X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Ftls-openssl.c;h=f3ea6b28bfb7ff8d313305b92297b236a93f4033;hb=3f63e46192d8d9ad72e9b25602615042bcc404f6;hp=39e7fc8f4946f52245cfa86f4367324d0eeb8297;hpb=f4e62a871680af98f14beb5f21dbe3b85c5c35ff;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 39e7fc8f4..f3ea6b28b 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1715,17 +1715,17 @@ if(!p)
   return cbinfo->u_ocsp.client.verify_required ? 0 : 1;
  }
 
-if(!(rsp = d2i_OCSP_RESPONSE(NULL, &p, len)))
- {
-  tls_out.ocsp = OCSP_FAILED;
+if (!(rsp = d2i_OCSP_RESPONSE(NULL, &p, len)))
+  {
+  tls_out.ocsp = OCSP_FAILED;	/*XXX should use tlsp-> to permit concurrent outbound */
   if (LOGGING(tls_cipher))
     log_write(0, LOG_MAIN, "Received TLS cert status response, parse error");
   else
     DEBUG(D_tls) debug_printf(" parse error\n");
   return 0;
- }
+  }
 
-if(!(bs = OCSP_response_get1_basic(rsp)))
+if (!(bs = OCSP_response_get1_basic(rsp)))
   {
   tls_out.ocsp = OCSP_FAILED;
   if (LOGGING(tls_cipher))
@@ -2739,12 +2739,14 @@ if (tlsp->host_resumable)
 	  debug_printf("decoding session: %s\n", ssl_errstring);
 	  }
 	}
+#ifdef EXIM_HAVE_SESSION_TICKET
       else if ( SSL_SESSION_get_ticket_lifetime_hint(ss) + dt->time_stamp
 	       < time(NULL))
 	{
 	DEBUG(D_tls) debug_printf("session expired\n");
 	dbfn_delete(dbm_file, key);
 	}
+#endif
       else if (!SSL_set_session(ssl, ss))
 	{
 	DEBUG(D_tls)
@@ -2759,6 +2761,7 @@ if (tlsp->host_resumable)
 	DEBUG(D_tls) debug_printf("good session\n");
 	tlsp->resumption |= RESUME_CLIENT_SUGGESTED;
 	tlsp->verify_override = dt->verify_override;
+	tlsp->ocsp = dt->ocsp;
 	}
       }
     else
@@ -2795,6 +2798,7 @@ if (SSL_SESSION_is_resumable(ss)) 	/* 1.1.1 */
   tlsp->resumption |= RESUME_SERVER_TICKET;	/* server gave us a ticket */
 
   dt->verify_override = tlsp->verify_override;
+  dt->ocsp = tlsp->ocsp;
   (void) i2d_SSL_SESSION(ss, &s);		/* s gets bumped to end */
 
   if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))
@@ -3024,12 +3028,6 @@ if (!(exim_client_ctx->ssl = SSL_new(exim_client_ctx->ctx)))
   }
 SSL_set_session_id_context(exim_client_ctx->ssl, sid_ctx, Ustrlen(sid_ctx));
 
-#ifdef EXPERIMENTAL_TLS_RESUME
-if (!tls_client_ssl_resume_prehandshake(exim_client_ctx->ssl, tlsp, host,
-      errstr))
-  return FALSE;
-#endif
-
 SSL_set_fd(exim_client_ctx->ssl, cctx->sock);
 SSL_set_connect_state(exim_client_ctx->ssl);
 
@@ -3089,6 +3087,12 @@ if (request_ocsp)
   }
 #endif
 
+#ifdef EXPERIMENTAL_TLS_RESUME
+if (!tls_client_ssl_resume_prehandshake(exim_client_ctx->ssl, tlsp, host,
+      errstr))
+  return FALSE;
+#endif
+
 #ifndef DISABLE_EVENT
 client_static_cbinfo->event_action = tb ? tb->event_action : NULL;
 #endif