#else
# undef SUPPORT_CA_DIR
#endif
-#if GNUTLS_VERSION_NUMBER >= 0x030314
+#if GNUTLS_VERSION_NUMBER >= 0x030014
# define SUPPORT_SYSDEFAULT_CABUNDLE
#endif
static BOOL exim_gnutls_base_init_done = FALSE;
+#ifndef DISABLE_OCSP
static BOOL gnutls_buggy_ocsp = FALSE;
+#endif
/* ------------------------------------------------------------------------ */
*************************************************/
+#ifndef DISABLE_OCSP
+
static BOOL
tls_is_buggy_ocsp(void)
{
return FALSE;
}
+#endif
/* Called from both server and client code. In the case of a server, errors
}
#endif
- if ((gnutls_buggy_ocsp = tls_is_buggy_ocsp()))
+#ifndef DISABLE_OCSP
+ if (tls_ocsp_file && (gnutls_buggy_ocsp = tls_is_buggy_ocsp()))
log_write(0, LOG_MAIN, "OCSP unusable with this GnuTLS library version");
+#endif
exim_gnutls_base_init_done = TRUE;
}
gnutls_dh_set_prime_bits(state->session, dh_min_bits);
}
-/* Stick to the old behaviour for compatibility if tls_verify_certificates is
+/* Stick to the old behaviour for compatibility if tls_verify_certificates is
set but both tls_verify_hosts and tls_try_verify_hosts are unset. Check only
the specified host patterns if one of them is defined */