X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Ftls-openssl.c;h=541c45a9435c1e9be3298e04076a48a99194cd08;hb=5c03403d88afcde2bb3f543296b0fca6f05c9f2c;hp=d6867200c9e6cdd2810b364186c329cdbb4a1895;hpb=6d95688d6a272297a6a47f2fd2695cc8e5b8b730;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index d6867200c..541c45a94 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -912,7 +912,7 @@ if (enc)
   if (!(key = tk_current()))	/* current key doesn't exist or isn't valid */
      return 0;			/* key couldn't be created */
   memcpy(key_name, key->name, 16);
-  DEBUG(D_tls) debug_printf("STEK expire %ld\n", key->expire - time(NULL));
+  DEBUG(D_tls) debug_printf("STEK expire " TIME_T_FMT "\n", key->expire - time(NULL));
 
   /*XXX will want these dependent on the ssl session strength */
   HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
@@ -934,7 +934,7 @@ else
     DEBUG(D_tls)
       {
       debug_printf("ticket not usable (%s)\n", key ? "expired" : "not found");
-      if (key) debug_printf("STEK expire %ld\n", key->expire - now);
+      if (key) debug_printf("STEK expire " TIME_T_FMT "\n", key->expire - now);
       }
     return 0;
     }
@@ -943,7 +943,7 @@ else
 		key->hmac_hash, NULL);
   EVP_DecryptInit_ex(ctx, key->aes_cipher, NULL, key->aes_key, iv);
 
-  DEBUG(D_tls) debug_printf("ticket usable, STEK expire %ld\n", key->expire - now);
+  DEBUG(D_tls) debug_printf("ticket usable, STEK expire " TIME_T_FMT "\n", key->expire - now);
 
   /* The ticket lifetime and renewal are the same as the STEK lifetime and
   renewal, which is overenthusiastic.  A factor of, say, 3x longer STEK would
@@ -1570,7 +1570,7 @@ DEBUG(D_tls) debug_printf("Received TLS SNI \"%s\"%s\n", servername,
 
 /* Make the extension value available for expansion */
 store_pool = POOL_PERM;
-tls_in.sni = string_copy(US servername);
+tls_in.sni = string_copy_taint(US servername, TRUE);
 store_pool = old_pool;
 
 if (!reexpand_tls_files_for_sni)