X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Ftls-openssl.c;h=298d8d4e176d9984ecd1822ed9aa43ec2add1867;hb=6c706bde19a29c2f660b464185e75321528b7e3d;hp=678288ca380a9a3163fabcf11fdda7ca2f01474d;hpb=c4b4086235b1d5e21fcf1ad72a1b05813e15dcbd;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 678288ca3..298d8d4e1 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -48,7 +48,6 @@ functions from the OpenSSL library. */
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 # define EXIM_HAVE_OCSP_RESP_COUNT
 # define OPENSSL_AUTO_SHA256
-# define EXIM_HAVE_ALPN
 #else
 # define EXIM_HAVE_EPHEM_RSA_KEX
 # define EXIM_HAVE_RAND_PSEUDO
@@ -81,6 +80,7 @@ change this guard and punt the issue for a while longer. */
 #  ifndef DISABLE_OCSP
 #   define EXIM_HAVE_OCSP
 #  endif
+#  define EXIM_HAVE_ALPN /* fail ret from hshake-cb is ignored by LibreSSL */
 # else
 #  define EXIM_NEED_OPENSSL_INIT
 # endif
@@ -307,6 +307,9 @@ builtin_macro_create(US"_TLS_BAD_MULTICERT_IN_OURCERT");
 builtin_macro_create(US"_HAVE_TLS_OCSP");
 builtin_macro_create(US"_HAVE_TLS_OCSP_LIST");
 # endif
+# ifdef EXIM_HAVE_ALPN
+builtin_macro_create(US"_HAVE_TLS_ALPN");
+# endif
 }
 #else
 
@@ -2151,8 +2154,6 @@ static int
 tls_server_alpn_cb(SSL *ssl, const uschar ** out, uschar * outlen,
   const uschar * in, unsigned int inlen, void * arg)
 {
-const exim_openssl_state_st * state = arg;
-
 server_seen_alpn = TRUE;
 DEBUG(D_tls)
   {
@@ -2837,7 +2838,6 @@ chain_from_pem_file(const uschar * file, STACK_OF(X509) ** vp)
 {
 BIO * bp;
 STACK_OF(X509) * verify_stack = *vp;
-X509 * x;
 
 if (verify_stack)
   while (sk_X509_num(verify_stack) > 0)
@@ -3270,7 +3270,10 @@ else DEBUG(D_tls)
   const uschar * name;
   unsigned len;
   SSL_get0_alpn_selected(ssl, &name, &len);
-  debug_printf("ALPN negotiated: '%.*s'\n", (int)*name, name+1);
+  if (len && name)
+    debug_printf("ALPN negotiated: '%.*s'\n", (int)*name, name+1);
+  else
+    debug_printf("ALPN: no protocol negotiated\n");
   }
 #endif
 
@@ -3887,7 +3890,7 @@ if (ob->tls_alpn)
   }
 #else
   log_write(0, LOG_MAIN, "ALPN unusable with this OpenSSL library version; ignoring \"%s\"\n",
-          ob->alpn);
+          ob->tls_alpn);
 #endif
 
 #ifdef SUPPORT_DANE
@@ -4143,10 +4146,13 @@ return buf;
 
 
 void
-tls_get_cache(void)
+tls_get_cache(unsigned lim)
 {
 #ifndef DISABLE_DKIM
 int n = ssl_xfer_buffer_hwm - ssl_xfer_buffer_lwm;
+debug_printf("tls_get_cache\n");
+if (n > lim)
+  n = lim;
 if (n > 0)
   dkim_exim_verify_feed(ssl_xfer_buffer+ssl_xfer_buffer_lwm, n);
 #endif