From 3bcbbbe2697819d248259b1938ffd52d2bf4090b Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Sun, 20 May 2012 19:35:34 -0400 Subject: [PATCH] Guard TLS SNI callback define better. Guarded the callback invocation on OpenSSL having TLS extension support. Failed to guard the callback definition. Fixed. Problem spotted by Todd Lyons. --- src/src/tls-openssl.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 1938d2fb7..de9c659a6 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -29,6 +29,10 @@ functions from the OpenSSL library. */ #define EXIM_OCSP_MAX_AGE (-1L) #endif +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) +#define EXIM_HAVE_OPENSSL_TLSEXT +#endif + /* Structure for collecting random data for seeding. */ typedef struct randstuff { @@ -77,7 +81,9 @@ static int setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional); /* Callbacks */ +#ifdef EXIM_HAVE_OPENSSL_TLSEXT static int tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg); +#endif #ifdef EXPERIMENTAL_OCSP static int tls_stapling_cb(SSL *s, void *arg); #endif @@ -540,6 +546,7 @@ Arguments: Returns: SSL_TLSEXT_ERR_{OK,ALERT_WARNING,ALERT_FATAL,NOACK} */ +#ifdef EXIM_HAVE_OPENSSL_TLSEXT static int tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg) { @@ -606,6 +613,7 @@ SSL_set_SSL_CTX(s, ctx_sni); return SSL_TLSEXT_ERR_OK; } +#endif /* EXIM_HAVE_OPENSSL_TLSEXT */ @@ -768,7 +776,7 @@ rc = tls_expand_session_files(ctx, cbinfo); if (rc != OK) return rc; /* If we need to handle SNI, do so */ -#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) +#ifdef EXIM_HAVE_OPENSSL_TLSEXT if (host == NULL) { #ifdef EXPERIMENTAL_OCSP -- 2.25.1