#if OPENSSL_VERSION_NUMBER >= 0x10100000L
# define EXIM_HAVE_OCSP_RESP_COUNT
# define OPENSSL_AUTO_SHA256
-# define EXIM_HAVE_ALPN
#else
# define EXIM_HAVE_EPHEM_RSA_KEX
# define EXIM_HAVE_RAND_PSEUDO
# ifndef DISABLE_OCSP
# define EXIM_HAVE_OCSP
# endif
+# define EXIM_HAVE_ALPN /* fail ret from hshake-cb is ignored by LibreSSL */
# else
# define EXIM_NEED_OPENSSL_INIT
# endif
tls_server_alpn_cb(SSL *ssl, const uschar ** out, uschar * outlen,
const uschar * in, unsigned int inlen, void * arg)
{
-const exim_openssl_state_st * state = arg;
-
server_seen_alpn = TRUE;
DEBUG(D_tls)
{
{
BIO * bp;
STACK_OF(X509) * verify_stack = *vp;
-X509 * x;
if (verify_stack)
while (sk_X509_num(verify_stack) > 0)
const uschar * name;
unsigned len;
SSL_get0_alpn_selected(ssl, &name, &len);
- debug_printf("ALPN negotiated: '%.*s'\n", (int)*name, name+1);
+ if (len && name)
+ debug_printf("ALPN negotiated: '%.*s'\n", (int)*name, name+1);
+ else
+ debug_printf(ALPN: no protocol negotiated\n);
}
#endif
# Bad ALPN rejected
exim -DCONTROL=http -odf b@test.ex
****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
#
# Multiple ALPN rejected
exim -DCONTROL=smtp:smtp -odf c@test.ex
****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
#
# Empty client option is ok
exim -DCONTROL="" -odf d@test.ex
# Client requires ALPN (fail)
exim -DCONTROL=http -DREQUIRE=y -odf client_require_fail@test.ex
****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
killdaemon
#
#
# Client requires ALPN (fail)
exim -DCONTROL=http -DREQUIRE=y -odf client_require_fail@test.ex
****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
+sudo rm -f DIR/spool/db/retry DIR/spool/input/*-D DIR/spool/input/*-H
killdaemon
#
#