unsigned int dh_bits;
-gnutls_datum m;
+gnutls_datum
_t
m;
uschar filename_buf[PATH_MAX];
uschar *filename = NULL;
size_t sz;
uschar filename_buf[PATH_MAX];
uschar *filename = NULL;
size_t sz;
@@
-1277,7
+1277,7
@@
static int
peer_status(exim_gnutls_state_st *state)
{
uschar cipherbuf[256];
peer_status(exim_gnutls_state_st *state)
{
uschar cipherbuf[256];
-const gnutls_datum *cert_list;
+const gnutls_datum
_t
*cert_list;
int old_pool, rc;
unsigned int cert_list_size = 0;
gnutls_protocol_t protocol;
int old_pool, rc;
unsigned int cert_list_size = 0;
gnutls_protocol_t protocol;
@@
-1598,7
+1598,7
@@
return 0;
#endif
#endif
-#if
def EXPERIMENTAL
_EVENT
+#if
ndef DISABLE
_EVENT
/*
We use this callback to get observability and detail-level control
for an exim TLS connection (either direction), raising a tls:cert event
/*
We use this callback to get observability and detail-level control
for an exim TLS connection (either direction), raising a tls:cert event
@@
-1611,7
+1611,7
@@
Return 0 for the handshake to continue or non-zero to terminate.
static int
verify_cb(gnutls_session_t session)
{
static int
verify_cb(gnutls_session_t session)
{
-const gnutls_datum * cert_list;
+const gnutls_datum
_t
* cert_list;
unsigned int cert_list_size = 0;
gnutls_x509_crt_t crt;
int rc;
unsigned int cert_list_size = 0;
gnutls_x509_crt_t crt;
int rc;
@@
-1722,7
+1722,7
@@
else
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_IGNORE);
}
gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_IGNORE);
}
-#if
def EXPERIMENTAL
_EVENT
+#if
ndef DISABLE
_EVENT
if (event_action)
{
state->event_action = event_action;
if (event_action)
{
state->event_action = event_action;
@@
-1753,8
+1753,8
@@
if (!state->tlsp->on_connect)
that the GnuTLS library doesn't. */
gnutls_transport_set_ptr2(state->session,
that the GnuTLS library doesn't. */
gnutls_transport_set_ptr2(state->session,
- (gnutls_transport_ptr)(long) fileno(smtp_in),
- (gnutls_transport_ptr)(long) fileno(smtp_out));
+ (gnutls_transport_ptr
_t
)(long) fileno(smtp_in),
+ (gnutls_transport_ptr
_t
)(long) fileno(smtp_out));
state->fd_in = fileno(smtp_in);
state->fd_out = fileno(smtp_out);
state->fd_in = fileno(smtp_in);
state->fd_out = fileno(smtp_out);
@@
-1834,7
+1834,7
@@
tls_client_setup_hostname_checks(host_item * host, exim_gnutls_state_st * state,
if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
{
state->exp_tls_verify_cert_hostnames =
if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
{
state->exp_tls_verify_cert_hostnames =
-#ifdef
EXPERIMENTAL_INTERNATIONAL
+#ifdef
SUPPORT_I18N
string_domain_utf8_to_alabel(host->name, NULL);
#else
host->name;
string_domain_utf8_to_alabel(host->name, NULL);
#else
host->name;
@@
-1953,7
+1953,7
@@
if (request_ocsp)
}
#endif
}
#endif
-#if
def EXPERIMENTAL
_EVENT
+#if
ndef DISABLE
_EVENT
if (tb->event_action)
{
state->event_action = tb->event_action;
if (tb->event_action)
{
state->event_action = tb->event_action;
@@
-1962,7
+1962,7
@@
if (tb->event_action)
}
#endif
}
#endif
-gnutls_transport_set_ptr(state->session, (gnutls_transport_ptr)(long) fd);
+gnutls_transport_set_ptr(state->session, (gnutls_transport_ptr
_t
)(long) fd);
state->fd_in = fd;
state->fd_out = fd;
state->fd_in = fd;
state->fd_out = fd;