SOCKS: Support priority groups and weighted-random selection from

[user/henk/code/exim.git] / src / src / tls-gnu.c

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 8aabc5c6cc4a4f8bb8557e209ac036982b71c3c4..c316d0a2454a68b67d9a0d42d4501e407ee42706 100644 (file)
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -56,7 +56,7 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
 #else
 # undef  SUPPORT_CA_DIR
 #endif
-#if GNUTLS_VERSION_NUMBER >= 0x030314
+#if GNUTLS_VERSION_NUMBER >= 0x030014
 # define SUPPORT_SYSDEFAULT_CABUNDLE
 #endif
 
@@ -176,7 +176,9 @@ static const char * const exim_default_gnutls_priority = "NORMAL";
 
 static BOOL exim_gnutls_base_init_done = FALSE;
 
+#ifndef DISABLE_OCSP
 static BOOL gnutls_buggy_ocsp = FALSE;
+#endif
 
 
 /* ------------------------------------------------------------------------ */
@@ -1021,6 +1023,8 @@ return OK;
 *************************************************/
 
 
+#ifndef DISABLE_OCSP
+
 static BOOL
 tls_is_buggy_ocsp(void)
 {
@@ -1047,6 +1051,7 @@ if (maj == 3)
 return FALSE;
 }
 
+#endif
 
 
 /* Called from both server and client code. In the case of a server, errors
@@ -1112,8 +1117,10 @@ if (!exim_gnutls_base_init_done)
     }
 #endif
 
-  if ((gnutls_buggy_ocsp = tls_is_buggy_ocsp()))
+#ifndef DISABLE_OCSP
+  if (tls_ocsp_file && (gnutls_buggy_ocsp = tls_is_buggy_ocsp()))
     log_write(0, LOG_MAIN, "OCSP unusable with this GnuTLS library version");
+#endif
 
   exim_gnutls_base_init_done = TRUE;
   }
@@ -1900,7 +1907,7 @@ if ((rc = tls_init(host, ob->tls_certificate, ob->tls_privatekey,
   gnutls_dh_set_prime_bits(state->session, dh_min_bits);
   }
 
-/* Stick to the old behaviour for compatibility if tls_verify_certificates is 
+/* Stick to the old behaviour for compatibility if tls_verify_certificates is
 set but both tls_verify_hosts and tls_try_verify_hosts are unset. Check only
 the specified host patterns if one of them is defined */