# define EXIM_HAVE_OPENSSL_CHECKHOST
# define EXIM_HAVE_OPENSSL_DH_BITS
# define EXIM_HAVE_OPENSSL_TLS_METHOD
+# else
+# define EXIM_NEED_OPENSSL_INIT
# endif
# if OPENSSL_VERSION_NUMBER >= 0x010000000L \
&& (OPENSSL_VERSION_NUMBER & 0x0000ff000L) >= 0x000002000L
const uschar * str;
if (where & SSL_ST_CONNECT)
- str = "SSL_connect";
+ str = US"SSL_connect";
else if (where & SSL_ST_ACCEPT)
- str = "SSL_accept";
+ str = US"SSL_accept";
else
- str = "SSL info (undefined)";
+ str = US"SSL info (undefined)";
if (where & SSL_CB_LOOP)
debug_printf("%s: %s\n", str, SSL_state_string_long(s));
else if (where & SSL_CB_ALERT)
debug_printf("SSL3 alert %s:%s:%s\n",
- str = where & SSL_CB_READ ? "read" : "write",
+ str = where & SSL_CB_READ ? US"read" : US"write",
SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
else if (where & SSL_CB_EXIT)
if (ret == 0)
goto err;
where = US"generating pkey";
-if (!(rsa = rsa_callback(NULL, 0, 1024)))
+if (!(rsa = rsa_callback(NULL, 0, 2048)))
goto err;
where = US"assigning pkey";
cbinfo->event_action = NULL;
#endif
+#ifdef EXIM_NEED_OPENSSL_INIT
SSL_load_error_strings(); /* basic set up */
OpenSSL_add_ssl_algorithms();
+#endif
#ifdef EXIM_HAVE_SHA256
/* SHA256 is becoming ever more popular. This makes sure it gets added to the
"more" is notified. This hack is only ok if small amounts are involved AND only
one stream does it, in one context (i.e. no store reset). Currently it is used
for the responses to the received SMTP MAIL , RCPT, DATA sequence, only. */
+/*XXX + if PIPE_COMMAND, banner & ehlo-resp for smmtp-on-connect. Suspect there's
+a store reset there. */
if (!ct_ctx && (more || corked))
{
+#ifdef EXPERIMENTAL_PIPE_CONNECT
+ int save_pool = store_pool;
+ store_pool = POOL_PERM;
+#endif
+
corked = string_catn(corked, buff, len);
+
+#ifdef EXPERIMENTAL_PIPE_CONNECT
+ store_pool = save_pool;
+#endif
+
if (more)
return len;
buff = CUS corked->s;
/* this duplicates from tls_init(), we need a better "init just global
state, for no specific purpose" singleton function of our own */
+#ifdef EXIM_NEED_OPENSSL_INIT
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
+#endif
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
/* SHA256 is becoming ever more popular. This makes sure it gets added to the
list of available digests. */